Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/brotli-1.0.9/c/common/constants.c
Examining data/brotli-1.0.9/c/common/constants.h
Examining data/brotli-1.0.9/c/common/context.c
Examining data/brotli-1.0.9/c/common/context.h
Examining data/brotli-1.0.9/c/common/dictionary.c
Examining data/brotli-1.0.9/c/common/dictionary.h
Examining data/brotli-1.0.9/c/common/platform.c
Examining data/brotli-1.0.9/c/common/platform.h
Examining data/brotli-1.0.9/c/common/transform.c
Examining data/brotli-1.0.9/c/common/transform.h
Examining data/brotli-1.0.9/c/common/version.h
Examining data/brotli-1.0.9/c/dec/bit_reader.c
Examining data/brotli-1.0.9/c/dec/bit_reader.h
Examining data/brotli-1.0.9/c/dec/decode.c
Examining data/brotli-1.0.9/c/dec/huffman.c
Examining data/brotli-1.0.9/c/dec/huffman.h
Examining data/brotli-1.0.9/c/dec/prefix.h
Examining data/brotli-1.0.9/c/dec/state.c
Examining data/brotli-1.0.9/c/dec/state.h
Examining data/brotli-1.0.9/c/enc/backward_references.c
Examining data/brotli-1.0.9/c/enc/backward_references.h
Examining data/brotli-1.0.9/c/enc/backward_references_hq.c
Examining data/brotli-1.0.9/c/enc/backward_references_hq.h
Examining data/brotli-1.0.9/c/enc/backward_references_inc.h
Examining data/brotli-1.0.9/c/enc/bit_cost.c
Examining data/brotli-1.0.9/c/enc/bit_cost.h
Examining data/brotli-1.0.9/c/enc/bit_cost_inc.h
Examining data/brotli-1.0.9/c/enc/block_encoder_inc.h
Examining data/brotli-1.0.9/c/enc/block_splitter.c
Examining data/brotli-1.0.9/c/enc/block_splitter.h
Examining data/brotli-1.0.9/c/enc/block_splitter_inc.h
Examining data/brotli-1.0.9/c/enc/brotli_bit_stream.c
Examining data/brotli-1.0.9/c/enc/brotli_bit_stream.h
Examining data/brotli-1.0.9/c/enc/cluster.c
Examining data/brotli-1.0.9/c/enc/cluster.h
Examining data/brotli-1.0.9/c/enc/cluster_inc.h
Examining data/brotli-1.0.9/c/enc/command.c
Examining data/brotli-1.0.9/c/enc/command.h
Examining data/brotli-1.0.9/c/enc/compress_fragment.c
Examining data/brotli-1.0.9/c/enc/compress_fragment.h
Examining data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c
Examining data/brotli-1.0.9/c/enc/compress_fragment_two_pass.h
Examining data/brotli-1.0.9/c/enc/dictionary_hash.c
Examining data/brotli-1.0.9/c/enc/dictionary_hash.h
Examining data/brotli-1.0.9/c/enc/encode.c
Examining data/brotli-1.0.9/c/enc/encoder_dict.c
Examining data/brotli-1.0.9/c/enc/encoder_dict.h
Examining data/brotli-1.0.9/c/enc/entropy_encode.c
Examining data/brotli-1.0.9/c/enc/entropy_encode.h
Examining data/brotli-1.0.9/c/enc/entropy_encode_static.h
Examining data/brotli-1.0.9/c/enc/fast_log.c
Examining data/brotli-1.0.9/c/enc/fast_log.h
Examining data/brotli-1.0.9/c/enc/find_match_length.h
Examining data/brotli-1.0.9/c/enc/hash.h
Examining data/brotli-1.0.9/c/enc/hash_composite_inc.h
Examining data/brotli-1.0.9/c/enc/hash_forgetful_chain_inc.h
Examining data/brotli-1.0.9/c/enc/hash_longest_match64_inc.h
Examining data/brotli-1.0.9/c/enc/hash_longest_match_inc.h
Examining data/brotli-1.0.9/c/enc/hash_longest_match_quickly_inc.h
Examining data/brotli-1.0.9/c/enc/hash_rolling_inc.h
Examining data/brotli-1.0.9/c/enc/hash_to_binary_tree_inc.h
Examining data/brotli-1.0.9/c/enc/histogram.c
Examining data/brotli-1.0.9/c/enc/histogram.h
Examining data/brotli-1.0.9/c/enc/histogram_inc.h
Examining data/brotli-1.0.9/c/enc/literal_cost.c
Examining data/brotli-1.0.9/c/enc/literal_cost.h
Examining data/brotli-1.0.9/c/enc/memory.c
Examining data/brotli-1.0.9/c/enc/memory.h
Examining data/brotli-1.0.9/c/enc/metablock.c
Examining data/brotli-1.0.9/c/enc/metablock.h
Examining data/brotli-1.0.9/c/enc/metablock_inc.h
Examining data/brotli-1.0.9/c/enc/params.h
Examining data/brotli-1.0.9/c/enc/prefix.h
Examining data/brotli-1.0.9/c/enc/quality.h
Examining data/brotli-1.0.9/c/enc/ringbuffer.h
Examining data/brotli-1.0.9/c/enc/static_dict.c
Examining data/brotli-1.0.9/c/enc/static_dict.h
Examining data/brotli-1.0.9/c/enc/static_dict_lut.h
Examining data/brotli-1.0.9/c/enc/utf8_util.c
Examining data/brotli-1.0.9/c/enc/utf8_util.h
Examining data/brotli-1.0.9/c/enc/write_bits.h
Examining data/brotli-1.0.9/c/include/brotli/decode.h
Examining data/brotli-1.0.9/c/include/brotli/encode.h
Examining data/brotli-1.0.9/c/include/brotli/port.h
Examining data/brotli-1.0.9/c/include/brotli/types.h
Examining data/brotli-1.0.9/c/tools/brotli.c
Examining data/brotli-1.0.9/python/_brotli.cc

FINAL RESULTS:

data/brotli-1.0.9/c/tools/brotli.c:55:9:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
#define chmod(F, P) (0)
data/brotli-1.0.9/c/tools/brotli.c:56:9:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
#define chown(F, O, G) (0)
data/brotli-1.0.9/c/tools/brotli.c:662:9:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
  res = chmod(output_path, statbuf.st_mode & (S_IRWXU | S_IRWXG | S_IRWXO));
data/brotli-1.0.9/c/tools/brotli.c:667:9:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
  res = chown(output_path, (uid_t)-1, statbuf.st_gid);
data/brotli-1.0.9/c/tools/brotli.c:672:9:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
  res = chown(output_path, statbuf.st_uid, (gid_t)-1);
data/brotli-1.0.9/c/common/platform.h:471:23:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define BROTLI_LOG(x) printf x
data/brotli-1.0.9/c/tools/brotli.c:723:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(context->modified_path, arg);
data/brotli-1.0.9/c/tools/brotli.c:747:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(context->modified_path + arg_len, context->suffix);
data/brotli-1.0.9/c/common/platform.h:296:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&t, p, sizeof t);
data/brotli-1.0.9/c/common/platform.h:301:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&t, p, sizeof t);
data/brotli-1.0.9/c/common/platform.h:306:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&t, p, sizeof t);
data/brotli-1.0.9/c/common/platform.h:310:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(p, &v, sizeof v);
data/brotli-1.0.9/c/common/platform.h:370:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&v, p, sizeof(uint64_t));
data/brotli-1.0.9/c/common/platform.h:375:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(p, &v, sizeof(uint64_t));
data/brotli-1.0.9/c/common/transform.c:14:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char kPrefixSuffix[217] =
data/brotli-1.0.9/c/dec/bit_reader.h:342:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dest, br->next_in, num);
data/brotli-1.0.9/c/dec/decode.c:175:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, src, 16);
data/brotli-1.0.9/c/dec/decode.c:176:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst, buffer, 16);
data/brotli-1.0.9/c/dec/decode.c:934:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&pattern, &b0123, 4);
data/brotli-1.0.9/c/dec/decode.c:1284:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(*next_out, start, num_written);
data/brotli-1.0.9/c/dec/decode.c:1314:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(s->ringbuffer, s->ringbuffer_end, (size_t)s->pos);
data/brotli-1.0.9/c/dec/decode.c:1344:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(s->ringbuffer, old_ringbuffer, (size_t)s->pos);
data/brotli-1.0.9/c/dec/decode.c:1927:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(&s->ringbuffer[pos], word, (size_t)len);
data/brotli-1.0.9/c/dec/decode.c:1980:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(copy_dst + 16, copy_src + 16, (size_t)(i - 16));
data/brotli-1.0.9/c/dec/huffman.c:225:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&table[table_size], &table[0],
data/brotli-1.0.9/c/dec/huffman.c:330:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&table[table_size], &table[0],
data/brotli-1.0.9/c/enc/backward_references_hq.c:809:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(orig_dist_cache, dist_cache, 4 * sizeof(dist_cache[0]));
data/brotli-1.0.9/c/enc/backward_references_hq.c:828:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dist_cache, orig_dist_cache, 4 * sizeof(dist_cache[0]));
data/brotli-1.0.9/c/enc/block_splitter.c:63:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(literals + pos, data + from_pos, head_size);
data/brotli-1.0.9/c/enc/block_splitter.c:69:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(literals + pos, data + from_pos, insert_len);
data/brotli-1.0.9/c/enc/brotli_bit_stream.c:1291:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&storage[*storage_ix >> 3], &input[masked_pos], len1);
data/brotli-1.0.9/c/enc/brotli_bit_stream.c:1296:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&storage[*storage_ix >> 3], &input[masked_pos], len);
data/brotli-1.0.9/c/enc/compress_fragment.c:142:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(cmd_depth, depth, 24);
data/brotli-1.0.9/c/enc/compress_fragment.c:143:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(cmd_depth + 24, depth + 40, 8);
data/brotli-1.0.9/c/enc/compress_fragment.c:144:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(cmd_depth + 32, depth + 24, 8);
data/brotli-1.0.9/c/enc/compress_fragment.c:145:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(cmd_depth + 40, depth + 48, 8);
data/brotli-1.0.9/c/enc/compress_fragment.c:146:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(cmd_depth + 48, depth + 32, 8);
data/brotli-1.0.9/c/enc/compress_fragment.c:147:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(cmd_depth + 56, depth + 56, 8);
data/brotli-1.0.9/c/enc/compress_fragment.c:149:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(bits, cmd_bits, 48);
data/brotli-1.0.9/c/enc/compress_fragment.c:150:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(bits + 24, cmd_bits + 32, 16);
data/brotli-1.0.9/c/enc/compress_fragment.c:151:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(bits + 32, cmd_bits + 48, 16);
data/brotli-1.0.9/c/enc/compress_fragment.c:152:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(bits + 40, cmd_bits + 24, 16);
data/brotli-1.0.9/c/enc/compress_fragment.c:153:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(bits + 48, cmd_bits + 40, 16);
data/brotli-1.0.9/c/enc/compress_fragment.c:154:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(bits + 56, cmd_bits + 56, 16);
data/brotli-1.0.9/c/enc/compress_fragment.c:160:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cmd_depth, depth, 8);
data/brotli-1.0.9/c/enc/compress_fragment.c:161:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cmd_depth + 64, depth + 8, 8);
data/brotli-1.0.9/c/enc/compress_fragment.c:162:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cmd_depth + 128, depth + 16, 8);
data/brotli-1.0.9/c/enc/compress_fragment.c:163:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cmd_depth + 192, depth + 24, 8);
data/brotli-1.0.9/c/enc/compress_fragment.c:164:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cmd_depth + 384, depth + 32, 8);
data/brotli-1.0.9/c/enc/compress_fragment.c:411:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&storage[*storage_ix >> 3], begin, len);
data/brotli-1.0.9/c/enc/compress_fragment.c:487:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(cmd_histo, kCmdHistoSeed, sizeof(kCmdHistoSeed));
data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c:84:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(cmd_depth, depth + 24, 24);
data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c:85:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(cmd_depth + 24, depth, 8);
data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c:86:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(cmd_depth + 32, depth + 48, 8);
data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c:87:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(cmd_depth + 40, depth + 8, 8);
data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c:88:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(cmd_depth + 48, depth + 56, 8);
data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c:89:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(cmd_depth + 56, depth + 16, 8);
data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c:91:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(bits, cmd_bits + 24, 16);
data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c:92:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(bits + 8, cmd_bits + 40, 16);
data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c:93:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(bits + 16, cmd_bits + 56, 16);
data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c:94:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(bits + 24, cmd_bits, 48);
data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c:95:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(bits + 48, cmd_bits + 32, 16);
data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c:96:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(bits + 56, cmd_bits + 48, 16);
data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c:102:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cmd_depth, depth + 24, 8);
data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c:103:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cmd_depth + 64, depth + 32, 8);
data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c:104:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cmd_depth + 128, depth + 40, 8);
data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c:105:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cmd_depth + 192, depth + 48, 8);
data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c:106:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(cmd_depth + 384, depth + 56, 8);
data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c:333:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(*literals, next_emit, (size_t)insert);
data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c:450:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(*literals, next_emit, insert);
data/brotli-1.0.9/c/enc/compress_fragment_two_pass.c:552:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&storage[*storage_ix >> 3], input, input_size);
data/brotli-1.0.9/c/enc/encode.c:41:30:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define COPY_ARRAY(dst, src) memcpy(dst, src, sizeof(src));
data/brotli-1.0.9/c/enc/encode.c:587:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dist_cache, saved_dist_cache, 4 * sizeof(dist_cache[0]));
data/brotli-1.0.9/c/enc/encode.c:652:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dist_cache, saved_dist_cache, 4 * sizeof(dist_cache[0]));
data/brotli-1.0.9/c/enc/encode.c:1051:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(new_commands, s->commands_, sizeof(Command) * s->num_commands_);
data/brotli-1.0.9/c/enc/encode.c:1304:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(new_commands, commands, sizeof(Command) * num_commands);
data/brotli-1.0.9/c/enc/encode.c:1342:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(dist_cache, saved_dist_cache, 4 * sizeof(dist_cache[0]));
data/brotli-1.0.9/c/enc/encode.c:1382:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dist_cache, saved_dist_cache, 4 * sizeof(dist_cache[0]));
data/brotli-1.0.9/c/enc/encode.c:1401:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(saved_dist_cache, dist_cache, 4 * sizeof(dist_cache[0]));
data/brotli-1.0.9/c/enc/encode.c:1407:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(encoded_buffer, storage, out_size);
data/brotli-1.0.9/c/enc/encode.c:1462:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&output[result], &input[offset], chunk_size);
data/brotli-1.0.9/c/enc/encode.c:1576:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(*next_out, s->next_out_, copy_output_size);
data/brotli-1.0.9/c/enc/encode.c:1766:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(*next_out, *next_in, copy);
data/brotli-1.0.9/c/enc/encode.c:1776:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(s->next_out_, *next_in, copy);
data/brotli-1.0.9/c/enc/memory.c:129:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(m->pointers + PERM_ALLOCATED_OFFSET + m->perm_allocated,
data/brotli-1.0.9/c/enc/memory.h:88:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(new_array, A, C * sizeof(T));                         \
data/brotli-1.0.9/c/enc/ringbuffer.h:80:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new_data, rb->data_,
data/brotli-1.0.9/c/enc/ringbuffer.h:99:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&rb->buffer_[p], bytes,
data/brotli-1.0.9/c/enc/ringbuffer.h:117:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(rb->buffer_, bytes, n);
data/brotli-1.0.9/c/enc/ringbuffer.h:139:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&rb->buffer_[masked_pos], bytes, n);
data/brotli-1.0.9/c/enc/ringbuffer.h:143:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&rb->buffer_[masked_pos], bytes,
data/brotli-1.0.9/c/enc/ringbuffer.h:146:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&rb->buffer_[0], bytes + (rb->size_ - masked_pos),
data/brotli-1.0.9/c/tools/brotli.c:52:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define fopen ms_fopen
data/brotli-1.0.9/c/tools/brotli.c:53:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define open ms_open
data/brotli-1.0.9/c/tools/brotli.c:596:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  *f = fopen(input_path, "rb");
data/brotli-1.0.9/c/tools/brotli.c:613:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fd = open(output_path, O_CREAT | (force ? 0 : O_EXCL) | O_WRONLY | O_TRUNC,
data/brotli-1.0.9/c/tools/brotli.c:630:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE* f = fopen(path, "rb");
data/brotli-1.0.9/python/_brotli.cc:747:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char version[16];
data/brotli-1.0.9/c/tools/brotli.c:168:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t unbrotli_len = strlen(unbrotli);
data/brotli-1.0.9/c/tools/brotli.c:198:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t arg_len = arg ? strlen(arg) : 0;
data/brotli-1.0.9/c/tools/brotli.c:708:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  arg_len = strlen(arg);
data/brotli-1.0.9/c/tools/brotli.c:727:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t suffix_len = strlen(context->suffix);
data/brotli-1.0.9/c/tools/brotli.c:730:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t name_len = strlen(name);
data/brotli-1.0.9/c/tools/brotli.c:894:44:  [1] (buffer) fgetc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          (context->available_in != 0) || (fgetc(context->fin) != EOF);
data/brotli-1.0.9/c/tools/brotli.c:1069:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          context.longest_path_len + strlen(context.suffix) + 1;

ANALYSIS SUMMARY:

Hits = 105
Lines analyzed = 37291 in approximately 2.70 seconds (13828 lines/second)
Physical Source Lines of Code (SLOC) = 31805
Hits@level = [0]  85 [1]   7 [2]  90 [3]   0 [4]   3 [5]   5
Hits@level+ = [0+] 190 [1+] 105 [2+]  98 [3+]   8 [4+]   8 [5+]   5
Hits/KSLOC@level+ = [0+] 5.9739 [1+] 3.30137 [2+] 3.08128 [3+] 0.251533 [4+] 0.251533 [5+] 0.157208
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.