Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/cld2-0.0.0-git20150806/internal/cld2_do_score.cc Examining data/cld2-0.0.0-git20150806/internal/cld2_dynamic_compat.h Examining data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data.cc Examining data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data.h Examining data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_extractor.cc Examining data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_extractor.h Examining data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_loader.cc Examining data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_loader.h Examining data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_tool.cc Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_cjk_compatible.cc Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_deltaocta0122.cc Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_deltaocta0527.cc Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_deltaoctachrome.cc Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_distinctocta0122.cc Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_distinctocta0527.cc Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_distinctoctachrome.cc Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_octa2_dummy.cc Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_quad0122.cc Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_quad0720.cc Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_quadchrome_16.cc Examining data/cld2-0.0.0-git20150806/internal/cld2_generated_quadchrome_2.cc Examining data/cld2-0.0.0-git20150806/internal/cld2_unittest.cc Examining data/cld2-0.0.0-git20150806/internal/cld2_unittest_full.cc Examining data/cld2-0.0.0-git20150806/internal/cld2tablesummary.h Examining data/cld2-0.0.0-git20150806/internal/cld_generated_cjk_delta_bi_32.cc Examining data/cld2-0.0.0-git20150806/internal/cld_generated_cjk_delta_bi_4.cc Examining data/cld2-0.0.0-git20150806/internal/cld_generated_score_quad_octa_0122.cc Examining data/cld2-0.0.0-git20150806/internal/cld_generated_score_quad_octa_0122_2.cc Examining data/cld2-0.0.0-git20150806/internal/cld_generated_score_quad_octa_1024_256.cc Examining data/cld2-0.0.0-git20150806/internal/cld_generated_score_quad_octa_2.cc Examining data/cld2-0.0.0-git20150806/internal/cldutil.cc Examining data/cld2-0.0.0-git20150806/internal/cldutil.h Examining data/cld2-0.0.0-git20150806/internal/cldutil_offline.cc Examining data/cld2-0.0.0-git20150806/internal/cldutil_offline.h Examining data/cld2-0.0.0-git20150806/internal/cldutil_shared.cc Examining data/cld2-0.0.0-git20150806/internal/cldutil_shared.h Examining data/cld2-0.0.0-git20150806/internal/compact_lang_det.cc Examining data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc Examining data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.h Examining data/cld2-0.0.0-git20150806/internal/compact_lang_det_impl.cc Examining data/cld2-0.0.0-git20150806/internal/compact_lang_det_impl.h Examining data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc Examining data/cld2-0.0.0-git20150806/internal/debug.cc Examining data/cld2-0.0.0-git20150806/internal/debug.h Examining data/cld2-0.0.0-git20150806/internal/debug_empty.cc Examining data/cld2-0.0.0-git20150806/internal/fixunicodevalue.cc Examining data/cld2-0.0.0-git20150806/internal/fixunicodevalue.h Examining data/cld2-0.0.0-git20150806/internal/generated_distinct_bi_0.cc Examining data/cld2-0.0.0-git20150806/internal/generated_entities.cc Examining data/cld2-0.0.0-git20150806/internal/generated_language.cc Examining data/cld2-0.0.0-git20150806/internal/generated_language.h Examining data/cld2-0.0.0-git20150806/internal/generated_ulscript.cc Examining data/cld2-0.0.0-git20150806/internal/generated_ulscript.h Examining data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc Examining data/cld2-0.0.0-git20150806/internal/getonescriptspan.h Examining data/cld2-0.0.0-git20150806/internal/integral_types.h Examining data/cld2-0.0.0-git20150806/internal/lang_script.cc Examining data/cld2-0.0.0-git20150806/internal/lang_script.h Examining data/cld2-0.0.0-git20150806/internal/langspan.h Examining data/cld2-0.0.0-git20150806/internal/offsetmap.cc Examining data/cld2-0.0.0-git20150806/internal/offsetmap.h Examining data/cld2-0.0.0-git20150806/internal/port.h Examining data/cld2-0.0.0-git20150806/internal/scoreonescriptspan.h Examining data/cld2-0.0.0-git20150806/internal/scoreutf8text.cc Examining data/cld2-0.0.0-git20150806/internal/stringpiece.h Examining data/cld2-0.0.0-git20150806/internal/tote.cc Examining data/cld2-0.0.0-git20150806/internal/tote.h Examining data/cld2-0.0.0-git20150806/internal/unittest_data.h Examining data/cld2-0.0.0-git20150806/internal/utf8acceptinterchange.h Examining data/cld2-0.0.0-git20150806/internal/utf8prop_lettermarkscriptnum.h Examining data/cld2-0.0.0-git20150806/internal/utf8repl_lettermarklower.h Examining data/cld2-0.0.0-git20150806/internal/utf8scannot_lettermarkspecial.h Examining data/cld2-0.0.0-git20150806/internal/utf8statetable.cc Examining data/cld2-0.0.0-git20150806/internal/utf8statetable.h Examining data/cld2-0.0.0-git20150806/internal/cld_generated_cjk_uni_prop_80.cc Examining data/cld2-0.0.0-git20150806/internal/scoreonescriptspan.cc Examining data/cld2-0.0.0-git20150806/public/compact_lang_det.h Examining data/cld2-0.0.0-git20150806/public/encodings.h FINAL RESULTS: data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1514:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temp, "%s.%d ", data/cld2-0.0.0-git20150806/internal/debug.cc:92:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temp, "%s.%d", LanguageCode(lang), qprob); data/cld2-0.0.0-git20150806/internal/debug.cc:264:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(temp, "[%s]", LanguageCode(lang)); data/cld2-0.0.0-git20150806/internal/cld2_do_score.cc:206:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[kMaxBuffer]; data/cld2-0.0.0-git20150806/internal/cld2_do_score.cc:217:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). infile = fopen(filename, "r"); data/cld2-0.0.0-git20150806/internal/cld2_dynamic_compat.h:33:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define OPEN open data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data.cc:52:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char safeString[DATA_FILE_MARKER_LENGTH + 1]; data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data.cc:53:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(safeString, header->sanityString, DATA_FILE_MARKER_LENGTH); data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data.cc:201:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bytes[4]; data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data.h:167:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sanityString[DATA_FILE_MARKER_LENGTH]; data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_extractor.cc:74:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* outFile = fopen(fileName, "w"); data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_loader.cc:34:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* inFile = fopen(fileName, "r"); data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_loader.cc:51:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(header->field), (((char*)(basePointer)) + bytesRead), 4);\ data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_loader.cc:63:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(header->sanityString, basePointer, CLD2DynamicData::DATA_FILE_MARKER_LENGTH); data/cld2-0.0.0-git20150806/internal/cld2_unittest.cc:359:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* inFile = fopen(data_file, "r"); data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1056:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[20]; data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1064:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, &langtags[pos], len); data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1149:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char kLangCodeAction[256] = { data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1172:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char kLangCodeRemap[256] = { data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1399:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[20]; data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1407:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, &langtags[pos], len); data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1449:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_tld[4]; data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1513:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[64]; data/cld2-0.0.0-git20150806/internal/compact_lang_det_impl.cc:2110:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char temp_detectlanguageversion[32]; data/cld2-0.0.0-git20150806/internal/compact_lang_det_impl.cc:2116:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp_detectlanguageversion, data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:102:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[160]; data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:261:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(fname, "r"); data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:263:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fin = fopen(fname, "rb"); data/cld2-0.0.0-git20150806/internal/debug.cc:91:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[16]; data/cld2-0.0.0-git20150806/internal/debug.cc:252:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[64]; data/cld2-0.0.0-git20150806/internal/debug.cc:253:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, " <span style=\"background:#%06X;color:#%06X;\">\n", data/cld2-0.0.0-git20150806/internal/debug.cc:263:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[64]; data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:46:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char kSpecialSymbol[256] = { // true for < > & data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:211:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char gDisplayPiece[32]; data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:228:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&gDisplayPiece[k], "<", 4); k += 4; data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:230:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&gDisplayPiece[k], ">", 4); k += 4; data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:232:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&gDisplayPiece[k], "&", 5); k += 5; data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:234:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&gDisplayPiece[k], "'", 6); k += 6; data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:236:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&gDisplayPiece[k], """, 6); k += 6; data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:295:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[16]; data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:296:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, entity_name, entity_len); data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:624:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[4]; data/cld2-0.0.0-git20150806/internal/getonescriptspan.cc:895:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(script_buffer_ + put, next_byte_ + take, plen); data/cld2-0.0.0-git20150806/internal/lang_script.cc:403:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[16]; data/cld2-0.0.0-git20150806/internal/lang_script.cc:406:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, src, len); data/cld2-0.0.0-git20150806/internal/lang_script.cc:422:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[16]; data/cld2-0.0.0-git20150806/internal/lang_script.cc:426:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, src, len); data/cld2-0.0.0-git20150806/internal/lang_script.cc:434:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, src, len); data/cld2-0.0.0-git20150806/internal/lang_script.cc:435:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&temp[hyphen1_offset], hyphen2, len2); data/cld2-0.0.0-git20150806/internal/lang_script.cc:442:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, src, len); data/cld2-0.0.0-git20150806/internal/lang_script.cc:497:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[16]; data/cld2-0.0.0-git20150806/internal/lang_script.cc:501:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, hyphen1 + 1, len1); data/cld2-0.0.0-git20150806/internal/lang_script.cc:507:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, src, len); data/cld2-0.0.0-git20150806/internal/lang_script.cc:525:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[16]; data/cld2-0.0.0-git20150806/internal/lang_script.cc:531:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, hyphen1 + 1, lenmid); data/cld2-0.0.0-git20150806/internal/lang_script.cc:537:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, hyphen2 + 1, len2); data/cld2-0.0.0-git20150806/internal/lang_script.cc:543:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, src, len); data/cld2-0.0.0-git20150806/internal/offsetmap.cc:73:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fout = fopen(filename, "w"); data/cld2-0.0.0-git20150806/internal/port.h:91:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&t, p, sizeof t); data/cld2-0.0.0-git20150806/internal/port.h:96:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &v, sizeof v); data/cld2-0.0.0-git20150806/internal/port.h:108:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&t, p, sizeof t); data/cld2-0.0.0-git20150806/internal/port.h:114:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&t, p, sizeof t); data/cld2-0.0.0-git20150806/internal/port.h:120:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&t, p, sizeof t); data/cld2-0.0.0-git20150806/internal/port.h:125:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &v, sizeof v); data/cld2-0.0.0-git20150806/internal/port.h:129:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &v, sizeof v); data/cld2-0.0.0-git20150806/internal/port.h:133:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, &v, sizeof v); data/cld2-0.0.0-git20150806/internal/scoreutf8text.cc:394:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fin = fopen(fname, "rb"); data/cld2-0.0.0-git20150806/internal/scoreutf8text.cc:402:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[kMaxBuffer]; data/cld2-0.0.0-git20150806/internal/utf8acceptinterchange.h:426:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char utf8acceptinterchange_fast[256] = { data/cld2-0.0.0-git20150806/internal/utf8repl_lettermarklower.h:698:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char utf8repl_lettermarklower_fast[256] = { data/cld2-0.0.0-git20150806/internal/utf8scannot_lettermarkspecial.h:1395:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char utf8scannot_lettermarkspecial_fast[256] = { data/cld2-0.0.0-git20150806/internal/utf8statetable.cc:773:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &st->remap_string[string_offset], add_len); data/cld2-0.0.0-git20150806/internal/utf8statetable.cc:1049:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &st->remap_string[string_offset], add_len); data/cld2-0.0.0-git20150806/internal/utf8statetable.h:257:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char kUTF8LenTbl[256] = { data/cld2-0.0.0-git20150806/internal/cld2_do_score.cc:77:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(buffer); data/cld2-0.0.0-git20150806/internal/cld2_do_score.cc:86:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(buffer); data/cld2-0.0.0-git20150806/internal/cld2_do_score.cc:227:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_length = strlen(buffer); data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data.cc:145:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CHECK_MEM_EQUALS(unigram_obj->remap_string, strlen( data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data.cc:158:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). CHECK_MEM_EQUALS(unigram_obj->fast_state, strlen( data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data.cc:178:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(realData->kRecognizedLangScripts) + 1; // null terminator included data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_extractor.cc:186:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(summary->kRecognizedLangScripts) + 1; // note null terminator data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_extractor.cc:349:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). header->lengthOf_utf8PropObj_remap_string = strlen( data/cld2-0.0.0-git20150806/internal/cld2_dynamic_data_extractor.cc:354:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). header->lengthOf_utf8PropObj_fast_state = strlen( data/cld2-0.0.0-git20150806/internal/cld2_unittest.cc:309:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). any_fail |= !OneTest(flags, get_vector, UNKNOWN_LANGUAGE, kTeststr_en, strlen(kTeststr_en)); data/cld2-0.0.0-git20150806/internal/cld2_unittest.cc:334:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int buffer_length = strlen(buffer); data/cld2-0.0.0-git20150806/internal/cld2_unittest.cc:354:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). any_fail |= !OneTest(flags, get_vector, UNKNOWN_LANGUAGE, kTeststr_en, strlen(kTeststr_en)); data/cld2-0.0.0-git20150806/internal/cld2_unittest.cc:383:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int buffer_length = strlen(buffer); data/cld2-0.0.0-git20150806/internal/cld2_unittest.cc:401:74: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). any_fail |= !OneTest(flags, get_vector, UNKNOWN_LANGUAGE, kTeststr_en, strlen(kTeststr_en)); data/cld2-0.0.0-git20150806/internal/cld2_unittest_full.cc:381:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int buffer_length = strlen(buffer); data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1077:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(temp); data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1308:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(s); data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1330:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(s); data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1420:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(temp); data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1440:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). string langtags = CopyOneQuotedString(contentlang, 0, strlen(contentlang)); data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1447:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(tld); data/cld2-0.0.0-git20150806/internal/compact_lang_det_hint_code.cc:1450:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(local_tld, tld, 4); data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:79:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(buffer); data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:88:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(buffer); data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:108:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tp = temp + strlen(temp); data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:109:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tp_left = sizeof(temp) - strlen(temp); data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:117:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tp = temp + strlen(temp); data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:118:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tp_left = sizeof(temp) - strlen(temp); data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:125:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tp = temp + strlen(temp); data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:126:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tp_left = sizeof(temp) - strlen(temp); data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:134:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tp = temp + strlen(temp); data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:135:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tp_left = sizeof(temp) - strlen(temp); data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:139:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tp = temp + strlen(temp); data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:140:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tp_left = sizeof(temp) - strlen(temp); data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:145:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tp = temp + strlen(temp); data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:146:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tp_left = sizeof(temp) - strlen(temp); data/cld2-0.0.0-git20150806/internal/compact_lang_det_test.cc:306:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(buffer), data/cld2-0.0.0-git20150806/internal/lang_script.cc:400:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(src); data/cld2-0.0.0-git20150806/internal/lang_script.cc:419:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(src); data/cld2-0.0.0-git20150806/internal/lang_script.cc:494:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(src); data/cld2-0.0.0-git20150806/internal/lang_script.cc:522:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(src); data/cld2-0.0.0-git20150806/internal/scoreutf8text.cc:72:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(buffer); data/cld2-0.0.0-git20150806/internal/scoreutf8text.cc:81:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(buffer); data/cld2-0.0.0-git20150806/internal/scoreutf8text.cc:387:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int buffer_len = strlen(buffer); data/cld2-0.0.0-git20150806/internal/stringpiece.h:44:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length_ = strlen(str); ANALYSIS SUMMARY: Hits = 119 Lines analyzed = 904815 in approximately 49.56 seconds (18259 lines/second) Physical Source Lines of Code (SLOC) = 866761 Hits@level = [0] 337 [1] 45 [2] 71 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 456 [1+] 119 [2+] 74 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 0.526097 [1+] 0.137293 [2+] 0.0853753 [3+] 0.00346116 [4+] 0.00346116 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.