stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/qr-code-generator-1.5.0/c/qrcodegen-demo.c
Examining data/qr-code-generator-1.5.0/c/qrcodegen-test.c
Examining data/qr-code-generator-1.5.0/c/qrcodegen-worker.c
Examining data/qr-code-generator-1.5.0/c/qrcodegen.c
Examining data/qr-code-generator-1.5.0/c/qrcodegen.h
Examining data/qr-code-generator-1.5.0/cpp/BitBuffer.cpp
Examining data/qr-code-generator-1.5.0/cpp/BitBuffer.hpp
Examining data/qr-code-generator-1.5.0/cpp/QrCode.cpp
Examining data/qr-code-generator-1.5.0/cpp/QrCode.hpp
Examining data/qr-code-generator-1.5.0/cpp/QrCodeGeneratorDemo.cpp
Examining data/qr-code-generator-1.5.0/cpp/QrCodeGeneratorWorker.cpp
Examining data/qr-code-generator-1.5.0/cpp/QrSegment.cpp
Examining data/qr-code-generator-1.5.0/cpp/QrSegment.hpp

FINAL RESULTS:

data/qr-code-generator-1.5.0/c/qrcodegen-demo.c:131:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(concat, silver0);
data/qr-code-generator-1.5.0/c/qrcodegen-demo.c:132:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(concat, silver1);
data/qr-code-generator-1.5.0/c/qrcodegen-demo.c:163:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(concat, golden0);
data/qr-code-generator-1.5.0/c/qrcodegen-demo.c:164:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(concat, golden1);
data/qr-code-generator-1.5.0/c/qrcodegen-demo.c:165:4:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
			strcat(concat, golden2);
data/qr-code-generator-1.5.0/c/qrcodegen-test.c:1052:2:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	srand(time(NULL));
data/qr-code-generator-1.5.0/c/qrcodegen-test.c:123:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(block, &data[k], datLen * sizeof(uint8_t));
data/qr-code-generator-1.5.0/c/qrcodegen-test.c:159:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(paddedData, pureData, dataLen * sizeof(uint8_t));
data/qr-code-generator-1.5.0/c/qrcodegen-worker.c:92:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(tempBuffer, data, length * sizeof(data[0]));
data/qr-code-generator-1.5.0/c/qrcodegen.c:881:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf, data, len * sizeof(buf[0]));
data/qr-code-generator-1.5.0/c/qrcodegen-demo.c:130:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char *concat = calloc(strlen(silver0) + strlen(silver1) + 1, sizeof(char));
data/qr-code-generator-1.5.0/c/qrcodegen-demo.c:130:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char *concat = calloc(strlen(silver0) + strlen(silver1) + 1, sizeof(char));
data/qr-code-generator-1.5.0/c/qrcodegen-demo.c:140:91:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			uint8_t *segBuf0 = malloc(qrcodegen_calcSegmentBufferSize(qrcodegen_Mode_ALPHANUMERIC, strlen(silver0)) * sizeof(uint8_t));
data/qr-code-generator-1.5.0/c/qrcodegen-demo.c:141:86:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			uint8_t *segBuf1 = malloc(qrcodegen_calcSegmentBufferSize(qrcodegen_Mode_NUMERIC, strlen(silver1)) * sizeof(uint8_t));
data/qr-code-generator-1.5.0/c/qrcodegen-demo.c:162:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char *concat = calloc(strlen(golden0) + strlen(golden1) + strlen(golden2) + 1, sizeof(char));
data/qr-code-generator-1.5.0/c/qrcodegen-demo.c:162:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char *concat = calloc(strlen(golden0) + strlen(golden1) + strlen(golden2) + 1, sizeof(char));
data/qr-code-generator-1.5.0/c/qrcodegen-demo.c:162:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			char *concat = calloc(strlen(golden0) + strlen(golden1) + strlen(golden2) + 1, sizeof(char));
data/qr-code-generator-1.5.0/c/qrcodegen-demo.c:173:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			uint8_t *bytes = malloc(strlen(golden0) * sizeof(uint8_t));
data/qr-code-generator-1.5.0/c/qrcodegen-demo.c:174:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			for (size_t i = 0, len = strlen(golden0); i < len; i++)
data/qr-code-generator-1.5.0/c/qrcodegen-demo.c:176:83:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			uint8_t *segBuf0 = malloc(qrcodegen_calcSegmentBufferSize(qrcodegen_Mode_BYTE, strlen(golden0)) * sizeof(uint8_t));
data/qr-code-generator-1.5.0/c/qrcodegen-demo.c:177:86:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			uint8_t *segBuf1 = malloc(qrcodegen_calcSegmentBufferSize(qrcodegen_Mode_NUMERIC, strlen(golden1)) * sizeof(uint8_t));
data/qr-code-generator-1.5.0/c/qrcodegen-demo.c:178:91:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			uint8_t *segBuf2 = malloc(qrcodegen_calcSegmentBufferSize(qrcodegen_Mode_ALPHANUMERIC, strlen(golden2)) * sizeof(uint8_t));
data/qr-code-generator-1.5.0/c/qrcodegen-demo.c:180:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				qrcodegen_makeBytes(bytes, strlen(golden0), segBuf0),
data/qr-code-generator-1.5.0/c/qrcodegen.c:132:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t textLen = strlen(text);
data/qr-code-generator-1.5.0/c/qrcodegen.c:891:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len = strlen(digits);
data/qr-code-generator-1.5.0/c/qrcodegen.c:925:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len = strlen(text);
data/qr-code-generator-1.5.0/cpp/QrCodeGeneratorDemo.cpp:126:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	std::vector<uint8_t> bytes(golden0, golden0 + std::strlen(golden0));

ANALYSIS SUMMARY:

Hits = 27
Lines analyzed = 4668 in approximately 0.93 seconds (5016 lines/second)
Physical Source Lines of Code (SLOC) = 3007
Hits@level = [0]   7 [1]  17 [2]   4 [3]   1 [4]   5 [5]   0
Hits@level+ = [0+]  34 [1+]  27 [2+]  10 [3+]   6 [4+]   5 [5+]   0
Hits/KSLOC@level+ = [0+] 11.307 [1+] 8.97905 [2+] 3.32557 [3+] 1.99534 [4+] 1.66279 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.