Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cld2-0.0.0-git20150806/internal/cld2_do_score.cc
Examining data/cld2-0.0.0-git20150806/internal/cld2_dynamic_compat.h
Examining data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data.cc
Examining data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data.h
Examining data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_extractor.cc
Examining data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_extractor.h
Examining data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_loader.cc
Examining data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_loader.h
Examining data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_tool.cc
Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_cjk_compatible.cc
Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_deltaocta0122.cc
Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_deltaocta0527.cc
Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_deltaoctachrome.cc
Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_distinctocta0122.cc
Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_distinctocta0527.cc
Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_distinctoctachrome.cc
Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_octa2_dummy.cc
Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_quad0122.cc
Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_quad0720.cc
Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_quadchrome_16.cc
Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_quadchrome_2.cc
Examining data/cld2-0.0.0-git20150806/internal/cld2_unittest.cc
Examining data/cld2-0.0.0-git20150806/internal/cld2_unittest_full.cc
Examining data/cld2-0.0.0-git20150806/internal/cld2tablesummary.h
Examining data/cld2-0.0.0-git20150806/internal/cld_generated_cjk_delta_bi_32.cc
Examining data/cld2-0.0.0-git20150806/internal/cld_generated_cjk_delta_bi_4.cc
Examining data/cld2-0.0.0-git20150806/internal/cld_generated_score_quad_octa_0122.cc
Examining data/cld2-0.0.0-git20150806/internal/cld_generated_score_quad_octa_0122_2.cc
Examining data/cld2-0.0.0-git20150806/internal/cld_generated_score_quad_octa_1024_256.cc
Examining data/cld2-0.0.0-git20150806/internal/cld_generated_score_quad_octa_2.cc
Examining data/cld2-0.0.0-git20150806/internal/cldutil.cc
Examining data/cld2-0.0.0-git20150806/internal/cldutil.h
Examining data/cld2-0.0.0-git20150806/internal/cldutil_offline.cc
Examining data/cld2-0.0.0-git20150806/internal/cldutil_offline.h
Examining data/cld2-0.0.0-git20150806/internal/cldutil_shared.cc
Examining data/cld2-0.0.0-git20150806/internal/cldutil_shared.h
Examining data/cld2-0.0.0-git20150806/internal/compact_lang_det.cc
Examining data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc
Examining data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.h
Examining data/cld2-0.0.0-git20150806/internal/compact_lang_det_impl.cc
Examining data/cld2-0.0.0-git20150806/internal/compact_lang_det_impl.h
Examining data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc
Examining data/cld2-0.0.0-git20150806/internal/debug.cc
Examining data/cld2-0.0.0-git20150806/internal/debug.h
Examining data/cld2-0.0.0-git20150806/internal/debug_empty.cc
Examining data/cld2-0.0.0-git20150806/internal/fixunicodevalue.cc
Examining data/cld2-0.0.0-git20150806/internal/fixunicodevalue.h
Examining data/cld2-0.0.0-git20150806/internal/generated_distinct_bi_0.cc
Examining data/cld2-0.0.0-git20150806/internal/generated_entities.cc
Examining data/cld2-0.0.0-git20150806/internal/generated_language.cc
Examining data/cld2-0.0.0-git20150806/internal/generated_language.h
Examining data/cld2-0.0.0-git20150806/internal/generated_ulscript.cc
Examining data/cld2-0.0.0-git20150806/internal/generated_ulscript.h
Examining data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc
Examining data/cld2-0.0.0-git20150806/internal/getonescriptspan.h
Examining data/cld2-0.0.0-git20150806/internal/integral_types.h
Examining data/cld2-0.0.0-git20150806/internal/lang_script.cc
Examining data/cld2-0.0.0-git20150806/internal/lang_script.h
Examining data/cld2-0.0.0-git20150806/internal/langspan.h
Examining data/cld2-0.0.0-git20150806/internal/offsetmap.cc
Examining data/cld2-0.0.0-git20150806/internal/offsetmap.h
Examining data/cld2-0.0.0-git20150806/internal/port.h
Examining data/cld2-0.0.0-git20150806/internal/scoreonescriptspan.h
Examining data/cld2-0.0.0-git20150806/internal/scoreutf8text.cc
Examining data/cld2-0.0.0-git20150806/internal/stringpiece.h
Examining data/cld2-0.0.0-git20150806/internal/tote.cc
Examining data/cld2-0.0.0-git20150806/internal/tote.h
Examining data/cld2-0.0.0-git20150806/internal/unittest_data.h
Examining data/cld2-0.0.0-git20150806/internal/utf8acceptinterchange.h
Examining data/cld2-0.0.0-git20150806/internal/utf8prop_lettermarkscriptnum.h
Examining data/cld2-0.0.0-git20150806/internal/utf8repl_lettermarklower.h
Examining data/cld2-0.0.0-git20150806/internal/utf8scannot_lettermarkspecial.h
Examining data/cld2-0.0.0-git20150806/internal/utf8statetable.cc
Examining data/cld2-0.0.0-git20150806/internal/utf8statetable.h
Examining data/cld2-0.0.0-git20150806/internal/cld_generated_cjk_uni_prop_80.cc
Examining data/cld2-0.0.0-git20150806/internal/scoreonescriptspan.cc
Examining data/cld2-0.0.0-git20150806/public/compact_lang_det.h
Examining data/cld2-0.0.0-git20150806/public/encodings.h
FINAL RESULTS:
data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1514:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp, "%s.%d ",
data/cld2-0.0.0-git20150806/internal/debug.cc:92:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp, "%s.%d", LanguageCode(lang), qprob);
data/cld2-0.0.0-git20150806/internal/debug.cc:264:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp, "[%s]", LanguageCode(lang));
data/cld2-0.0.0-git20150806/internal/cld2_do_score.cc:206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[kMaxBuffer];
data/cld2-0.0.0-git20150806/internal/cld2_do_score.cc:217:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
infile = fopen(filename, "r");
data/cld2-0.0.0-git20150806/internal/cld2_dynamic_compat.h:33:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define OPEN open
data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data.cc:52:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char safeString[DATA_FILE_MARKER_LENGTH + 1];
data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data.cc:53:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(safeString, header->sanityString, DATA_FILE_MARKER_LENGTH);
data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data.cc:201:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[4];
data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data.h:167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sanityString[DATA_FILE_MARKER_LENGTH];
data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_extractor.cc:74:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* outFile = fopen(fileName, "w");
data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_loader.cc:34:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* inFile = fopen(fileName, "r");
data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_loader.cc:51:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(header->field), (((char*)(basePointer)) + bytesRead), 4);\
data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_loader.cc:63:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(header->sanityString, basePointer, CLD2DynamicData::DATA_FILE_MARKER_LENGTH);
data/cld2-0.0.0-git20150806/internal/cld2_unittest.cc:359:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* inFile = fopen(data_file, "r");
data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1056:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[20];
data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1064:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, &langtags[pos], len);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1149:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char kLangCodeAction[256] = {
data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1172:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char kLangCodeRemap[256] = {
data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1399:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[20];
data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1407:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, &langtags[pos], len);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1449:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char local_tld[4];
data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1513:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[64];
data/cld2-0.0.0-git20150806/internal/compact_lang_det_impl.cc:2110:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char temp_detectlanguageversion[32];
data/cld2-0.0.0-git20150806/internal/compact_lang_det_impl.cc:2116:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp_detectlanguageversion,
data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[160];
data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:261:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(fname, "r");
data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:263:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(fname, "rb");
data/cld2-0.0.0-git20150806/internal/debug.cc:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[16];
data/cld2-0.0.0-git20150806/internal/debug.cc:252:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[64];
data/cld2-0.0.0-git20150806/internal/debug.cc:253:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, " <span style=\"background:#%06X;color:#%06X;\">\n",
data/cld2-0.0.0-git20150806/internal/debug.cc:263:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[64];
data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:46:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char kSpecialSymbol[256] = { // true for < > &
data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:211:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gDisplayPiece[32];
data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:228:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gDisplayPiece[k], "<", 4); k += 4;
data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:230:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gDisplayPiece[k], ">", 4); k += 4;
data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:232:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gDisplayPiece[k], "&", 5); k += 5;
data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:234:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gDisplayPiece[k], "'", 6); k += 6;
data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:236:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&gDisplayPiece[k], """, 6); k += 6;
data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:295:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[16];
data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:296:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, entity_name, entity_len);
data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:624:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[4];
data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:895:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(script_buffer_ + put, next_byte_ + take, plen);
data/cld2-0.0.0-git20150806/internal/lang_script.cc:403:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[16];
data/cld2-0.0.0-git20150806/internal/lang_script.cc:406:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, src, len);
data/cld2-0.0.0-git20150806/internal/lang_script.cc:422:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[16];
data/cld2-0.0.0-git20150806/internal/lang_script.cc:426:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, src, len);
data/cld2-0.0.0-git20150806/internal/lang_script.cc:434:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, src, len);
data/cld2-0.0.0-git20150806/internal/lang_script.cc:435:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&temp[hyphen1_offset], hyphen2, len2);
data/cld2-0.0.0-git20150806/internal/lang_script.cc:442:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, src, len);
data/cld2-0.0.0-git20150806/internal/lang_script.cc:497:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[16];
data/cld2-0.0.0-git20150806/internal/lang_script.cc:501:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, hyphen1 + 1, len1);
data/cld2-0.0.0-git20150806/internal/lang_script.cc:507:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, src, len);
data/cld2-0.0.0-git20150806/internal/lang_script.cc:525:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[16];
data/cld2-0.0.0-git20150806/internal/lang_script.cc:531:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, hyphen1 + 1, lenmid);
data/cld2-0.0.0-git20150806/internal/lang_script.cc:537:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, hyphen2 + 1, len2);
data/cld2-0.0.0-git20150806/internal/lang_script.cc:543:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, src, len);
data/cld2-0.0.0-git20150806/internal/offsetmap.cc:73:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fout = fopen(filename, "w");
data/cld2-0.0.0-git20150806/internal/port.h:91:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t, p, sizeof t);
data/cld2-0.0.0-git20150806/internal/port.h:96:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &v, sizeof v);
data/cld2-0.0.0-git20150806/internal/port.h:108:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t, p, sizeof t);
data/cld2-0.0.0-git20150806/internal/port.h:114:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t, p, sizeof t);
data/cld2-0.0.0-git20150806/internal/port.h:120:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&t, p, sizeof t);
data/cld2-0.0.0-git20150806/internal/port.h:125:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &v, sizeof v);
data/cld2-0.0.0-git20150806/internal/port.h:129:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &v, sizeof v);
data/cld2-0.0.0-git20150806/internal/port.h:133:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, &v, sizeof v);
data/cld2-0.0.0-git20150806/internal/scoreutf8text.cc:394:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fin = fopen(fname, "rb");
data/cld2-0.0.0-git20150806/internal/scoreutf8text.cc:402:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[kMaxBuffer];
data/cld2-0.0.0-git20150806/internal/utf8acceptinterchange.h:426:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char utf8acceptinterchange_fast[256] = {
data/cld2-0.0.0-git20150806/internal/utf8repl_lettermarklower.h:698:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char utf8repl_lettermarklower_fast[256] = {
data/cld2-0.0.0-git20150806/internal/utf8scannot_lettermarkspecial.h:1395:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char utf8scannot_lettermarkspecial_fast[256] = {
data/cld2-0.0.0-git20150806/internal/utf8statetable.cc:773:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &st->remap_string[string_offset], add_len);
data/cld2-0.0.0-git20150806/internal/utf8statetable.cc:1049:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &st->remap_string[string_offset], add_len);
data/cld2-0.0.0-git20150806/internal/utf8statetable.h:257:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char kUTF8LenTbl[256] = {
data/cld2-0.0.0-git20150806/internal/cld2_do_score.cc:77:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buffer);
data/cld2-0.0.0-git20150806/internal/cld2_do_score.cc:86:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buffer);
data/cld2-0.0.0-git20150806/internal/cld2_do_score.cc:227:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_length = strlen(buffer);
data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data.cc:145:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CHECK_MEM_EQUALS(unigram_obj->remap_string, strlen(
data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data.cc:158:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CHECK_MEM_EQUALS(unigram_obj->fast_state, strlen(
data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data.cc:178:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(realData->kRecognizedLangScripts) + 1; // null terminator included
data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_extractor.cc:186:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(summary->kRecognizedLangScripts) + 1; // note null terminator
data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_extractor.cc:349:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header->lengthOf_utf8PropObj_remap_string = strlen(
data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_extractor.cc:354:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
header->lengthOf_utf8PropObj_fast_state = strlen(
data/cld2-0.0.0-git20150806/internal/cld2_unittest.cc:309:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
any_fail |= !OneTest(flags, get_vector, UNKNOWN_LANGUAGE, kTeststr_en, strlen(kTeststr_en));
data/cld2-0.0.0-git20150806/internal/cld2_unittest.cc:334:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int buffer_length = strlen(buffer);
data/cld2-0.0.0-git20150806/internal/cld2_unittest.cc:354:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
any_fail |= !OneTest(flags, get_vector, UNKNOWN_LANGUAGE, kTeststr_en, strlen(kTeststr_en));
data/cld2-0.0.0-git20150806/internal/cld2_unittest.cc:383:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int buffer_length = strlen(buffer);
data/cld2-0.0.0-git20150806/internal/cld2_unittest.cc:401:74: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
any_fail |= !OneTest(flags, get_vector, UNKNOWN_LANGUAGE, kTeststr_en, strlen(kTeststr_en));
data/cld2-0.0.0-git20150806/internal/cld2_unittest_full.cc:381:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int buffer_length = strlen(buffer);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1077:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(temp);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1308:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1330:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1420:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(temp);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1440:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string langtags = CopyOneQuotedString(contentlang, 0, strlen(contentlang));
data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1447:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(tld);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1450:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(local_tld, tld, 4);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:79:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buffer);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:88:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buffer);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:108:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp = temp + strlen(temp);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:109:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp_left = sizeof(temp) - strlen(temp);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:117:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp = temp + strlen(temp);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:118:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp_left = sizeof(temp) - strlen(temp);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:125:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp = temp + strlen(temp);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:126:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp_left = sizeof(temp) - strlen(temp);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:134:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp = temp + strlen(temp);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:135:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp_left = sizeof(temp) - strlen(temp);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:139:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp = temp + strlen(temp);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:140:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp_left = sizeof(temp) - strlen(temp);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:145:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp = temp + strlen(temp);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:146:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tp_left = sizeof(temp) - strlen(temp);
data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:306:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(buffer),
data/cld2-0.0.0-git20150806/internal/lang_script.cc:400:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(src);
data/cld2-0.0.0-git20150806/internal/lang_script.cc:419:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(src);
data/cld2-0.0.0-git20150806/internal/lang_script.cc:494:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(src);
data/cld2-0.0.0-git20150806/internal/lang_script.cc:522:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(src);
data/cld2-0.0.0-git20150806/internal/scoreutf8text.cc:72:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buffer);
data/cld2-0.0.0-git20150806/internal/scoreutf8text.cc:81:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buffer);
data/cld2-0.0.0-git20150806/internal/scoreutf8text.cc:387:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int buffer_len = strlen(buffer);
data/cld2-0.0.0-git20150806/internal/stringpiece.h:44:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length_ = strlen(str);
ANALYSIS SUMMARY:
Hits = 119
Lines analyzed = 904815 in approximately 49.56 seconds (18259 lines/second)
Physical Source Lines of Code (SLOC) = 866761
Hits@level = [0] 337 [1] 45 [2] 71 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 456 [1+] 119 [2+] 74 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 0.526097 [1+] 0.137293 [2+] 0.0853753 [3+] 0.00346116 [4+] 0.00346116 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.