Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/dulwich-0.20.8/devscripts/PREAMBLE.c
Examining data/dulwich-0.20.8/dulwich/_diff_tree.c
Examining data/dulwich-0.20.8/dulwich/_objects.c
Examining data/dulwich-0.20.8/dulwich/_pack.c
Examining data/dulwich-0.20.8/dulwich/stdint.h
FINAL RESULTS:
data/dulwich-0.20.8/dulwich/_diff_tree.c:115:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_path, path, path_len);
data/dulwich-0.20.8/dulwich/_diff_tree.c:117:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_path + path_len + 1, PyBytes_AS_STRING(name), name_len);
data/dulwich-0.20.8/dulwich/_diff_tree.c:119:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_path, PyBytes_AS_STRING(name), name_len);
data/dulwich-0.20.8/dulwich/_objects.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexsha[41];
data/dulwich-0.20.8/dulwich/_pack.c:151:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out+outindex, src_buf+cp_off, cp_size);
data/dulwich-0.20.8/dulwich/_pack.c:157:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out+outindex, delta+index, cmd);
data/dulwich-0.20.8/dulwich/_objects.c:141:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a->name) > strlen(b->name)) {
data/dulwich-0.20.8/dulwich/_objects.c:141:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(a->name) > strlen(b->name)) {
data/dulwich-0.20.8/dulwich/_objects.c:142:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
common = strlen(b->name);
data/dulwich-0.20.8/dulwich/_objects.c:145:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(b->name) > strlen(a->name)) {
data/dulwich-0.20.8/dulwich/_objects.c:145:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(b->name) > strlen(a->name)) {
data/dulwich-0.20.8/dulwich/_objects.c:146:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
common = strlen(a->name);
ANALYSIS SUMMARY:
Hits = 12
Lines analyzed = 1095 in approximately 0.12 seconds (9180 lines/second)
Physical Source Lines of Code (SLOC) = 877
Hits@level = [0] 0 [1] 6 [2] 6 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 12 [1+] 12 [2+] 6 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 13.683 [1+] 13.683 [2+] 6.84151 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.