Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libcutl-1.10.0+ds1/cutl/compiler/context.cxx
Examining data/libcutl-1.10.0+ds1/cutl/compiler/cxx-indenter.cxx
Examining data/libcutl-1.10.0+ds1/cutl/compiler/type-info.cxx
Examining data/libcutl-1.10.0+ds1/cutl/details/config-vc.h
Examining data/libcutl-1.10.0+ds1/cutl/details/genx/char-props.c
Examining data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c
Examining data/libcutl-1.10.0+ds1/cutl/details/genx/genx.h
Examining data/libcutl-1.10.0+ds1/cutl/exception.cxx
Examining data/libcutl-1.10.0+ds1/cutl/fs/auto-remove.cxx
Examining data/libcutl-1.10.0+ds1/cutl/fs/exception.cxx
Examining data/libcutl-1.10.0+ds1/cutl/fs/path.cxx
Examining data/libcutl-1.10.0+ds1/cutl/re/re.cxx
Examining data/libcutl-1.10.0+ds1/cutl/shared-ptr/base.cxx
Examining data/libcutl-1.10.0+ds1/cutl/xml/parser.cxx
Examining data/libcutl-1.10.0+ds1/cutl/xml/qname.cxx
Examining data/libcutl-1.10.0+ds1/cutl/xml/serializer.cxx
Examining data/libcutl-1.10.0+ds1/cutl/xml/value-traits.cxx

FINAL RESULTS:

data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:184:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy((char *) temp, (const char *) from);
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:229:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy((char *) c->buf, (const char *) string);
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:359:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf((char *) buf, "xmlns:%s", prefix);
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:113:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char            	   xmlChars[GENX_CHAR_TABLE_SIZE];
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:127:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *                   etext[100];
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:313:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    if (strcmp((char *) uri, (const char *) nn[i]->name) == 0)
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:313:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    if (strcmp((char *) uri, (const char *) nn[i]->name) == 0)
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:328:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      if (ee[i]->ns == NULL && strcmp((const char *) type,
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:329:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
				      (const char *) ee[i]->type) == 0)
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:335:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  strcmp((const char *) xmlns, (const char *) ee[i]->ns->name) == 0 &&
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:335:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  strcmp((const char *) xmlns, (const char *) ee[i]->ns->name) == 0 &&
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:336:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  strcmp((const char *) type, (const char *) ee[i]->type) == 0)
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:336:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	  strcmp((const char *) type, (const char *) ee[i]->type) == 0)
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:353:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buf[1024];
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:367:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    if (strcmp((const char *) prefix, (const char *) pp[probe]) < 0)
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:367:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    if (strcmp((const char *) prefix, (const char *) pp[probe]) < 0)
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:374:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  if (low != -1 && strcmp((const char *) prefix, (const char *) pp[low]) == 0)
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:374:57:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  if (low != -1 && strcmp((const char *) prefix, (const char *) pp[low]) == 0)
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:895:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char newPrefix[100];
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:932:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      sprintf((char *) newPrefix, "g%d", w->nextPrefix++);
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:1992:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char cUTF8[10];
data/libcutl-1.10.0+ds1/cutl/fs/path.cxx:38:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char cwd[_MAX_PATH];
data/libcutl-1.10.0+ds1/cutl/fs/path.cxx:42:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char cwd[PATH_MAX];
data/libcutl-1.10.0+ds1/cutl/fs/path.cxx:77:7:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      wchar_t wcwd[_MAX_PATH];
data/libcutl-1.10.0+ds1/cutl/fs/path.cxx:81:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char cwd[PATH_MAX];
data/libcutl-1.10.0+ds1/cutl/fs/path.cxx:85:7:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      wchar_t wcwd[PATH_MAX];
data/libcutl-1.10.0+ds1/cutl/fs/path.cxx:106:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char ns[PATH_MAX + 1];
data/libcutl-1.10.0+ds1/cutl/xml/parser.cxx:752:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char c (s[i]);
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:182:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((temp = (utf8) allocate(w, strlen((const char *) from) + 1)) == NULL)
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:205:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy((char *) newSpace, (const char *) c->buf, c->used);
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:223:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int sl = strlen((const char *) string);
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:233:160:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
#define collectPiece(w,c,d,size) {if (((c)->used+(size))>=(c)->space){if (((w)->status=growCollector(w,c,(c)->used+(size)))!=GENX_SUCCESS) return (w)->status;}strncpy((char *)(c)->buf+(c)->used,d,size);(c)->used+=size;}
data/libcutl-1.10.0+ds1/cutl/details/genx/genx.c:2198:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((strlen((const char *) target) >= 3) &&
data/libcutl-1.10.0+ds1/cutl/xml/parser.cxx:569:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          is_.read (b, static_cast<streamsize> (cap));
data/libcutl-1.10.0+ds1/cutl/xml/serializer.cxx:64:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      os->write (s, static_cast<streamsize> (strlen (s)));

ANALYSIS SUMMARY:

Hits = 35
Lines analyzed = 4824 in approximately 0.20 seconds (24262 lines/second)
Physical Source Lines of Code (SLOC) = 3423
Hits@level = [0]   0 [1]   7 [2]  25 [3]   0 [4]   3 [5]   0
Hits@level+ = [0+]  35 [1+]  35 [2+]  28 [3+]   3 [4+]   3 [5+]   0
Hits/KSLOC@level+ = [0+] 10.2249 [1+] 10.2249 [2+] 8.17996 [3+] 0.876424 [4+] 0.876424 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.