Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/camlpdf-2.3.1/flatestubs.c
Examining data/camlpdf-2.3.1/miniz.c
Examining data/camlpdf-2.3.1/miniz.h
Examining data/camlpdf-2.3.1/rijndael-alg-fst.c
Examining data/camlpdf-2.3.1/rijndael-alg-fst.h
Examining data/camlpdf-2.3.1/sha2.c
Examining data/camlpdf-2.3.1/sha2.h
Examining data/camlpdf-2.3.1/stubs-aes.c
Examining data/camlpdf-2.3.1/stubs-sha2.c

FINAL RESULTS:

data/camlpdf-2.3.1/miniz.c:29:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef unsigned char mz_validate_uint16[sizeof(mz_uint16) == 2 ? 1 : -1];
data/camlpdf-2.3.1/miniz.c:30:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef unsigned char mz_validate_uint32[sizeof(mz_uint32) == 4 ? 1 : -1];
data/camlpdf-2.3.1/miniz.c:31:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef unsigned char mz_validate_uint64[sizeof(mz_uint64) == 8 ? 1 : -1];
data/camlpdf-2.3.1/miniz.c:486:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n);
data/camlpdf-2.3.1/miniz.c:511:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n);
data/camlpdf-2.3.1/miniz.c:987:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(code_sizes_to_pack, &d->m_huff_code_sizes[0][0], num_lit_codes);
data/camlpdf-2.3.1/miniz.c:988:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(code_sizes_to_pack + num_lit_codes, &d->m_huff_code_sizes[1][0], num_dist_codes);
data/camlpdf-2.3.1/miniz.c:1350:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf, bytes_to_copy);
data/camlpdf-2.3.1/miniz.c:1372:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&ret, p, sizeof(mz_uint16));
data/camlpdf-2.3.1/miniz.c:1378:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&ret, p, sizeof(mz_uint16));
data/camlpdf-2.3.1/miniz.c:1488:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&ret, p, sizeof(mz_uint32));
data/camlpdf-2.3.1/miniz.c:1512:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(d->m_dict + dst_pos, d->m_pSrc, n);
data/camlpdf-2.3.1/miniz.c:1514:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(d->m_dict + TDEFL_LZ_DICT_SIZE + dst_pos, d->m_pSrc, MZ_MIN(n, (TDEFL_MAX_MATCH_LEN - 1) - dst_pos));
data/camlpdf-2.3.1/miniz.c:1564:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(&pLZ_code_buf[1], &cur_match_dist, sizeof(cur_match_dist));
data/camlpdf-2.3.1/miniz.c:1866:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf + d->m_output_flush_ofs, n);
data/camlpdf-2.3.1/miniz.c:2038:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((mz_uint8 *)p->m_pBuf + p->m_size, pBuf, len);
data/camlpdf-2.3.1/miniz.c:2162:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(out_buf.m_pBuf, pnghdr, 41);
data/camlpdf-2.3.1/miniz.c:2242:31:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define TINFL_MEMCPY(d, s, l) memcpy(d, s, l)
data/camlpdf-2.3.1/miniz.c:2734:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
						memcpy(pOut_buf_cur, pSrc, sizeof(mz_uint32)*2);
data/camlpdf-2.3.1/miniz.c:3021:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define MZ_FOPEN(f, m) fopen(f, m)
data/camlpdf-2.3.1/miniz.c:3036:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define MZ_FOPEN(f, m) fopen(f, m)
data/camlpdf-2.3.1/miniz.c:3066:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define MZ_FOPEN(f, m) fopen(f, m)
data/camlpdf-2.3.1/miniz.c:3083:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define MZ_FOPEN(f, m) fopen(f, m)
data/camlpdf-2.3.1/miniz.c:3302:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((mz_uint8 *)pArray->m_p + orig_size * pArray->m_element_size, pElements, n * pArray->m_element_size);
data/camlpdf-2.3.1/miniz.c:3873:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pBuf, (const mz_uint8 *)pZip->m_pState->m_pMem + file_ofs, s);
data/camlpdf-2.3.1/miniz.c:4146:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pStat->m_filename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n);
data/camlpdf-2.3.1/miniz.c:4152:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pStat->m_comment, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS) + MZ_READ_LE16(p + MZ_ZIP_CDH_EXTRA_LEN_OFS), n);
data/camlpdf-2.3.1/miniz.c:4956:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pvBuf, pState->pRead_buf, copied_to_caller );
data/camlpdf-2.3.1/miniz.c:5028:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( (uint8_t*)pvBuf + copied_to_caller, pWrite_buf_cur, to_copy );
data/camlpdf-2.3.1/miniz.c:5581:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((mz_uint8 *)pState->m_pMem + file_ofs, pBuf, n);
data/camlpdf-2.3.1/miniz.c:5768:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[4096];
data/camlpdf-2.3.1/miniz.c:6067:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[4096];
data/camlpdf-2.3.1/miniz.c:7077:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new_central_header, pSrc_central_header, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE);
data/camlpdf-2.3.1/miniz.c:7627:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pFilename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n);
data/camlpdf-2.3.1/miniz.h:971:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char m_filename[MZ_ZIP_MAX_ARCHIVE_FILENAME_SIZE];
data/camlpdf-2.3.1/miniz.h:975:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char m_comment[MZ_ZIP_MAX_ARCHIVE_FILE_COMMENT_SIZE];
data/camlpdf-2.3.1/sha2.c:364:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&ctx->block[ctx->len], message, rem_len);
data/camlpdf-2.3.1/sha2.c:381:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ctx->block, &shifted_message[block_nb << 6],
data/camlpdf-2.3.1/sha2.c:561:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&ctx->block[ctx->len], message, rem_len);
data/camlpdf-2.3.1/sha2.c:578:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ctx->block, &shifted_message[block_nb << 7],
data/camlpdf-2.3.1/sha2.c:663:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&ctx->block[ctx->len], message, rem_len);
data/camlpdf-2.3.1/sha2.c:680:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ctx->block, &shifted_message[block_nb << 7],
data/camlpdf-2.3.1/sha2.c:763:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&ctx->block[ctx->len], message, rem_len);
data/camlpdf-2.3.1/sha2.c:780:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ctx->block, &shifted_message[block_nb << 6],
data/camlpdf-2.3.1/sha2.c:834:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char output[2 * SHA512_DIGEST_SIZE + 1];
data/camlpdf-2.3.1/sha2.c:840:8:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
       sprintf(output + 2 * i, "%02x", digest[i]);
data/camlpdf-2.3.1/sha2.c:852:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const char *vectors[4][3] =
data/camlpdf-2.3.1/sha2.c:893:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char digest[SHA512_DIGEST_SIZE];
data/camlpdf-2.3.1/sha2.h:61:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char block[2 * SHA256_BLOCK_SIZE];
data/camlpdf-2.3.1/sha2.h:68:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char block[2 * SHA512_BLOCK_SIZE];
data/camlpdf-2.3.1/miniz.c:4270:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const mz_uint filename_len = (mz_uint)strlen(pFilename);
data/camlpdf-2.3.1/miniz.c:4332:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    name_len = strlen(pName);
data/camlpdf-2.3.1/miniz.c:4336:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    comment_len = pComment ? strlen(pComment) : 0;
data/camlpdf-2.3.1/miniz.c:5242:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (local_header_filename_len != strlen(file_stat.m_filename))
data/camlpdf-2.3.1/miniz.c:6170:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    archive_name_size = strlen(pArchive_name);
data/camlpdf-2.3.1/miniz.c:6429:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    archive_name_size = strlen(pArchive_name);
data/camlpdf-2.3.1/sha2.c:905:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sha224((const unsigned char *) message1, strlen(message1), digest);
data/camlpdf-2.3.1/sha2.c:907:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sha224((const unsigned char *) message2a, strlen(message2a), digest);
data/camlpdf-2.3.1/sha2.c:915:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sha256((const unsigned char *) message1, strlen(message1), digest);
data/camlpdf-2.3.1/sha2.c:917:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sha256((const unsigned char *) message2a, strlen(message2a), digest);
data/camlpdf-2.3.1/sha2.c:925:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sha384((const unsigned char *) message1, strlen(message1), digest);
data/camlpdf-2.3.1/sha2.c:927:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sha384((const unsigned char *)message2b, strlen(message2b), digest);
data/camlpdf-2.3.1/sha2.c:935:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sha512((const unsigned char *) message1, strlen(message1), digest);
data/camlpdf-2.3.1/sha2.c:937:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sha512((const unsigned char *) message2b, strlen(message2b), digest);

ANALYSIS SUMMARY:

Hits = 64
Lines analyzed = 11781 in approximately 0.37 seconds (32134 lines/second)
Physical Source Lines of Code (SLOC) = 9197
Hits@level = [0]  19 [1]  14 [2]  50 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  83 [1+]  64 [2+]  50 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 9.02468 [1+] 6.95879 [2+] 5.43656 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.