Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libhat-trie-0.1.2/src/ahtable.c
Examining data/libhat-trie-0.1.2/src/ahtable.h
Examining data/libhat-trie-0.1.2/src/common.h
Examining data/libhat-trie-0.1.2/src/hat-trie.c
Examining data/libhat-trie-0.1.2/src/hat-trie.h
Examining data/libhat-trie-0.1.2/src/misc.c
Examining data/libhat-trie-0.1.2/src/misc.h
Examining data/libhat-trie-0.1.2/src/murmurhash3.c
Examining data/libhat-trie-0.1.2/src/murmurhash3.h
Examining data/libhat-trie-0.1.2/src/pstdint.h
Examining data/libhat-trie-0.1.2/src/portable_endian.h
Examining data/libhat-trie-0.1.2/test/bench_sorted_iter.c
Examining data/libhat-trie-0.1.2/test/check_ahtable.c
Examining data/libhat-trie-0.1.2/test/check_hattrie.c
Examining data/libhat-trie-0.1.2/test/str_map.c
Examining data/libhat-trie-0.1.2/test/str_map.h
FINAL RESULTS:
data/libhat-trie-0.1.2/src/ahtable.c:192:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, key, len * sizeof(unsigned char));
data/libhat-trie-0.1.2/src/ahtable.c:246:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(slots_next, slots, new_n * sizeof(slot_t));
data/libhat-trie-0.1.2/src/hat-trie.c:686:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(i->key + i->level, subkey, sublen);
data/libhat-trie-0.1.2/src/misc.c:36:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* f = fopen(path, mode);
data/libhat-trie-0.1.2/src/pstdint.h:778:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str0[256], str1[256];
data/libhat-trie-0.1.2/src/pstdint.h:780:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str0, "%d %x\n", 0, ~0);
data/libhat-trie-0.1.2/src/pstdint.h:782:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str1, "%d %x\n", i8, ~0);
data/libhat-trie-0.1.2/src/pstdint.h:784:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str1, "%u %x\n", u8, ~0);
data/libhat-trie-0.1.2/src/pstdint.h:786:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str1, "%d %x\n", i16, ~0);
data/libhat-trie-0.1.2/src/pstdint.h:788:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str1, "%u %x\n", u16, ~0);
data/libhat-trie-0.1.2/src/pstdint.h:790:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str1, "%" PRINTF_INT32_MODIFIER "d %x\n", i32, ~0);
data/libhat-trie-0.1.2/src/pstdint.h:792:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str1, "%" PRINTF_INT32_MODIFIER "u %x\n", u32, ~0);
data/libhat-trie-0.1.2/src/pstdint.h:795:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str1, "%" PRINTF_INT64_MODIFIER "d %x\n", i64, ~0);
data/libhat-trie-0.1.2/src/pstdint.h:798:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str1, "%" PRINTF_INTMAX_MODIFIER "d %x\n", imax, ~0);
data/libhat-trie-0.1.2/src/pstdint.h:800:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str1, "%" PRINTF_INTMAX_MODIFIER "u %x\n", umax, ~0);
data/libhat-trie-0.1.2/test/bench_sorted_iter.c:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x[501];
data/libhat-trie-0.1.2/test/check_ahtable.c:174:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prev_key, key, len);
data/libhat-trie-0.1.2/test/check_ahtable.c:212:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd_w = fopen("test.aht", "w");
data/libhat-trie-0.1.2/test/check_ahtable.c:218:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd_r = fopen("test.aht", "r");
data/libhat-trie-0.1.2/test/check_hattrie.c:186:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prev_key, key_copy, len);
data/libhat-trie-0.1.2/test/str_map.c:188:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(u->key, key, keylen);
data/libhat-trie-0.1.2/test/check_ahtable.c:72:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v = 1 + str_map_get(M, xs[i], strlen(xs[i]));
data/libhat-trie-0.1.2/test/check_ahtable.c:73:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_map_set(M, xs[i], strlen(xs[i]), v);
data/libhat-trie-0.1.2/test/check_ahtable.c:76:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u = ahtable_get(T, xs[i], strlen(xs[i]));
data/libhat-trie-0.1.2/test/check_ahtable.c:91:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ahtable_del(T, xs[i], strlen(xs[i]));
data/libhat-trie-0.1.2/test/check_ahtable.c:92:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_map_del(M, xs[i], strlen(xs[i]));
data/libhat-trie-0.1.2/test/check_ahtable.c:93:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u = ahtable_tryget(T, xs[i], strlen(xs[i]));
data/libhat-trie-0.1.2/test/check_hattrie.c:80:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v = 1 + str_map_get(M, xs[i], strlen(xs[i]));
data/libhat-trie-0.1.2/test/check_hattrie.c:81:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_map_set(M, xs[i], strlen(xs[i]), v);
data/libhat-trie-0.1.2/test/check_hattrie.c:84:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u = hattrie_get(T, xs[i], strlen(xs[i]));
data/libhat-trie-0.1.2/test/check_hattrie.c:98:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_map_del(M, ds[j], strlen(ds[j]));
data/libhat-trie-0.1.2/test/check_hattrie.c:99:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hattrie_del(T, ds[j], strlen(ds[j]));
data/libhat-trie-0.1.2/test/check_hattrie.c:100:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u = hattrie_tryget(T, ds[j], strlen(ds[j]));
data/libhat-trie-0.1.2/test/check_hattrie.c:194:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(key_copy, key, len);
data/libhat-trie-0.1.2/test/check_hattrie.c:240:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u = hattrie_get(T, txt, strlen(txt));
data/libhat-trie-0.1.2/test/check_hattrie.c:243:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u = hattrie_tryget(T, txt, strlen(txt));
ANALYSIS SUMMARY:
Hits = 36
Lines analyzed = 3566 in approximately 0.13 seconds (26687 lines/second)
Physical Source Lines of Code (SLOC) = 2346
Hits@level = [0] 69 [1] 15 [2] 21 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 105 [1+] 36 [2+] 21 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 44.757 [1+] 15.3453 [2+] 8.95141 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.