Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/marisa-0.2.6/bindings/marisa-swig.cxx
Examining data/marisa-0.2.6/bindings/marisa-swig.h
Examining data/marisa-0.2.6/bindings/perl/marisa-swig.cxx
Examining data/marisa-0.2.6/bindings/perl/marisa-swig.h
Examining data/marisa-0.2.6/bindings/perl/marisa-swig_wrap.cxx
Examining data/marisa-0.2.6/bindings/python/marisa-swig.cxx
Examining data/marisa-0.2.6/bindings/python/marisa-swig.h
Examining data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx
Examining data/marisa-0.2.6/bindings/ruby/marisa-swig.cxx
Examining data/marisa-0.2.6/bindings/ruby/marisa-swig.h
Examining data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx
Examining data/marisa-0.2.6/include/marisa.h
Examining data/marisa-0.2.6/include/marisa/agent.h
Examining data/marisa-0.2.6/include/marisa/exception.h
Examining data/marisa-0.2.6/include/marisa/iostream.h
Examining data/marisa-0.2.6/include/marisa/key.h
Examining data/marisa-0.2.6/include/marisa/keyset.h
Examining data/marisa-0.2.6/include/marisa/query.h
Examining data/marisa-0.2.6/include/marisa/scoped-array.h
Examining data/marisa-0.2.6/include/marisa/scoped-ptr.h
Examining data/marisa-0.2.6/include/marisa/stdio.h
Examining data/marisa-0.2.6/include/marisa/trie.h
Examining data/marisa-0.2.6/include/marisa/base.h
Examining data/marisa-0.2.6/lib/marisa/agent.cc
Examining data/marisa-0.2.6/lib/marisa/grimoire/algorithm.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/algorithm/sort.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/intrin.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/io.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/io/mapper.cc
Examining data/marisa-0.2.6/lib/marisa/grimoire/io/mapper.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/io/reader.cc
Examining data/marisa-0.2.6/lib/marisa/grimoire/io/reader.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/io/writer.cc
Examining data/marisa-0.2.6/lib/marisa/grimoire/io/writer.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/trie.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/trie/cache.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/trie/config.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/trie/entry.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/trie/header.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/trie/history.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/trie/key.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/trie/louds-trie.cc
Examining data/marisa-0.2.6/lib/marisa/grimoire/trie/louds-trie.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/trie/range.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/trie/state.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/trie/tail.cc
Examining data/marisa-0.2.6/lib/marisa/grimoire/trie/tail.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/vector.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/vector/bit-vector.cc
Examining data/marisa-0.2.6/lib/marisa/grimoire/vector/bit-vector.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/vector/flat-vector.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/vector/pop-count.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/vector/rank-index.h
Examining data/marisa-0.2.6/lib/marisa/grimoire/vector/vector.h
Examining data/marisa-0.2.6/lib/marisa/keyset.cc
Examining data/marisa-0.2.6/lib/marisa/trie.cc
Examining data/marisa-0.2.6/tests/base-test.cc
Examining data/marisa-0.2.6/tests/io-test.cc
Examining data/marisa-0.2.6/tests/marisa-assert.h
Examining data/marisa-0.2.6/tests/marisa-test.cc
Examining data/marisa-0.2.6/tests/trie-test.cc
Examining data/marisa-0.2.6/tests/vector-test.cc
Examining data/marisa-0.2.6/tools/cmdopt.cc
Examining data/marisa-0.2.6/tools/cmdopt.h
Examining data/marisa-0.2.6/tools/marisa-benchmark.cc
Examining data/marisa-0.2.6/tools/marisa-build.cc
Examining data/marisa-0.2.6/tools/marisa-common-prefix-search.cc
Examining data/marisa-0.2.6/tools/marisa-dump.cc
Examining data/marisa-0.2.6/tools/marisa-lookup.cc
Examining data/marisa-0.2.6/tools/marisa-predictive-search.cc
Examining data/marisa-0.2.6/tools/marisa-reverse-lookup.cc
FINAL RESULTS:
data/marisa-0.2.6/bindings/perl/marisa-swig_wrap.cxx:682:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r,name);
data/marisa-0.2.6/bindings/perl/marisa-swig_wrap.cxx:1277:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r,SWIG_Perl_TypeProxyName(type));
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:686:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r,name);
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:817:25: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define PyOS_snprintf _snprintf
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:819:25: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define PyOS_snprintf snprintf
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:836:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
res = vsnprintf(buf, sizeof(buf), fmt, ap);
data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx:790:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r,name);
data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx:1516:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(klass_name, "TYPE%s", type->name);
data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx:1572:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(klass_name, "TYPE%s", type->name);
data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx:1707:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r, type->name);
data/marisa-0.2.6/tests/marisa-test.cc:379:8: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand((unsigned int)std::time(NULL));
data/marisa-0.2.6/tests/vector-test.cc:452:8: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand((unsigned int)std::time(NULL));
data/marisa-0.2.6/bindings/marisa-swig.cxx:110:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf_, ptr, length);
data/marisa-0.2.6/bindings/marisa-swig.cxx:200:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf, agent.key().ptr(), agent.key().length());
data/marisa-0.2.6/bindings/perl/marisa-swig.cxx:110:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf_, ptr, length);
data/marisa-0.2.6/bindings/perl/marisa-swig.cxx:200:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf, agent.key().ptr(), agent.key().length());
data/marisa-0.2.6/bindings/perl/marisa-swig_wrap.cxx:633:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hex[17] = "0123456789abcdef";
data/marisa-0.2.6/bindings/perl/marisa-swig_wrap.cxx:1272:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[1024];
data/marisa-0.2.6/bindings/perl/marisa-swig_wrap.cxx:1495:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#ifdef open
data/marisa-0.2.6/bindings/perl/marisa-swig_wrap.cxx:1496:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#undef open
data/marisa-0.2.6/bindings/perl/marisa-swig_wrap.cxx:1685:38: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
*cptr = reinterpret_cast< char* >(memcpy((new char[size]), cstr, sizeof(char)*(size)));
data/marisa-0.2.6/bindings/perl/marisa-swig_wrap.cxx:4988:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
swig_create_magic(sv, (char *) swig_variables[i].name, swig_variables[i].set, swig_variables[i].get);
data/marisa-0.2.6/bindings/perl/marisa-swig_wrap.cxx:5003:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sv_setpv(sv, (char *) swig_constants[i].pvalue);
data/marisa-0.2.6/bindings/python/marisa-swig.cxx:110:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf_, ptr, length);
data/marisa-0.2.6/bindings/python/marisa-swig.cxx:200:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf, agent.key().ptr(), agent.key().length());
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:637:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hex[17] = "0123456789abcdef";
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:789:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newstr, cstr, len+1);
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:833:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SWIG_PYBUFFER_SIZE * 2];
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:1517:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:1884:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:1898:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:1909:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:2039:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pack, ptr, size);
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:2057:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, sobj->pack, size);
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:2597:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mesg[256];
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:2908:40: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
*cptr = reinterpret_cast< char* >(memcpy((new char[len + 1]), cstr, sizeof(char)*(len + 1)));
data/marisa-0.2.6/bindings/ruby/marisa-swig.cxx:110:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf_, ptr, length);
data/marisa-0.2.6/bindings/ruby/marisa-swig.cxx:200:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf, agent.key().ptr(), agent.key().length());
data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx:741:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hex[17] = "0123456789abcdef";
data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx:1104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx:1117:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "%d of type ", argn-1 );
data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx:1702:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[1024];
data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx:1942:38: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
*cptr = reinterpret_cast< char* >(memcpy((new char[size]), cstr, sizeof(char)*(size)));
data/marisa-0.2.6/lib/marisa/grimoire/io/mapper.cc:54:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Mapper::open(const char *filename) {
data/marisa-0.2.6/lib/marisa/grimoire/io/mapper.cc:62:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Mapper::open(const void *ptr, std::size_t size) {
data/marisa-0.2.6/lib/marisa/grimoire/io/mapper.cc:145:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ = ::open(filename, O_RDONLY);
data/marisa-0.2.6/lib/marisa/grimoire/io/mapper.h:17:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char *filename);
data/marisa-0.2.6/lib/marisa/grimoire/io/mapper.h:18:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const void *ptr, std::size_t size);
data/marisa-0.2.6/lib/marisa/grimoire/io/reader.cc:26:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Reader::open(const char *filename) {
data/marisa-0.2.6/lib/marisa/grimoire/io/reader.cc:34:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Reader::open(std::FILE *file) {
data/marisa-0.2.6/lib/marisa/grimoire/io/reader.cc:42:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Reader::open(int fd) {
data/marisa-0.2.6/lib/marisa/grimoire/io/reader.cc:50:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Reader::open(std::istream &stream) {
data/marisa-0.2.6/lib/marisa/grimoire/io/reader.cc:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/marisa-0.2.6/lib/marisa/grimoire/io/reader.cc:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/marisa-0.2.6/lib/marisa/grimoire/io/reader.cc:93:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = ::fopen(filename, "rb");
data/marisa-0.2.6/lib/marisa/grimoire/io/reader.h:18:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char *filename);
data/marisa-0.2.6/lib/marisa/grimoire/io/reader.h:19:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(std::FILE *file);
data/marisa-0.2.6/lib/marisa/grimoire/io/reader.h:20:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(int fd);
data/marisa-0.2.6/lib/marisa/grimoire/io/reader.h:21:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(std::istream &stream);
data/marisa-0.2.6/lib/marisa/grimoire/io/writer.cc:26:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Writer::open(const char *filename) {
data/marisa-0.2.6/lib/marisa/grimoire/io/writer.cc:34:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Writer::open(std::FILE *file) {
data/marisa-0.2.6/lib/marisa/grimoire/io/writer.cc:42:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Writer::open(int fd) {
data/marisa-0.2.6/lib/marisa/grimoire/io/writer.cc:50:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Writer::open(std::ostream &stream) {
data/marisa-0.2.6/lib/marisa/grimoire/io/writer.cc:72:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char buf[16] = {};
data/marisa-0.2.6/lib/marisa/grimoire/io/writer.cc:75:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char buf[1024] = {};
data/marisa-0.2.6/lib/marisa/grimoire/io/writer.cc:93:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = ::fopen(filename, "wb");
data/marisa-0.2.6/lib/marisa/grimoire/io/writer.h:18:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char *filename);
data/marisa-0.2.6/lib/marisa/grimoire/io/writer.h:19:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(std::FILE *file);
data/marisa-0.2.6/lib/marisa/grimoire/io/writer.h:20:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(int fd);
data/marisa-0.2.6/lib/marisa/grimoire/io/writer.h:21:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(std::ostream &stream);
data/marisa-0.2.6/lib/marisa/grimoire/trie/header.h:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[HEADER_SIZE];
data/marisa-0.2.6/lib/marisa/grimoire/trie/header.h:39:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char buf[HEADER_SIZE] = "We love Marisa.";
data/marisa-0.2.6/lib/marisa/trie.cc:27:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mapper.open(filename);
data/marisa-0.2.6/lib/marisa/trie.cc:39:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mapper.open(ptr, size);
data/marisa-0.2.6/lib/marisa/trie.cc:51:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reader.open(filename);
data/marisa-0.2.6/lib/marisa/trie.cc:63:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reader.open(fd);
data/marisa-0.2.6/lib/marisa/trie.cc:73:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writer.open(filename);
data/marisa-0.2.6/lib/marisa/trie.cc:82:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writer.open(fd);
data/marisa-0.2.6/lib/marisa/trie.cc:187:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reader.open(file);
data/marisa-0.2.6/lib/marisa/trie.cc:195:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writer.open(file);
data/marisa-0.2.6/lib/marisa/trie.cc:207:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reader.open(stream);
data/marisa-0.2.6/lib/marisa/trie.cc:215:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writer.open(stream);
data/marisa-0.2.6/tests/io-test.cc:24:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writer.open("io-test.dat");
data/marisa-0.2.6/tests/io-test.cc:37:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reader.open("io-test.dat");
data/marisa-0.2.6/tests/io-test.cc:56:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mapper.open("io-test.dat");
data/marisa-0.2.6/tests/io-test.cc:75:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writer.open("io-test.dat");
data/marisa-0.2.6/tests/io-test.cc:80:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reader.open("io-test.dat");
data/marisa-0.2.6/tests/io-test.cc:103:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writer.open(fd);
data/marisa-0.2.6/tests/io-test.cc:124:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = ::open("io-test.dat", O_RDONLY);
data/marisa-0.2.6/tests/io-test.cc:128:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reader.open(fd);
data/marisa-0.2.6/tests/io-test.cc:160:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = std::fopen("io-test.dat", "wb");
data/marisa-0.2.6/tests/io-test.cc:164:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writer.open(file);
data/marisa-0.2.6/tests/io-test.cc:180:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *file = std::fopen("io-test.dat", "rb");
data/marisa-0.2.6/tests/io-test.cc:184:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reader.open(file);
data/marisa-0.2.6/tests/io-test.cc:211:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writer.open(stream);
data/marisa-0.2.6/tests/io-test.cc:222:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reader.open(stream);
data/marisa-0.2.6/tests/marisa-test.cc:205:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_buf[16];
data/marisa-0.2.6/tests/marisa-test.cc:298:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = std::fopen("marisa-test.dat", "wb");
data/marisa-0.2.6/tests/marisa-test.cc:307:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = std::fopen("marisa-test.dat", "rb");
data/marisa-0.2.6/tests/trie-test.cc:51:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writer.open("trie-test.dat");
data/marisa-0.2.6/tests/trie-test.cc:57:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mapper.open("trie-test.dat");
data/marisa-0.2.6/tests/trie-test.cc:63:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reader.open("trie-test.dat");
data/marisa-0.2.6/tests/trie-test.cc:291:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writer.open("trie-test.dat");
data/marisa-0.2.6/tests/trie-test.cc:302:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mapper.open("trie-test.dat");
data/marisa-0.2.6/tests/trie-test.cc:317:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reader.open("trie-test.dat");
data/marisa-0.2.6/tests/trie-test.cc:332:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writer.open(stream);
data/marisa-0.2.6/tests/trie-test.cc:336:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reader.open(stream);
data/marisa-0.2.6/tests/vector-test.cc:175:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writer.open("vector-test.dat");
data/marisa-0.2.6/tests/vector-test.cc:185:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mapper.open("vector-test.dat");
data/marisa-0.2.6/tests/vector-test.cc:206:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reader.open("vector-test.dat");
data/marisa-0.2.6/tests/vector-test.cc:303:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writer.open("vector-test.dat");
data/marisa-0.2.6/tests/vector-test.cc:315:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mapper.open("vector-test.dat");
data/marisa-0.2.6/tests/vector-test.cc:330:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reader.open("vector-test.dat");
data/marisa-0.2.6/tests/vector-test.cc:397:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
writer.open(stream);
data/marisa-0.2.6/tests/vector-test.cc:410:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reader.open(stream);
data/marisa-0.2.6/bindings/perl/marisa-swig_wrap.cxx:386:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* te = tb + strlen(tb);
data/marisa-0.2.6/bindings/perl/marisa-swig_wrap.cxx:405:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* te = tb + strlen(tb);
data/marisa-0.2.6/bindings/perl/marisa-swig_wrap.cxx:681:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/marisa-0.2.6/bindings/perl/marisa-swig_wrap.cxx:702:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lname = (name ? strlen(name) : 0);
data/marisa-0.2.6/bindings/perl/marisa-swig_wrap.cxx:707:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r,name,lname+1);
data/marisa-0.2.6/bindings/perl/marisa-swig_wrap.cxx:1274:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((2*sz + 1 + strlen(SWIG_Perl_TypeProxyName(type))) > 1000) return;
data/marisa-0.2.6/bindings/perl/marisa-swig_wrap.cxx:1362:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_magic(sv,sv,'U',(char *) name,strlen(name));
data/marisa-0.2.6/bindings/perl/marisa-swig_wrap.cxx:1459:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#ifdef read
data/marisa-0.2.6/bindings/perl/marisa-swig_wrap.cxx:1460:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#undef read
data/marisa-0.2.6/bindings/perl/marisa-swig_wrap.cxx:1700:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (psize) *psize = vptr ? (strlen(vptr) + 1) : 0;
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:390:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* te = tb + strlen(tb);
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:409:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* te = tb + strlen(tb);
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:685:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:706:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lname = (name ? strlen(name) : 0);
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:711:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r,name,lname+1);
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:870:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define PyString_AsStringAndSize(obj, s, len) {*s = PyString_AsString(obj); *len = *s ? strlen(*s) : 0;}
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:2933:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0;
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:5916:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(name)+1;
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:5919:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gv->name,name,size);
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:5981:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(const_table[j].name)) == 0) {
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:5990:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lptr = strlen(ty->name)+2*sizeof(void*)+2;
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:5996:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buff, methods[i].ml_doc, ldoc);
data/marisa-0.2.6/bindings/python/marisa-swig_wrap.cxx:5998:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buff, "swig_ptr: ", 10);
data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx:494:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* te = tb + strlen(tb);
data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx:513:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* te = tb + strlen(tb);
data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx:789:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx:810:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lname = (name ? strlen(name) : 0);
data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx:815:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r,name,lname+1);
data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx:862:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#ifdef read
data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx:863:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# undef read
data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx:1515:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *klass_name = (char *) malloc(4 + strlen(type->name) + 1);
data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx:1571:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
klass_name = (char *) malloc(4 + strlen(type->name) + 1);
data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx:1704:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((2*sz + 1 + strlen(type->name)) > 1000) return 0;
data/marisa-0.2.6/bindings/ruby/marisa-swig_wrap.cxx:1957:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (psize) *psize = vptr ? (strlen((char*)vptr) + 1) : 0;
data/marisa-0.2.6/include/marisa/iostream.h:10:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::istream &read(std::istream &stream, Trie *trie);
data/marisa-0.2.6/include/marisa/trie.h:29:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(int fd);
data/marisa-0.2.6/lib/marisa/grimoire/io/reader.cc:127:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const ::ssize_t size_read = ::read(fd_, buf, count);
data/marisa-0.2.6/lib/marisa/grimoire/io/reader.cc:137:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
MARISA_THROW_IF(!stream_->read(static_cast<char *>(buf),
data/marisa-0.2.6/lib/marisa/grimoire/io/reader.h:24:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(T *obj) {
data/marisa-0.2.6/lib/marisa/grimoire/io/reader.h:30:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(T *objs, std::size_t num_objs) {
data/marisa-0.2.6/lib/marisa/grimoire/trie/header.h:23:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(Reader &reader) {
data/marisa-0.2.6/lib/marisa/grimoire/trie/header.h:25:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader.read(buf, HEADER_SIZE);
data/marisa-0.2.6/lib/marisa/grimoire/trie/louds-trie.cc:40:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void LoudsTrie::read(Reader &reader) {
data/marisa-0.2.6/lib/marisa/grimoire/trie/louds-trie.cc:41:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Header().read(reader);
data/marisa-0.2.6/lib/marisa/grimoire/trie/louds-trie.cc:562:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
louds_.read(reader);
data/marisa-0.2.6/lib/marisa/grimoire/trie/louds-trie.cc:563:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
terminal_flags_.read(reader);
data/marisa-0.2.6/lib/marisa/grimoire/trie/louds-trie.cc:564:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
link_flags_.read(reader);
data/marisa-0.2.6/lib/marisa/grimoire/trie/louds-trie.cc:565:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bases_.read(reader);
data/marisa-0.2.6/lib/marisa/grimoire/trie/louds-trie.cc:566:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
extras_.read(reader);
data/marisa-0.2.6/lib/marisa/grimoire/trie/louds-trie.cc:567:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tail_.read(reader);
data/marisa-0.2.6/lib/marisa/grimoire/trie/louds-trie.cc:573:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cache_.read(reader);
data/marisa-0.2.6/lib/marisa/grimoire/trie/louds-trie.cc:577:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader.read(&temp_num_l1_nodes);
data/marisa-0.2.6/lib/marisa/grimoire/trie/louds-trie.cc:582:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader.read(&temp_config_flags);
data/marisa-0.2.6/lib/marisa/grimoire/trie/louds-trie.h:24:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(Reader &reader);
data/marisa-0.2.6/lib/marisa/grimoire/trie/tail.cc:51:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void Tail::read(Reader &reader) {
data/marisa-0.2.6/lib/marisa/grimoire/trie/tail.cc:207:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buf_.read(reader);
data/marisa-0.2.6/lib/marisa/grimoire/trie/tail.cc:208:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
end_flags_.read(reader);
data/marisa-0.2.6/lib/marisa/grimoire/trie/tail.h:20:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(Reader &reader);
data/marisa-0.2.6/lib/marisa/grimoire/vector/bit-vector.h:35:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(Reader &reader) {
data/marisa-0.2.6/lib/marisa/grimoire/vector/bit-vector.h:144:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
units_.read(reader);
data/marisa-0.2.6/lib/marisa/grimoire/vector/bit-vector.h:147:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader.read(&temp_size);
data/marisa-0.2.6/lib/marisa/grimoire/vector/bit-vector.h:152:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader.read(&temp_num_1s);
data/marisa-0.2.6/lib/marisa/grimoire/vector/bit-vector.h:156:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ranks_.read(reader);
data/marisa-0.2.6/lib/marisa/grimoire/vector/bit-vector.h:157:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
select0s_.read(reader);
data/marisa-0.2.6/lib/marisa/grimoire/vector/bit-vector.h:158:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
select1s_.read(reader);
data/marisa-0.2.6/lib/marisa/grimoire/vector/flat-vector.h:31:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(Reader &reader) {
data/marisa-0.2.6/lib/marisa/grimoire/vector/flat-vector.h:151:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
units_.read(reader);
data/marisa-0.2.6/lib/marisa/grimoire/vector/flat-vector.h:154:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader.read(&temp_value_size);
data/marisa-0.2.6/lib/marisa/grimoire/vector/flat-vector.h:160:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader.read(&temp_mask);
data/marisa-0.2.6/lib/marisa/grimoire/vector/flat-vector.h:165:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader.read(&temp_size);
data/marisa-0.2.6/lib/marisa/grimoire/vector/vector.h:32:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(Reader &reader) {
data/marisa-0.2.6/lib/marisa/grimoire/vector/vector.h:211:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader.read(&total_size);
data/marisa-0.2.6/lib/marisa/grimoire/vector/vector.h:216:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader.read(objs_, size);
data/marisa-0.2.6/lib/marisa/trie.cc:52:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
temp->read(reader);
data/marisa-0.2.6/lib/marisa/trie.cc:56:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void Trie::read(int fd) {
data/marisa-0.2.6/lib/marisa/trie.cc:64:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
temp->read(reader);
data/marisa-0.2.6/lib/marisa/trie.cc:188:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
temp->read(reader);
data/marisa-0.2.6/lib/marisa/trie.cc:199:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static std::istream &read(std::istream &stream, Trie *trie) {
data/marisa-0.2.6/lib/marisa/trie.cc:208:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
temp->read(reader);
data/marisa-0.2.6/lib/marisa/trie.cc:232:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::istream &read(std::istream &stream, Trie *trie) {
data/marisa-0.2.6/lib/marisa/trie.cc:234:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return TrieIO::read(stream, trie);
data/marisa-0.2.6/lib/marisa/trie.cc:242:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(stream, &trie);
data/marisa-0.2.6/tests/base-test.cc:83:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(key.length() == std::strlen(str));
data/marisa-0.2.6/tests/base-test.cc:228:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(query.length() == std::strlen(str));
data/marisa-0.2.6/tests/base-test.cc:271:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(agent.query().length() == std::strlen(query_str));
data/marisa-0.2.6/tests/base-test.cc:275:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(agent.key().length() == std::strlen(key_str));
data/marisa-0.2.6/tests/io-test.cc:40:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader.read(&value);
data/marisa-0.2.6/tests/io-test.cc:42:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader.read(&value);
data/marisa-0.2.6/tests/io-test.cc:46:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader.read(values, 2);
data/marisa-0.2.6/tests/io-test.cc:51:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
EXCEPT(reader.read(&byte), MARISA_IO_ERROR);
data/marisa-0.2.6/tests/io-test.cc:83:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
EXCEPT(reader.read(&byte), MARISA_IO_ERROR);
data/marisa-0.2.6/tests/io-test.cc:131:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader.read(&value);
data/marisa-0.2.6/tests/io-test.cc:135:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader.read(values, 2);
data/marisa-0.2.6/tests/io-test.cc:140:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
EXCEPT(reader.read(&byte), MARISA_IO_ERROR);
data/marisa-0.2.6/tests/io-test.cc:187:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader.read(&value);
data/marisa-0.2.6/tests/io-test.cc:191:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader.read(values, 2);
data/marisa-0.2.6/tests/io-test.cc:196:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
EXCEPT(reader.read(&byte), MARISA_IO_ERROR);
data/marisa-0.2.6/tests/io-test.cc:225:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader.read(&value);
data/marisa-0.2.6/tests/io-test.cc:229:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader.read(values, 2);
data/marisa-0.2.6/tests/io-test.cc:234:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
EXCEPT(reader.read(&byte), MARISA_IO_ERROR);
data/marisa-0.2.6/tests/trie-test.cc:64:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
header.read(reader);
data/marisa-0.2.6/tests/trie-test.cc:285:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(std::strlen(ptr) == entries[i].length());
data/marisa-0.2.6/tests/trie-test.cc:309:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(std::strlen(ptr) == entries[i].length());
data/marisa-0.2.6/tests/trie-test.cc:318:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tail.read(reader);
data/marisa-0.2.6/tests/trie-test.cc:325:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(std::strlen(ptr) == entries[i].length());
data/marisa-0.2.6/tests/trie-test.cc:337:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tail.read(reader);
data/marisa-0.2.6/tests/trie-test.cc:344:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(std::strlen(ptr) == entries[i].length());
data/marisa-0.2.6/tests/vector-test.cc:207:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
vec.read(reader);
data/marisa-0.2.6/tests/vector-test.cc:331:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
vec.read(reader);
data/marisa-0.2.6/tests/vector-test.cc:411:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bv.read(reader);
ANALYSIS SUMMARY:
Hits = 225
Lines analyzed = 27528 in approximately 0.68 seconds (40296 lines/second)
Physical Source Lines of Code (SLOC) = 22551
Hits@level = [0] 71 [1] 110 [2] 103 [3] 2 [4] 10 [5] 0
Hits@level+ = [0+] 296 [1+] 225 [2+] 115 [3+] 12 [4+] 10 [5+] 0
Hits/KSLOC@level+ = [0+] 13.1258 [1+] 9.97738 [2+] 5.09955 [3+] 0.532127 [4+] 0.443439 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.