Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ocaml-ctypes-0.17.1/src/ctypes-foreign-base/ffi_call_stubs.c
Examining data/ocaml-ctypes-0.17.1/src/ctypes-foreign-base/ffi_type_stubs.c
Examining data/ocaml-ctypes-0.17.1/src/ctypes-foreign-threaded/foreign_threaded_stubs.c
Examining data/ocaml-ctypes-0.17.1/src/ctypes/complex_stubs.c
Examining data/ocaml-ctypes-0.17.1/src/ctypes/cstubs_internals.h
Examining data/ocaml-ctypes-0.17.1/src/ctypes/ctypes_bigarrays.c
Examining data/ocaml-ctypes-0.17.1/src/ctypes/ctypes_complex_compatibility.h
Examining data/ocaml-ctypes-0.17.1/src/ctypes/ctypes_complex_stubs.h
Examining data/ocaml-ctypes-0.17.1/src/ctypes/ctypes_cstubs_internals.h
Examining data/ocaml-ctypes-0.17.1/src/ctypes/ctypes_ldouble_stubs.h
Examining data/ocaml-ctypes-0.17.1/src/ctypes/ctypes_managed_buffer_stubs.h
Examining data/ocaml-ctypes-0.17.1/src/ctypes/ctypes_primitives.h
Examining data/ocaml-ctypes-0.17.1/src/ctypes/ctypes_raw_pointer.h
Examining data/ocaml-ctypes-0.17.1/src/ctypes/ctypes_roots.c
Examining data/ocaml-ctypes-0.17.1/src/ctypes/ctypes_type_info_stubs.h
Examining data/ocaml-ctypes-0.17.1/src/ctypes/ldouble_stubs.c
Examining data/ocaml-ctypes-0.17.1/src/ctypes/managed_buffer_stubs.c
Examining data/ocaml-ctypes-0.17.1/src/ctypes/posix_types_stubs.c
Examining data/ocaml-ctypes-0.17.1/src/ctypes/raw_pointer_stubs.c
Examining data/ocaml-ctypes-0.17.1/src/ctypes/type_info_stubs.c
Examining data/ocaml-ctypes-0.17.1/tests/bench-micro/bench_micro_lib.c
Examining data/ocaml-ctypes-0.17.1/tests/bench-micro/bench_micro_stubs.c
Examining data/ocaml-ctypes-0.17.1/tests/bench-micro/bench_micro_stubs.h
Examining data/ocaml-ctypes-0.17.1/tests/clib/test_functions.c
Examining data/ocaml-ctypes-0.17.1/tests/clib/test_functions.h
FINAL RESULTS:
data/ocaml-ctypes-0.17.1/src/ctypes-foreign-base/ffi_call_stubs.c:421:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, String_val(fnname));
data/ocaml-ctypes-0.17.1/src/ctypes/ctypes_cstubs_internals.h:48:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ctypes_printf printf
data/ocaml-ctypes-0.17.1/src/ctypes/type_info_stubs.c:148:29: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
case Ctypes_Int8_t: len = snprintf(buf, sizeof buf, "%" PRId8, (int8_t)Int_val(v)); break;
data/ocaml-ctypes-0.17.1/src/ctypes/type_info_stubs.c:149:30: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
case Ctypes_Int16_t: len = snprintf(buf, sizeof buf, "%" PRId16, (int16_t)Int_val(v)); break;
data/ocaml-ctypes-0.17.1/src/ctypes/type_info_stubs.c:150:30: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
case Ctypes_Int32_t: len = snprintf(buf, sizeof buf, "%" PRId32, Int32_val(v)); break;
data/ocaml-ctypes-0.17.1/src/ctypes/type_info_stubs.c:151:30: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
case Ctypes_Int64_t: len = snprintf(buf, sizeof buf, "%" PRId64, (int64_t)Int64_val(v)); break;
data/ocaml-ctypes-0.17.1/src/ctypes/type_info_stubs.c:152:30: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
case Ctypes_Uint8_t: len = snprintf(buf, sizeof buf, "%" PRIu8, Uint8_val(v)); break;
data/ocaml-ctypes-0.17.1/src/ctypes/type_info_stubs.c:153:31: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
case Ctypes_Uint16_t: len = snprintf(buf, sizeof buf, "%" PRIu16, Uint16_val(v)); break;
data/ocaml-ctypes-0.17.1/src/ctypes/type_info_stubs.c:154:31: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
case Ctypes_Uint32_t: len = snprintf(buf, sizeof buf, "%" PRIu32, Uint32_val(v)); break;
data/ocaml-ctypes-0.17.1/src/ctypes/type_info_stubs.c:155:31: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
case Ctypes_Uint64_t: len = snprintf(buf, sizeof buf, "%" PRIu64, Uint64_val(v)); break;
data/ocaml-ctypes-0.17.1/tests/clib/test_functions.c:278:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%s horse", chorse_colour((struct chorse *)a));
data/ocaml-ctypes-0.17.1/src/ctypes-foreign-base/ffi_call_stubs.c:234:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(spec, &callspec_prototype, sizeof(struct callspec));
data/ocaml-ctypes-0.17.1/src/ctypes/ldouble_stubs.c:198:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Data_custom_val(res), &u, sizeof(u));
data/ocaml-ctypes-0.17.1/src/ctypes/ldouble_stubs.c:473:58: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
void *(*volatile mymemcpy)(void*,const void*,size_t) = memcpy;
data/ocaml-ctypes-0.17.1/src/ctypes/ldouble_stubs.c:494:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, &c, sizeof(c));
data/ocaml-ctypes-0.17.1/src/ctypes/ldouble_stubs.c:511:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Data_custom_val(res), &u, sizeof(u));
data/ocaml-ctypes-0.17.1/src/ctypes/managed_buffer_stubs.c:57:38: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
*(void **)Data_custom_val(block) = memcpy(dst, src, size);
data/ocaml-ctypes-0.17.1/src/ctypes/raw_pointer_stubs.c:21:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CTYPES_ADDR_OF_FATPTR(dst), CTYPES_ADDR_OF_FATPTR(src), Long_val(size));
data/ocaml-ctypes-0.17.1/src/ctypes/raw_pointer_stubs.c:42:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(String_val(dst), CTYPES_ADDR_OF_FATPTR(p), len);
data/ocaml-ctypes-0.17.1/src/ctypes/raw_pointer_stubs.c:56:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, ss, len);
data/ocaml-ctypes-0.17.1/src/ctypes/type_info_stubs.c:130:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/ocaml-ctypes-0.17.1/src/ctypes/type_info_stubs.c:182:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(String_val(s), buf, len);
data/ocaml-ctypes-0.17.1/src/ctypes/type_info_stubs.c:206:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/ocaml-ctypes-0.17.1/tests/clib/test_functions.c:277:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[30]; /* static allocation is adequate for the test */
data/ocaml-ctypes-0.17.1/tests/clib/test_functions.c:759:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *string_array[2] = { "Hello", "world" };
data/ocaml-ctypes-0.17.1/tests/clib/test_functions.h:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[sizeof(int64_t) + 1];
data/ocaml-ctypes-0.17.1/tests/clib/test_functions.h:67:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char str[sizeof GLOBAL_STRING];
data/ocaml-ctypes-0.17.1/tests/clib/test_functions.h:212:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union u1 { char x1; float x2; double x3; char x4[13]; };
data/ocaml-ctypes-0.17.1/tests/clib/test_functions.h:267:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *string_array[2];
ANALYSIS SUMMARY:
Hits = 29
Lines analyzed = 4305 in approximately 0.17 seconds (25800 lines/second)
Physical Source Lines of Code (SLOC) = 3312
Hits@level = [0] 25 [1] 0 [2] 18 [3] 0 [4] 11 [5] 0
Hits@level+ = [0+] 54 [1+] 29 [2+] 29 [3+] 11 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 16.3043 [1+] 8.75604 [2+] 8.75604 [3+] 3.32126 [4+] 3.32126 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.