diff --git a/correct-results.html b/correct-results.html
index 7868456..77ef43a 100644
--- a/correct-results.html
+++ b/correct-results.html
@@ -192,7 +192,8 @@ Examining test2.c
sprintf(s, "hello");
test.c:45: [2] (buffer) char:
- Statically-sized arrays can be overflowed (CWE-119,CWE-120). Perform
bounds checking, use functions that limit length, or ensure that the size
is larger than the maximum possible length (CWE-119).
@@ -200,7 +201,8 @@ Examining test2.c
char d[20];
test.c:46: [2] (buffer) char:
- Statically-sized arrays can be overflowed (CWE-119,CWE-120). Perform
bounds checking, use functions that limit length, or ensure that the size
is larger than the maximum possible length (CWE-119).
@@ -276,9 +278,9 @@ Examining test2.c
strncat(d,s,10);
test.c:58: [1] (buffer) strlen:
- Does not handle strings that are not \0-terminated (it could cause a crash
- if unprotected) (CWE-119).
+ Does not handle strings that are not \0-terminated; if given one it may
+ perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(d);
diff --git a/correct-results.txt b/correct-results.txt
index 995f978..2edd737 100644
--- a/correct-results.txt
+++ b/correct-results.txt
@@ -86,13 +86,15 @@ test.c:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
test.c:45: [2] (buffer) char:
- Statically-sized arrays can be overflowed (CWE-120). Perform bounds
- checking, use functions that limit length, or ensure that the size is
- larger than the maximum possible length (CWE-119).
+ Statically-sized arrays can be overflowed or have other issues
+ (CWE-119,CWE-120). Perform bounds checking, use functions that limit
+ length, or ensure that the size is larger than the maximum possible length
+ (CWE-119).
test.c:46: [2] (buffer) char:
- Statically-sized arrays can be overflowed (CWE-120). Perform bounds
- checking, use functions that limit length, or ensure that the size is
- larger than the maximum possible length (CWE-119).
+ Statically-sized arrays can be overflowed or have other issues
+ (CWE-119,CWE-120). Perform bounds checking, use functions that limit
+ length, or ensure that the size is larger than the maximum possible length
+ (CWE-119).
test.c:50: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
@@ -126,8 +128,8 @@ test.c:55: [1] (buffer) strncat:
size to add) (CWE-120). Consider strcat_s, strlcat, or automatically
resizing strings.
test.c:58: [1] (buffer) strlen:
- Does not handle strings that are not \0-terminated (it could cause a crash
- if unprotected) (CWE-119).
+ Does not handle strings that are not \0-terminated; if given one it may
+ perform an over-read (it could cause a crash if unprotected) (CWE-126).
test.c:64: [1] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is very
low, the length appears to be in characters not bytes.
diff --git a/makefile b/makefile
index 562885f..897c344 100644
--- a/makefile
+++ b/makefile
@@ -106,6 +106,7 @@ test: flawfinder test.c test2.c
./flawfinder --omittime --html --context test.c test2.c > test-results.html
@echo "Differences from expected results:"
@diff -u correct-results.txt test-results.txt
+ @diff -u correct-results.html test-results.html
check: test