Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_deque.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_deque.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_htable.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_htable.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_map.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_map.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_priority_queue.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_priority_queue.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_queue.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_queue.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_set.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_set.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_stack.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_stack.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_vector.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_vector.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_collection_ce.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_collection_ce.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_deque_ce.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_deque_ce.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_hashable_ce.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_hashable_ce.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_map_ce.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_map_ce.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_pair_ce.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_pair_ce.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_priority_queue_ce.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_priority_queue_ce.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_queue_ce.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_queue_ce.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_sequence_ce.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_sequence_ce.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_set_ce.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_set_ce.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_stack_ce.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_stack_ce.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_vector_ce.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_vector_ce.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_common_handlers.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_common_handlers.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_deque_handlers.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_deque_handlers.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_map_handlers.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_map_handlers.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_pair_handlers.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_pair_handlers.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_priority_queue_handlers.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_priority_queue_handlers.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_queue_handlers.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_queue_handlers.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_set_handlers.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_set_handlers.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_stack_handlers.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_stack_handlers.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_vector_handlers.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_vector_handlers.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_deque_iterator.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_deque_iterator.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_htable_iterator.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_htable_iterator.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_map_iterator.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_map_iterator.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_priority_queue_iterator.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_priority_queue_iterator.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_queue_iterator.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_queue_iterator.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_set_iterator.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_set_iterator.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_stack_iterator.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_stack_iterator.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_vector_iterator.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_vector_iterator.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_deque.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_deque.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_map.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_map.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_pair.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_pair.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_priority_queue.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_priority_queue.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_queue.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_queue.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_set.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_set.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_stack.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_stack.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_vector.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_vector.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/arginfo.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/php/parameters.h
Examining data/php-ds-1.2.9/ds-1.2.9/src/common.c
Examining data/php-ds-1.2.9/ds-1.2.9/src/common.h
Examining data/php-ds-1.2.9/ds-1.2.9/php_ds.c
Examining data/php-ds-1.2.9/ds-1.2.9/php_ds.h
FINAL RESULTS:
data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_deque.c:134:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buffer[0], &deque->buffer[h], r * sizeof(zval));
data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_deque.c:135:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buffer[r], &deque->buffer[0], t * sizeof(zval));
data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_htable.c:149:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_dst->lookup, _src->lookup, _src->capacity * sizeof(uint32_t));
data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_priority_queue.c:248:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, queue->nodes, queue->size * sizeof(ds_priority_queue_node_t));
data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_deque_handlers.c:131:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&php_deque_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_map_handlers.c:115:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&php_map_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_pair_handlers.c:31:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&php_pair_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_priority_queue_handlers.c:61:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&php_priority_queue_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_queue_handlers.c:63:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&php_queue_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_set_handlers.c:88:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&php_ds_set_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_stack_handlers.c:61:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&php_ds_stack_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_vector_handlers.c:134:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&php_vector_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers));
ANALYSIS SUMMARY:
Hits = 12
Lines analyzed = 10548 in approximately 0.19 seconds (55741 lines/second)
Physical Source Lines of Code (SLOC) = 8013
Hits@level = [0] 0 [1] 0 [2] 12 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 12 [1+] 12 [2+] 12 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 1.49757 [1+] 1.49757 [2+] 1.49757 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.