Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/librcsb-core-wrapper-1.005/common/include/RcsbFile.h Examining data/librcsb-core-wrapper-1.005/common/include/Serializer.h Examining data/librcsb-core-wrapper-1.005/common/include/GenCont.h Examining data/librcsb-core-wrapper-1.005/common/include/mapped_ptr_vector.h Examining data/librcsb-core-wrapper-1.005/common/include/rcsb_types.h Examining data/librcsb-core-wrapper-1.005/common/include/RcsbPlatform.h Examining data/librcsb-core-wrapper-1.005/common/include/GenString.h Examining data/librcsb-core-wrapper-1.005/common/include/Exceptions.h Examining data/librcsb-core-wrapper-1.005/common/include/BlockIO.h Examining data/librcsb-core-wrapper-1.005/common/include/rcsb_math.h Examining data/librcsb-core-wrapper-1.005/common/include/CifDefs.h Examining data/librcsb-core-wrapper-1.005/common/include/DataInfo.h Examining data/librcsb-core-wrapper-1.005/common/include/CifString.h Examining data/librcsb-core-wrapper-1.005/common/include/mapped_vector.h Examining data/librcsb-core-wrapper-1.005/common/src/RcsbPlatform.C Examining data/librcsb-core-wrapper-1.005/common/src/GenString.C Examining data/librcsb-core-wrapper-1.005/common/src/Exceptions.C Examining data/librcsb-core-wrapper-1.005/common/src/BlockIO.C Examining data/librcsb-core-wrapper-1.005/common/src/DataInfo.C Examining data/librcsb-core-wrapper-1.005/common/src/CifString.C Examining data/librcsb-core-wrapper-1.005/common/src/mapped_vector.C Examining data/librcsb-core-wrapper-1.005/common/src/RcsbFile.C Examining data/librcsb-core-wrapper-1.005/common/src/Serializer.C Examining data/librcsb-core-wrapper-1.005/common/src/GenCont.C Examining data/librcsb-core-wrapper-1.005/common/src/mapped_ptr_vector.C Examining data/librcsb-core-wrapper-1.005/tables/include/TTable.h Examining data/librcsb-core-wrapper-1.005/tables/include/TableError.h Examining data/librcsb-core-wrapper-1.005/tables/include/ISTable.h Examining data/librcsb-core-wrapper-1.005/tables/include/ITTable.h Examining data/librcsb-core-wrapper-1.005/tables/include/TableFile.h Examining data/librcsb-core-wrapper-1.005/tables/src/ISTable.C Examining data/librcsb-core-wrapper-1.005/tables/src/ITTable.C Examining data/librcsb-core-wrapper-1.005/tables/src/TableFile.C Examining data/librcsb-core-wrapper-1.005/tables/src/TTable.C Examining data/librcsb-core-wrapper-1.005/regex/include/regex.h Examining data/librcsb-core-wrapper-1.005/regex/include/regex2.h Examining data/librcsb-core-wrapper-1.005/regex/include/utils.h Examining data/librcsb-core-wrapper-1.005/regex/include/cname.h Examining data/librcsb-core-wrapper-1.005/regex/include/cclass.h Examining data/librcsb-core-wrapper-1.005/regex/src/regfree.c Examining data/librcsb-core-wrapper-1.005/regex/src/regexec.c Examining data/librcsb-core-wrapper-1.005/regex/src/main.c Examining data/librcsb-core-wrapper-1.005/regex/src/engine.c Examining data/librcsb-core-wrapper-1.005/regex/src/debug.c Examining data/librcsb-core-wrapper-1.005/regex/src/regerror.c Examining data/librcsb-core-wrapper-1.005/regex/src/split.c Examining data/librcsb-core-wrapper-1.005/regex/src/regcomp.c Examining data/librcsb-core-wrapper-1.005/cif-file/include/CifExcept.h Examining data/librcsb-core-wrapper-1.005/cif-file/include/ParentChild.h Examining data/librcsb-core-wrapper-1.005/cif-file/include/CifParentChild.h Examining data/librcsb-core-wrapper-1.005/cif-file/include/DicFile.h Examining data/librcsb-core-wrapper-1.005/cif-file/include/CifFile.h Examining data/librcsb-core-wrapper-1.005/cif-file/include/CifDataInfo.h Examining data/librcsb-core-wrapper-1.005/cif-file/src/CifParentChild.C Examining data/librcsb-core-wrapper-1.005/cif-file/src/DicFile.C Examining data/librcsb-core-wrapper-1.005/cif-file/src/CifFile.C Examining data/librcsb-core-wrapper-1.005/cif-file/src/CifDataInfo.C Examining data/librcsb-core-wrapper-1.005/cif-file/src/CifExcept.C Examining data/librcsb-core-wrapper-1.005/cif-file/src/ParentChild.C Examining data/librcsb-core-wrapper-1.005/cif-parser/include/CifParserInt.h Examining data/librcsb-core-wrapper-1.005/cif-parser/include/CifFileReadDef.h Examining data/librcsb-core-wrapper-1.005/cif-parser/include/DICScannerBase.h Examining data/librcsb-core-wrapper-1.005/cif-parser/include/DICScannerInt.h Examining data/librcsb-core-wrapper-1.005/cif-parser/include/CifScannerBase.h Examining data/librcsb-core-wrapper-1.005/cif-parser/include/CifScannerInt.h Examining data/librcsb-core-wrapper-1.005/cif-parser/include/DICParserBase.h Examining data/librcsb-core-wrapper-1.005/cif-parser/include/DICParserInt.h Examining data/librcsb-core-wrapper-1.005/cif-parser/include/CifParserBase.h Examining data/librcsb-core-wrapper-1.005/cif-parser/src/DICScannerBase.C Examining data/librcsb-core-wrapper-1.005/cif-parser/src/CifScannerBase.C Examining data/librcsb-core-wrapper-1.005/cif-parser/src/DICParserBase.C Examining data/librcsb-core-wrapper-1.005/cif-parser/src/CifFileReadDef.C Examining data/librcsb-core-wrapper-1.005/cif-parser/src/CifParserBase.C Examining data/librcsb-core-wrapper-1.005/cif-file-util/include/CifFileUtil.h Examining data/librcsb-core-wrapper-1.005/cif-file-util/include/CifCorrector.h Examining data/librcsb-core-wrapper-1.005/cif-file-util/src/CifFileUtil.C Examining data/librcsb-core-wrapper-1.005/cif-file-util/src/CifCorrector.C Examining data/librcsb-core-wrapper-1.005/dict-obj-file/include/DictDataInfo.h Examining data/librcsb-core-wrapper-1.005/dict-obj-file/include/DictObjContInfo.h Examining data/librcsb-core-wrapper-1.005/dict-obj-file/include/DictObjFile.h Examining data/librcsb-core-wrapper-1.005/dict-obj-file/include/DictParentChild.h Examining data/librcsb-core-wrapper-1.005/dict-obj-file/include/DictObjCont.h Examining data/librcsb-core-wrapper-1.005/dict-obj-file/src/DictObjContInfo.C Examining data/librcsb-core-wrapper-1.005/dict-obj-file/src/DictObjFile.C Examining data/librcsb-core-wrapper-1.005/dict-obj-file/src/DictObjFileCreator.C Examining data/librcsb-core-wrapper-1.005/dict-obj-file/src/DictObjFileReader.C Examining data/librcsb-core-wrapper-1.005/dict-obj-file/src/DictParentChild.C Examining data/librcsb-core-wrapper-1.005/dict-obj-file/src/DictObjCont.C Examining data/librcsb-core-wrapper-1.005/dict-obj-file/src/DictObjFileSelectiveReader.C Examining data/librcsb-core-wrapper-1.005/dict-obj-file/src/DictDataInfo.C Examining data/librcsb-core-wrapper-1.005/pdbml-parser/include/PdbMlParserHandler.h Examining data/librcsb-core-wrapper-1.005/pdbml-parser/include/PdbMlFileUtil.h Examining data/librcsb-core-wrapper-1.005/pdbml-parser/include/misc_util.h Examining data/librcsb-core-wrapper-1.005/pdbml-parser/src/xml2mmcif.C Examining data/librcsb-core-wrapper-1.005/pdbml-parser/src/PdbMlParserHandler.C Examining data/librcsb-core-wrapper-1.005/pdbml-parser/src/PdbMlFileUtil.C Examining data/librcsb-core-wrapper-1.005/pdbml-parser/src/misc_util.C Examining data/librcsb-core-wrapper-1.005/cctbx/scitbx/boost_python/container_conversions.h Examining data/librcsb-core-wrapper-1.005/wrapper/src/TypeCodePyWrap.C Examining data/librcsb-core-wrapper-1.005/wrapper/src/CharPyWrap.C Examining data/librcsb-core-wrapper-1.005/wrapper/src/DictObjFilePyWrap.C Examining data/librcsb-core-wrapper-1.005/wrapper/src/PdbMlFilePyWrap.C Examining data/librcsb-core-wrapper-1.005/wrapper/src/DicFilePyWrap.C Examining data/librcsb-core-wrapper-1.005/wrapper/src/CifFilePyWrap.C Examining data/librcsb-core-wrapper-1.005/wrapper/src/StlPyWrap.C Examining data/librcsb-core-wrapper-1.005/wrapper/src/ISTablePyWrap.C Examining data/librcsb-core-wrapper-1.005/wrapper/src/CifDataInfoPyWrap.C Examining data/librcsb-core-wrapper-1.005/wrapper/src/TableFilePyWrap.C Examining data/librcsb-core-wrapper-1.005/wrapper/src/CorePyWrap.C Examining data/librcsb-core-wrapper-1.005/wrapper/src/DictDataInfoPyWrap.C Examining data/librcsb-core-wrapper-1.005/wrapper/src/RcsbFilePyWrap.C Examining data/librcsb-core-wrapper-1.005/wrapper/src/DataInfoPyWrap.C FINAL RESULTS: data/librcsb-core-wrapper-1.005/cif-file/src/CifFile.C:1850:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(string,col[0].c_str()); data/librcsb-core-wrapper-1.005/regex/src/main.c:226:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(f0copy, f0); data/librcsb-core-wrapper-1.005/regex/src/main.c:250:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(f2copy, f2); data/librcsb-core-wrapper-1.005/regex/src/main.c:505:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(efbuf, "REG_%s", name); data/librcsb-core-wrapper-1.005/regex/src/regcomp.c:1185:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(cs->multis + oldend - 1, cp); data/librcsb-core-wrapper-1.005/regex/src/regerror.c:85:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(convbuf, r->name); data/librcsb-core-wrapper-1.005/regex/src/regerror.c:97:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(errbuf, s); data/librcsb-core-wrapper-1.005/regex/src/split.c:162:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(buf, argv[1]); data/librcsb-core-wrapper-1.005/regex/src/split.c:166:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(buf, argv[1]); data/librcsb-core-wrapper-1.005/regex/src/split.c:288:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(buf, tests[n].str); data/librcsb-core-wrapper-1.005/regex/src/main.c:44:14: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, "c:e:S:E:x")) != EOF) data/librcsb-core-wrapper-1.005/cif-file/src/CifFile.C:289:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). log.open(diagFileName.c_str(), ios::out | ios::app); data/librcsb-core-wrapper-1.005/cif-parser/src/CifParserBase.C:111:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((cifIn = fopen(fileName.c_str(), "r")) == NULL) data/librcsb-core-wrapper-1.005/cif-parser/src/CifScannerBase.C:55:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!logName.empty()) log.open(logName.c_str(),ios::out|ios::trunc); data/librcsb-core-wrapper-1.005/cif-parser/src/DICParserBase.C:113:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((dicIn = fopen(fileName.c_str(), "r")) == NULL ) data/librcsb-core-wrapper-1.005/cif-parser/src/DICScannerBase.C:65:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!logName.empty()) log.open(logName.c_str(),ios::out|ios::trunc); data/librcsb-core-wrapper-1.005/common/src/Serializer.C:67:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). _log.open("Serializer.log", ios::out | ios::app); data/librcsb-core-wrapper-1.005/common/src/Serializer.C:1450:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((_fd = open(fileName.c_str(), openMode, S_IRUSR|S_IWUSR)) < 0) data/librcsb-core-wrapper-1.005/regex/include/utils.h:21:26: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define memmove(d, s, c) bcopy(s, d, c) data/librcsb-core-wrapper-1.005/regex/src/debug.c:235:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[10]; data/librcsb-core-wrapper-1.005/regex/src/debug.c:238:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%c", ch); data/librcsb-core-wrapper-1.005/regex/src/debug.c:240:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "\\%o", ch); data/librcsb-core-wrapper-1.005/regex/src/engine.c:1000:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pbuf[10]; data/librcsb-core-wrapper-1.005/regex/src/engine.c:1003:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pbuf, "%c", ch); data/librcsb-core-wrapper-1.005/regex/src/engine.c:1005:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pbuf, "\\%o", ch); data/librcsb-core-wrapper-1.005/regex/src/main.c:33:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char erbuf[100]; data/librcsb-core-wrapper-1.005/regex/src/main.c:53:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). startoff = (regoff_t)atoi(optarg); data/librcsb-core-wrapper-1.005/regex/src/main.c:56:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). endoff = (regoff_t)atoi(optarg); data/librcsb-core-wrapper-1.005/regex/src/main.c:129:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inbuf[1000]; data/librcsb-core-wrapper-1.005/regex/src/main.c:131:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *f[MAXF]; data/librcsb-core-wrapper-1.005/regex/src/main.c:134:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char erbuf[100]; data/librcsb-core-wrapper-1.005/regex/src/main.c:187:6: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (atoi(erbuf) != (int)REG_BADPAT) { data/librcsb-core-wrapper-1.005/regex/src/main.c:215:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *should[NSHOULD]; data/librcsb-core-wrapper-1.005/regex/src/main.c:217:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char erbuf[100]; data/librcsb-core-wrapper-1.005/regex/src/main.c:223:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char f0copy[1000]; data/librcsb-core-wrapper-1.005/regex/src/main.c:224:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char f2copy[1000]; data/librcsb-core-wrapper-1.005/regex/src/main.c:413:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char grump[500]; data/librcsb-core-wrapper-1.005/regex/src/main.c:428:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(grump, "start %ld end %ld", (long)sub.rm_so, data/librcsb-core-wrapper-1.005/regex/src/main.c:441:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(grump, "start %ld end %ld, past end of string", data/librcsb-core-wrapper-1.005/regex/src/main.c:452:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(grump, "matched `%.*s'", len, p); data/librcsb-core-wrapper-1.005/regex/src/main.c:458:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(grump, "matched `%.*s' instead", len, p); data/librcsb-core-wrapper-1.005/regex/src/main.c:471:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(grump, "matched null at `%.20s'", p); data/librcsb-core-wrapper-1.005/regex/src/main.c:485:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char epbuf[100]; data/librcsb-core-wrapper-1.005/regex/src/main.c:501:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char efbuf[100]; data/librcsb-core-wrapper-1.005/regex/src/main.c:509:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return(atoi(efbuf)); data/librcsb-core-wrapper-1.005/regex/src/regcomp.c:35:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char nuls[10]; /* place to point scanner in event of error */ data/librcsb-core-wrapper-1.005/regex/src/regcomp.c:862:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bracket[3]; data/librcsb-core-wrapper-1.005/regex/src/regcomp.c:908:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bracket[4]; data/librcsb-core-wrapper-1.005/regex/src/regcomp.c:1368:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy((char *)(p->strip + p->slen), data/librcsb-core-wrapper-1.005/regex/src/regerror.c:74:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char convbuf[50]; data/librcsb-core-wrapper-1.005/regex/src/regerror.c:87:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(convbuf, "REG_0x%x", target); data/librcsb-core-wrapper-1.005/regex/src/regerror.c:124:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(localbuf, "%d", r->code); data/librcsb-core-wrapper-1.005/regex/src/regexec.c:75:22: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define ASSIGN(d, s) memcpy(d, s, m->g->nstates) data/librcsb-core-wrapper-1.005/regex/src/split.c:155:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/librcsb-core-wrapper-1.005/regex/src/split.c:158:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *fields[MNF]; data/librcsb-core-wrapper-1.005/regex/src/split.c:161:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). for (n = atoi(argv[3]); n > 0; n--) { data/librcsb-core-wrapper-1.005/regex/src/split.c:165:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). for (n = atoi(argv[3]); n > 0; n--) { data/librcsb-core-wrapper-1.005/regex/src/split.c:187:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *fields[NF]; data/librcsb-core-wrapper-1.005/regex/src/split.c:213:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *fi[RNF]; data/librcsb-core-wrapper-1.005/regex/src/split.c:279:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/librcsb-core-wrapper-1.005/regex/src/split.c:281:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *fields[RNF+1]; data/librcsb-core-wrapper-1.005/cif-parser/src/CifParserBase.C:855:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(Glob_dataBlockName) > strlen(DATA_TAG))) data/librcsb-core-wrapper-1.005/cif-parser/src/CifParserBase.C:855:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(Glob_dataBlockName) > strlen(DATA_TAG))) data/librcsb-core-wrapper-1.005/cif-parser/src/CifParserBase.C:857:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _curDataBlockName = &(Glob_dataBlockName)[strlen(DATA_TAG)]; data/librcsb-core-wrapper-1.005/cif-parser/src/CifScannerBase.C:122:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tBuf->erase(strlen(_tBuf->c_str())-1,1); data/librcsb-core-wrapper-1.005/cif-parser/src/CifScannerBase.C:126:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). log << "LS1: String[" << strlen(yylval.cBuf) << "] " << yylval.cBuf << endl; data/librcsb-core-wrapper-1.005/cif-parser/src/CifScannerBase.C:140:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (unsigned int tmpI = 0; tmpI < strlen(&yytext[_i+1]); tmpI++) data/librcsb-core-wrapper-1.005/cif-parser/src/CifScannerBase.C:246:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int cBufLen = strlen(yylval.cBuf); data/librcsb-core-wrapper-1.005/cif-parser/src/CifScannerBase.C:288:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _i=yyleng-strlen(p); data/librcsb-core-wrapper-1.005/cif-parser/src/CifScannerBase.C:325:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _i=yyleng-strlen(p); data/librcsb-core-wrapper-1.005/cif-parser/src/DICParserBase.C:1283:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (&(Glob_dataBlockNameDIC)[5] && (strlen(&(Glob_dataBlockNameDIC)[5])>0)) { data/librcsb-core-wrapper-1.005/cif-parser/src/DICScannerBase.C:117:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _tBuf->erase(strlen(_tBuf->c_str())-1,1); data/librcsb-core-wrapper-1.005/cif-parser/src/DICScannerBase.C:125:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). log << "LS1: String[" << strlen(yylval.cBuf) << "] " << yylval.cBuf << endl; data/librcsb-core-wrapper-1.005/cif-parser/src/DICScannerBase.C:318:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int cBufLen = strlen(yylval.cBuf); data/librcsb-core-wrapper-1.005/cif-parser/src/DICScannerBase.C:354:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _i=yyleng-strlen(p); data/librcsb-core-wrapper-1.005/cif-parser/src/DICScannerBase.C:384:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). _i=yyleng-strlen(p); data/librcsb-core-wrapper-1.005/common/include/mapped_ptr_vector.h:85:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(const std::string& name); data/librcsb-core-wrapper-1.005/common/src/BlockIO.C:47:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read(fd, _buffer, BLKSIZE); data/librcsb-core-wrapper-1.005/common/src/mapped_ptr_vector.C:354:44: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void mapped_ptr_vector<T, StringCompareT>::read(const string& name) data/librcsb-core-wrapper-1.005/dict-obj-file/src/DictObjCont.C:738:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). containers.read(contName); data/librcsb-core-wrapper-1.005/dict-obj-file/src/DictObjFile.C:255:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _dictionaries.read(dictName); data/librcsb-core-wrapper-1.005/regex/src/engine.c:91:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stop = (char*)start + strlen(start); data/librcsb-core-wrapper-1.005/regex/src/main.c:93:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). subs[0].rm_eo = strlen(argv[optind]) - endoff; data/librcsb-core-wrapper-1.005/regex/src/main.c:145:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inbuf[strlen(inbuf)-1] = '\0'; /* get rid of stupid \n */ data/librcsb-core-wrapper-1.005/regex/src/main.c:167:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp(erbuf, badpat) != 0 || ne != strlen(badpat)+1) { data/librcsb-core-wrapper-1.005/regex/src/main.c:174:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ne != strlen(badpat)+1) { data/librcsb-core-wrapper-1.005/regex/src/main.c:180:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp(erbuf, bpname) != 0 || ne != strlen(bpname)+1) { data/librcsb-core-wrapper-1.005/regex/src/main.c:191:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (ne != strlen(erbuf)+1) { data/librcsb-core-wrapper-1.005/regex/src/main.c:227:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). re.re_endp = (opts®_PEND) ? f0copy + strlen(f0copy) : NULL; data/librcsb-core-wrapper-1.005/regex/src/main.c:440:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sub.rm_eo > strlen(str)) { data/librcsb-core-wrapper-1.005/regex/src/main.c:447:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). shlen = (int)strlen(should); data/librcsb-core-wrapper-1.005/regex/src/main.c:467:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). shlen = strlen(at); data/librcsb-core-wrapper-1.005/regex/src/main.c:506:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(efbuf) < sizeof(efbuf)); data/librcsb-core-wrapper-1.005/regex/src/regcomp.c:112:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen((char *)pattern); data/librcsb-core-wrapper-1.005/regex/src/regcomp.c:762:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (u = cp->multis; *u != '\0'; u += strlen(u) + 1) data/librcsb-core-wrapper-1.005/regex/src/regcomp.c:1175:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cs->smultis += strlen(cp) + 1; data/librcsb-core-wrapper-1.005/regex/src/regcomp.c:1200:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). register size_t len = strlen(fp); data/librcsb-core-wrapper-1.005/regex/src/regcomp.c:1243:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (p = cs->multis; *p != '\0'; p += strlen(p) + 1) data/librcsb-core-wrapper-1.005/regex/src/regerror.c:88:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). assert(strlen(convbuf) < sizeof(convbuf)); data/librcsb-core-wrapper-1.005/regex/src/regerror.c:94:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s) + 1; data/librcsb-core-wrapper-1.005/regex/src/regerror.c:99:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). (void) strncpy(errbuf, s, errbuf_size-1); data/librcsb-core-wrapper-1.005/regex/src/split.c:173:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf[strlen(buf)-1] = '\0'; /* stomp newline */ data/librcsb-core-wrapper-1.005/tables/src/ITTable.C:873:7: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. int equal; data/librcsb-core-wrapper-1.005/tables/src/TableFile.C:376:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _tables.read(name); data/librcsb-core-wrapper-1.005/tables/src/TableFile.C:803:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). _blocks[blockIndex]._tables.read(name); ANALYSIS SUMMARY: Hits = 105 Lines analyzed = 44636 in approximately 1.06 seconds (42229 lines/second) Physical Source Lines of Code (SLOC) = 28997 Hits@level = [0] 87 [1] 44 [2] 50 [3] 1 [4] 10 [5] 0 Hits@level+ = [0+] 192 [1+] 105 [2+] 61 [3+] 11 [4+] 10 [5+] 0 Hits/KSLOC@level+ = [0+] 6.62137 [1+] 3.62106 [2+] 2.10367 [3+] 0.37935 [4+] 0.344863 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.