stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libjson-parse-perl-0.57/unicode.h
Examining data/libjson-parse-perl-0.57/json-perl.c
Examining data/libjson-parse-perl-0.57/json-whitespace.c
Examining data/libjson-parse-perl-0.57/json-common.c
Examining data/libjson-parse-perl-0.57/utf8-byte-one.c
Examining data/libjson-parse-perl-0.57/unicode.c
Examining data/libjson-parse-perl-0.57/utf8-next-byte.c
Examining data/libjson-parse-perl-0.57/errors.c
Examining data/libjson-parse-perl-0.57/json-entry-points.c

FINAL RESULTS:

data/libjson-parse-perl-0.57/json-common.c:330:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf (buffer, ERRORMSGBUFFERSIZE, format, a);
data/libjson-parse-perl-0.57/json-common.c:695:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf (buffer, ERRORMSGBUFFERSIZE, format, a);
data/libjson-parse-perl-0.57/errors.c:12:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char * json_errors[json_error_overflow] = {
data/libjson-parse-perl-0.57/errors.c:69:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char * input_expectation[n_expectations] = {
data/libjson-parse-perl-0.57/errors.c:94:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char allowed[n_expectations][JSON3MAXBYTE] = {
data/libjson-parse-perl-0.57/json-common.c:135:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char * type_names[json_overflow] = {
data/libjson-parse-perl-0.57/json-common.c:327:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[ERRORMSGBUFFERSIZE];
data/libjson-parse-perl-0.57/json-common.c:406:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[ERRORMSGBUFFERSIZE];
data/libjson-parse-perl-0.57/json-common.c:464:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[ERRORMSGBUFFERSIZE];
data/libjson-parse-perl-0.57/json-common.c:692:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[ERRORMSGBUFFERSIZE];
data/libjson-parse-perl-0.57/json-common.c:1206:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char * token_names[n_json_tokens] = {
data/libjson-parse-perl-0.57/json-perl.c:327:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy (svbuf + cur, buffer, size);		\
data/libjson-parse-perl-0.57/json-perl.c:351:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buffer[BUFSIZE];
data/libjson-parse-perl-0.57/json-perl.c:375:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (buffer, parser->end, prefixlen);
data/libjson-parse-perl-0.57/json-whitespace.c:18:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * before[n_json_tokens];
data/libjson-parse-perl-0.57/json-whitespace.c:19:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * after[n_json_tokens];
data/libjson-parse-perl-0.57/json-common.c:495:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    l = strlen (format);
data/libjson-parse-perl-0.57/json-common.c:739:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (k = 0; k < strlen ("ABCD"); k++) {
data/libjson-parse-perl-0.57/json-common.c:1043:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (i >= strlen ("ABCD")) {
data/libjson-parse-perl-0.57/json-common.c:1281:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		     end ? end - start : strlen ((char *) start),
data/libjson-parse-perl-0.57/json-entry-points.c:371:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define HK(x, val) (void) hv_store (error, x, strlen (x), val, 0)
data/libjson-parse-perl-0.57/unicode.c:461:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int32_t len = strlen ((const char *) utf8);
data/libjson-parse-perl-0.57/unicode.c:513:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int32_t len = strlen ((const char *) utf8);
data/libjson-parse-perl-0.57/unicode.c:888:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    valid = valid_utf8 (invalid_utf8, strlen ((char *) invalid_utf8));
data/libjson-parse-perl-0.57/unicode.c:1003:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    valid = valid_utf8 (utf8, strlen ((const char *) utf8));

ANALYSIS SUMMARY:

Hits = 25
Lines analyzed = 4716 in approximately 0.16 seconds (28839 lines/second)
Physical Source Lines of Code (SLOC) = 3361
Hits@level = [0]  26 [1]   9 [2]  14 [3]   0 [4]   2 [5]   0
Hits@level+ = [0+]  51 [1+]  25 [2+]  16 [3+]   2 [4+]   2 [5+]   0
Hits/KSLOC@level+ = [0+] 15.1741 [1+] 7.43826 [2+] 4.76049 [3+] 0.595061 [4+] 0.595061 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.