Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/fmtlib-6.1.2+ds/include/fmt/chrono.h
Examining data/fmtlib-6.1.2+ds/include/fmt/color.h
Examining data/fmtlib-6.1.2+ds/include/fmt/format-inl.h
Examining data/fmtlib-6.1.2+ds/include/fmt/ostream.h
Examining data/fmtlib-6.1.2+ds/include/fmt/posix.h
Examining data/fmtlib-6.1.2+ds/include/fmt/printf.h
Examining data/fmtlib-6.1.2+ds/include/fmt/ranges.h
Examining data/fmtlib-6.1.2+ds/include/fmt/compile.h
Examining data/fmtlib-6.1.2+ds/include/fmt/format.h
Examining data/fmtlib-6.1.2+ds/include/fmt/locale.h
Examining data/fmtlib-6.1.2+ds/include/fmt/core.h
Examining data/fmtlib-6.1.2+ds/src/format.cc
Examining data/fmtlib-6.1.2+ds/src/posix.cc
Examining data/fmtlib-6.1.2+ds/test/add-subdirectory-test/main.cc
Examining data/fmtlib-6.1.2+ds/test/chrono-test.cc
Examining data/fmtlib-6.1.2+ds/test/color-test.cc
Examining data/fmtlib-6.1.2+ds/test/cuda-test/cpp14.cc
Examining data/fmtlib-6.1.2+ds/test/custom-formatter-test.cc
Examining data/fmtlib-6.1.2+ds/test/find-package-test/main.cc
Examining data/fmtlib-6.1.2+ds/test/fuzzing/chrono_duration.cpp
Examining data/fmtlib-6.1.2+ds/test/fuzzing/fuzzer_common.h
Examining data/fmtlib-6.1.2+ds/test/fuzzing/main.cpp
Examining data/fmtlib-6.1.2+ds/test/fuzzing/named_arg.cpp
Examining data/fmtlib-6.1.2+ds/test/fuzzing/one_arg.cpp
Examining data/fmtlib-6.1.2+ds/test/fuzzing/sprintf.cpp
Examining data/fmtlib-6.1.2+ds/test/fuzzing/two_args.cpp
Examining data/fmtlib-6.1.2+ds/test/gtest-extra-test.cc
Examining data/fmtlib-6.1.2+ds/test/gtest-extra.cc
Examining data/fmtlib-6.1.2+ds/test/header-only-test.cc
Examining data/fmtlib-6.1.2+ds/test/header-only-test2.cc
Examining data/fmtlib-6.1.2+ds/test/posix-mock.h
Examining data/fmtlib-6.1.2+ds/test/posix-test.cc
Examining data/fmtlib-6.1.2+ds/test/printf-test.cc
Examining data/fmtlib-6.1.2+ds/test/scan.h
Examining data/fmtlib-6.1.2+ds/test/std-format-test.cc
Examining data/fmtlib-6.1.2+ds/test/util.cc
Examining data/fmtlib-6.1.2+ds/test/util.h
Examining data/fmtlib-6.1.2+ds/test/compile-test.cc
Examining data/fmtlib-6.1.2+ds/test/core-test.cc
Examining data/fmtlib-6.1.2+ds/test/format-impl-test.cc
Examining data/fmtlib-6.1.2+ds/test/grisu-test.cc
Examining data/fmtlib-6.1.2+ds/test/gtest-extra.h
Examining data/fmtlib-6.1.2+ds/test/locale-test.cc
Examining data/fmtlib-6.1.2+ds/test/mock-allocator.h
Examining data/fmtlib-6.1.2+ds/test/ostream-test.cc
Examining data/fmtlib-6.1.2+ds/test/posix-mock-test.cc
Examining data/fmtlib-6.1.2+ds/test/ranges-test.cc
Examining data/fmtlib-6.1.2+ds/test/scan-test.cc
Examining data/fmtlib-6.1.2+ds/test/test-assert.h
Examining data/fmtlib-6.1.2+ds/test/test-main.cc
Examining data/fmtlib-6.1.2+ds/test/assert-test.cc
Examining data/fmtlib-6.1.2+ds/test/format-test.cc

FINAL RESULTS:

data/fmtlib-6.1.2+ds/include/fmt/format-inl.h:64:24:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define FMT_SNPRINTF snprintf
data/fmtlib-6.1.2+ds/include/fmt/printf.h:175:6:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void printf(buffer<Char>& buf, basic_string_view<Char> format,
data/fmtlib-6.1.2+ds/include/fmt/printf.h:181:41:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
internal::truncating_iterator<OutputIt> printf(
data/fmtlib-6.1.2+ds/include/fmt/printf.h:188:17:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
using internal::printf;  // For printing into memory_buffer.
data/fmtlib-6.1.2+ds/include/fmt/printf.h:598:32:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
inline std::basic_string<Char> vsprintf(
data/fmtlib-6.1.2+ds/include/fmt/printf.h:601:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(buffer, to_string_view(format), args);
data/fmtlib-6.1.2+ds/include/fmt/printf.h:616:32:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
inline std::basic_string<Char> sprintf(const S& format, const Args&... args) {
data/fmtlib-6.1.2+ds/include/fmt/printf.h:618:10:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
  return vsprintf(to_string_view(format), {make_format_args<context>(args...)});
data/fmtlib-6.1.2+ds/include/fmt/printf.h:622:12:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
inline int vfprintf(std::FILE* f, const S& format,
data/fmtlib-6.1.2+ds/include/fmt/printf.h:625:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(buffer, to_string_view(format), args);
data/fmtlib-6.1.2+ds/include/fmt/printf.h:643:12:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
inline int fprintf(std::FILE* f, const S& format, const Args&... args) {
data/fmtlib-6.1.2+ds/include/fmt/printf.h:645:10:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  return vfprintf(f, to_string_view(format),
data/fmtlib-6.1.2+ds/include/fmt/printf.h:650:12:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
inline int vprintf(const S& format,
data/fmtlib-6.1.2+ds/include/fmt/printf.h:652:10:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  return vfprintf(stdout, to_string_view(format), args);
data/fmtlib-6.1.2+ds/include/fmt/printf.h:666:12:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
inline int printf(const S& format_str, const Args&... args) {
data/fmtlib-6.1.2+ds/include/fmt/printf.h:668:10:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  return vprintf(to_string_view(format_str),
data/fmtlib-6.1.2+ds/include/fmt/printf.h:673:12:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
inline int vfprintf(std::basic_ostream<Char>& os, const S& format,
data/fmtlib-6.1.2+ds/include/fmt/printf.h:676:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf(buffer, to_string_view(format), args);
data/fmtlib-6.1.2+ds/include/fmt/printf.h:685:33:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
typename ArgFormatter::iterator vprintf(internal::buffer<Char>& out,
data/fmtlib-6.1.2+ds/include/fmt/printf.h:703:12:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
inline int fprintf(std::basic_ostream<Char>& os, const S& format_str,
data/fmtlib-6.1.2+ds/include/fmt/printf.h:706:10:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  return vfprintf(os, to_string_view(format_str),
data/fmtlib-6.1.2+ds/test/printf-test.cc:41:15:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
  return fmt::sprintf(format, args...);
data/fmtlib-6.1.2+ds/test/printf-test.cc:45:15:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
  return fmt::sprintf(format, args...);
data/fmtlib-6.1.2+ds/test/printf-test.cc:51:35:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
  EXPECT_EQ(expected_output, fmt::sprintf(make_positional(format), arg))
data/fmtlib-6.1.2+ds/test/printf-test.cc:55:27:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  EXPECT_EQ(L"test", fmt::sprintf(L"test"));
data/fmtlib-6.1.2+ds/test/printf-test.cc:64:24:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  EXPECT_EQ(L"%", fmt::sprintf(L"%%"));
data/fmtlib-6.1.2+ds/test/printf-test.cc:65:31:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  EXPECT_EQ(L"before %", fmt::sprintf(L"before %%"));
data/fmtlib-6.1.2+ds/test/printf-test.cc:66:30:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  EXPECT_EQ(L"% after", fmt::sprintf(L"%% after"));
data/fmtlib-6.1.2+ds/test/printf-test.cc:67:37:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  EXPECT_EQ(L"before % after", fmt::sprintf(L"before %% after"));
data/fmtlib-6.1.2+ds/test/printf-test.cc:68:25:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  EXPECT_EQ(L"%s", fmt::sprintf(L"%%s"));
data/fmtlib-6.1.2+ds/test/printf-test.cc:514:18:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
  EXPECT_EQ(fmt::vsprintf("%d", args), "42");
data/fmtlib-6.1.2+ds/test/printf-test.cc:522:8:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
  fmt::sprintf(s, args...);
data/fmtlib-6.1.2+ds/test/printf-test.cc:530:44:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
  EXPECT_EQ("1000000000000000000000", fmt::sprintf("%.*f", -13, 1e21));
data/fmtlib-6.1.2+ds/test/printf-test.cc:537:45:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
  EXPECT_EQ("[42] something happened", fmt::vsprintf("[%d] %s happened", args));
data/fmtlib-6.1.2+ds/test/printf-test.cc:541:18:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
            fmt::vsprintf("[%d] %s happened", args2));
data/fmtlib-6.1.2+ds/test/printf-test.cc:545:18:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
            fmt::vsprintf("[%d] %s happened",
data/fmtlib-6.1.2+ds/test/printf-test.cc:555:18:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
            fmt::vsprintf(L"[%d] %s happened", args));
data/fmtlib-6.1.2+ds/test/printf-test.cc:559:18:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
            fmt::vsprintf(L"[%d] %s happened", args2));
data/fmtlib-6.1.2+ds/test/printf-test.cc:563:18:  [4] (format) vsprintf:
  Potential format string problem (CWE-134). Make format string constant.
            fmt::vsprintf(L"[%d] %s happened",
data/fmtlib-6.1.2+ds/test/printf-test.cc:599:8:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  fmt::vprintf<custom_printf_arg_formatter>(buffer, format_str, args);
data/fmtlib-6.1.2+ds/test/util.h:19:25:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define FMT_VSNPRINTF vsnprintf
data/fmtlib-6.1.2+ds/include/fmt/core.h:934:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    std::memcpy(val.data, &arg, sizeof(arg));
data/fmtlib-6.1.2+ds/include/fmt/core.h:1354:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  mutable char data[sizeof(basic_format_arg<buffer_context<Char>>)];
data/fmtlib-6.1.2+ds/include/fmt/core.h:1360:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    std::memcpy(&arg, data, sizeof(basic_format_arg<Context>));
data/fmtlib-6.1.2+ds/include/fmt/format-inl.h:1131:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char format[max_format_size];
data/fmtlib-6.1.2+ds/include/fmt/format-inl.h:1257:16:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  int length = MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS, s.data(),
data/fmtlib-6.1.2+ds/include/fmt/format-inl.h:1261:12:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  length = MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS, s.data(), s_size,
data/fmtlib-6.1.2+ds/include/fmt/format.h:213:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char data[sizeof(u)];
data/fmtlib-6.1.2+ds/include/fmt/format.h:220:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char value[sizeof(void*)];
data/fmtlib-6.1.2+ds/include/fmt/format.h:723:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char reset_color[5];
data/fmtlib-6.1.2+ds/include/fmt/format.h:724:16:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const wchar_t wreset_color[5];
data/fmtlib-6.1.2+ds/include/fmt/format.h:918:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[num_bits<UInt>() / BASE_BITS + 1];
data/fmtlib-6.1.2+ds/include/fmt/format.h:1442:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char prefix[4];
data/fmtlib-6.1.2+ds/include/fmt/format.h:2812:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  mutable char buffer_[buffer_size];
data/fmtlib-6.1.2+ds/src/format.cc:47:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char format[max_format_size];
data/fmtlib-6.1.2+ds/src/posix.cc:77:35:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FMT_RETRY_VAL(file_, FMT_SYSTEM(fopen(filename.c_str(), mode.c_str())),
data/fmtlib-6.1.2+ds/src/posix.cc:106:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FMT_RETRY(fd_, FMT_POSIX_CALL(open(path.c_str(), oflag, mode)));
data/fmtlib-6.1.2+ds/test/compile-test.cc:85:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[32] = {0};
data/fmtlib-6.1.2+ds/test/compile-test.cc:89:3:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  wchar_t wbuffer[32] = {0};
data/fmtlib-6.1.2+ds/test/compile-test.cc:107:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[5];
data/fmtlib-6.1.2+ds/test/core-test.cc:146:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char data[10];
data/fmtlib-6.1.2+ds/test/core-test.cc:157:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char data[123];
data/fmtlib-6.1.2+ds/test/core-test.cc:185:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char data[15];
data/fmtlib-6.1.2+ds/test/core-test.cc:200:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char data[19];
data/fmtlib-6.1.2+ds/test/core-test.cc:376:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char data[10];
data/fmtlib-6.1.2+ds/test/core-test.cc:407:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char str[100] = "some string";
data/fmtlib-6.1.2+ds/test/format-impl-test.cc:299:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[10];
data/fmtlib-6.1.2+ds/test/format-impl-test.cc:362:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:93:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[100];
data/fmtlib-6.1.2+ds/test/format-test.cc:98:3:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  wchar_t buffer[100];
data/fmtlib-6.1.2+ds/test/format-test.cc:99:3:  [2] (buffer) swprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  swprintf(buffer, L"%Lg", value);
data/fmtlib-6.1.2+ds/test/format-test.cc:158:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char s[10] = "123";
data/fmtlib-6.1.2+ds/test/format-test.cc:759:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char format_str[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:891:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[16] = {};
data/fmtlib-6.1.2+ds/test/format-test.cc:1074:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char format_str[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:1102:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char format_str[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:1156:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char format_str[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:1244:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char format_str[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:1329:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char format_str[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:1407:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:1445:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:1483:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:1524:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:1549:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[64];
data/fmtlib-6.1.2+ds/test/format-test.cc:1585:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:1749:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[10] = {};
data/fmtlib-6.1.2+ds/test/format-test.cc:1801:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:2143:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[4];
data/fmtlib-6.1.2+ds/test/format-test.cc:2167:3:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  wchar_t buffer[4];
data/fmtlib-6.1.2+ds/test/fuzzing/fuzzer_common.h:56:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  std::memcpy(&item, Data, sizeof(Item));
data/fmtlib-6.1.2+ds/test/fuzzing/named_arg.cpp:33:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  std::memcpy(argnamebuffer.data(), Data, argsize);
data/fmtlib-6.1.2+ds/test/fuzzing/named_arg.cpp:44:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  std::memcpy(fmtstringbuffer.data(), Data, Size);
data/fmtlib-6.1.2+ds/test/fuzzing/one_arg.cpp:29:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  std::memcpy(fmtstringbuffer.data(), Data, Size);
data/fmtlib-6.1.2+ds/test/fuzzing/one_arg.cpp:56:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  std::memcpy(fmtstringbuffer.data(), Data, Size);
data/fmtlib-6.1.2+ds/test/gtest-extra.cc:59:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/ostream-test.cc:226:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[4];
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:66:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
int test::open(const char* path, int oflag, int mode) {
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:67:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  EMULATE_EINTR(open, -1);
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:68:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  return ::open(path, oflag, mode);
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:73:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  EMULATE_EINTR(open, EINTR);
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:161:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
FILE* test::fopen(const char* filename, const char* mode) {
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:162:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  EMULATE_EINTR(fopen, nullptr);
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:163:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  return ::fopen(filename, mode);
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:220:57:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  EXPECT_RETRY(f.reset(new file("test", file::RDONLY)), open,
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:287:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[SIZE];
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:304:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[SIZE + 1];
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:390:57:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  EXPECT_RETRY(f.reset(new buffered_file("test", "r")), fopen,
data/fmtlib-6.1.2+ds/test/posix-mock.h:31:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
int open(const char* path, int oflag, int mode);
data/fmtlib-6.1.2+ds/test/posix-mock.h:62:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
FILE* fopen(const char* filename, const char* mode);
data/fmtlib-6.1.2+ds/test/printf-test.cc:189:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/printf-test.cc:253:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/printf-test.cc:405:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/printf-test.cc:498:55:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
TEST(PrintfTest, WideString) { EXPECT_EQ(L"abc", fmt::sprintf(L"%s", L"abc")); }
data/fmtlib-6.1.2+ds/test/ranges-test.cc:104:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[10];
data/fmtlib-6.1.2+ds/test/util.cc:26:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/util.h:47:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  return std::fopen(filename, mode);
data/fmtlib-6.1.2+ds/include/fmt/chrono.h:880:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    facet.put(os, os, ' ', &time, format, format + std::strlen(format));
data/fmtlib-6.1.2+ds/include/fmt/color.h:415:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return buffer + std::strlen(buffer);
data/fmtlib-6.1.2+ds/include/fmt/format-inl.h:109:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (message == buffer_ && strlen(buffer_) == buffer_size_ - 1)
data/fmtlib-6.1.2+ds/include/fmt/format-inl.h:123:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      return result == 0 && strlen(buffer_) == buffer_size_ - 1 ? ERANGE
data/fmtlib-6.1.2+ds/include/fmt/posix.h:245:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  FMT_API std::size_t read(void* buffer, std::size_t count);
data/fmtlib-6.1.2+ds/src/posix.cc:154:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
std::size_t file::read(void* buffer, std::size_t count) {
data/fmtlib-6.1.2+ds/src/posix.cc:156:36:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  FMT_RETRY(result, FMT_POSIX_CALL(read(fd_, buffer, convert_rwcount(count))));
data/fmtlib-6.1.2+ds/test/chrono-test.cc:46:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  facet.put(os, os, ' ', &time, spec, spec + std::strlen(spec));
data/fmtlib-6.1.2+ds/test/core-test.cc:62:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return std::copy_n(test, std::strlen(test), ctx.out());
data/fmtlib-6.1.2+ds/test/core-test.cc:408:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  EXPECT_EQ(std::strlen(str), string_view(str).size());
data/fmtlib-6.1.2+ds/test/core-test.cc:409:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  EXPECT_LT(std::strlen(str), sizeof(str));
data/fmtlib-6.1.2+ds/test/format-impl-test.cc:379:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  std::size_t message_size = std::strlen(message);
data/fmtlib-6.1.2+ds/test/format-test.cc:1078:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  std::size_t size = std::strlen(format_str);
data/fmtlib-6.1.2+ds/test/format-test.cc:1106:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  std::size_t size = std::strlen(format_str);
data/fmtlib-6.1.2+ds/test/format-test.cc:1160:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  std::size_t size = std::strlen(format_str);
data/fmtlib-6.1.2+ds/test/format-test.cc:1248:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  std::size_t size = std::strlen(format_str);
data/fmtlib-6.1.2+ds/test/format-test.cc:2462:20:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
FMT_CONSTEXPR bool equal(const char* s1, const char* s2) {
data/fmtlib-6.1.2+ds/test/format-test.cc:2476:10:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  return equal(actual_error, expected_error);
data/fmtlib-6.1.2+ds/test/fuzzing/main.cpp:17:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    in.read(buf.data(), static_cast<long>(buf.size()));
data/fmtlib-6.1.2+ds/test/gtest-extra.cc:62:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    count = read_end_.read(buffer, BUFFER_SIZE);
data/fmtlib-6.1.2+ds/test/gtest-extra.cc:69:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
std::string read(file& f, std::size_t count) {
data/fmtlib-6.1.2+ds/test/gtest-extra.cc:73:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    n = f.read(&buffer[offset], count - offset);
data/fmtlib-6.1.2+ds/test/gtest-extra.h:140:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
std::string read(fmt::file& f, std::size_t count);
data/fmtlib-6.1.2+ds/test/gtest-extra.h:143:33:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    EXPECT_EQ(expected_content, read(file, std::strlen(expected_content)))
data/fmtlib-6.1.2+ds/test/gtest-extra.h:143:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    EXPECT_EQ(expected_content, read(file, std::strlen(expected_content)))
data/fmtlib-6.1.2+ds/test/ostream-test.cc:142:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  buffer.append(foo, foo + std::strlen(foo));
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:137:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
test::ssize_t test::read(int fildes, void* buf, test::size_t nbyte) {
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:139:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  EMULATE_EINTR(read, -1);
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:140:22:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  return ::FMT_POSIX(read(fildes, buf, nbyte));
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:224:6:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  f->read(&c, 1);
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:289:33:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  EXPECT_RETRY(count = read_end.read(buffer, SIZE), read,
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:289:53:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  EXPECT_RETRY(count = read_end.read(buffer, SIZE), read,
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:305:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  read_end.read(buffer, SIZE);
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:320:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  EXPECT_THROW(read_end.read(&c, size), fmt::system_error);
data/fmtlib-6.1.2+ds/test/posix-mock.h:53:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
ssize_t read(int fildes, void* buf, size_t nbyte);
data/fmtlib-6.1.2+ds/test/posix-test.cc:30:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  return FMT_POSIX(read(fd, &buffer, 1)) == 1;
data/fmtlib-6.1.2+ds/test/posix-test.cc:36:38:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  SUPPRESS_ASSERT(result = FMT_POSIX(read(fd, &buffer, 1)));
data/fmtlib-6.1.2+ds/test/posix-test.cc:44:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  write_end.write(FILE_CONTENT, std::strlen(FILE_CONTENT));
data/fmtlib-6.1.2+ds/test/posix-test.cc:293:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  EXPECT_SYSTEM_ERROR(f.read(&buf, 1), EBADF, "cannot read from file");
data/fmtlib-6.1.2+ds/test/posix-test.cc:315:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  EXPECT_EQ(FILE_CONTENT, read(copy, std::strlen(FILE_CONTENT)));
data/fmtlib-6.1.2+ds/test/posix-test.cc:315:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  EXPECT_EQ(FILE_CONTENT, read(copy, std::strlen(FILE_CONTENT)));
data/fmtlib-6.1.2+ds/test/scan.h:166:15:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
        !std::equal(begin, end, make_checked(it, size))) {
data/fmtlib-6.1.2+ds/test/util.cc:12:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (int i = static_cast<int>(std::strlen(s)) - 1; i >= 0; --i) {
data/fmtlib-6.1.2+ds/test/util.cc:39:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  write_end.write(FILE_CONTENT, std::strlen(FILE_CONTENT));

ANALYSIS SUMMARY:

Hits = 160
Lines analyzed = 19585 in approximately 0.59 seconds (33430 lines/second)
Physical Source Lines of Code (SLOC) = 15380
Hits@level = [0]  23 [1]  44 [2]  75 [3]   0 [4]  41 [5]   0
Hits@level+ = [0+] 183 [1+] 160 [2+] 116 [3+]  41 [4+]  41 [5+]   0
Hits/KSLOC@level+ = [0+] 11.8986 [1+] 10.4031 [2+] 7.54226 [3+] 2.6658 [4+] 2.6658 [5+]   0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.