Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-bioc-xvector-0.30.0/inst/include/XVector_defines.h
Examining data/r-bioc-xvector-0.30.0/inst/include/XVector_interface.h
Examining data/r-bioc-xvector-0.30.0/inst/include/_XVector_stubs.c
Examining data/r-bioc-xvector-0.30.0/src/IRanges_stubs.c
Examining data/r-bioc-xvector-0.30.0/src/Ocopy_byteblocks.c
Examining data/r-bioc-xvector-0.30.0/src/RDS_random_access.c
Examining data/r-bioc-xvector-0.30.0/src/R_init_XVector.c
Examining data/r-bioc-xvector-0.30.0/src/S4Vectors_stubs.c
Examining data/r-bioc-xvector-0.30.0/src/SharedDouble_class.c
Examining data/r-bioc-xvector-0.30.0/src/SharedInteger_class.c
Examining data/r-bioc-xvector-0.30.0/src/SharedRaw_class.c
Examining data/r-bioc-xvector-0.30.0/src/SharedVector_class.c
Examining data/r-bioc-xvector-0.30.0/src/XDouble_class.c
Examining data/r-bioc-xvector-0.30.0/src/XInteger_class.c
Examining data/r-bioc-xvector-0.30.0/src/XRawList_comparison.c
Examining data/r-bioc-xvector-0.30.0/src/XRaw_class.c
Examining data/r-bioc-xvector-0.30.0/src/XVector.h
Examining data/r-bioc-xvector-0.30.0/src/XVectorList_class.c
Examining data/r-bioc-xvector-0.30.0/src/XVector_class.c
Examining data/r-bioc-xvector-0.30.0/src/io_utils.c
Examining data/r-bioc-xvector-0.30.0/src/slice_methods.c
Examining data/r-bioc-xvector-0.30.0/src/vector_copy.c
Examining data/r-bioc-xvector-0.30.0/src/view_summarization_methods.c
FINAL RESULTS:
data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:80:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(msg); \
data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:88:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format, value); \
data/r-bioc-xvector-0.30.0/src/Ocopy_byteblocks.c:38:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, b, dest_size);
data/r-bioc-xvector-0.30.0/src/Ocopy_byteblocks.c:45:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, b, q * blocksize);
data/r-bioc-xvector-0.30.0/src/Ocopy_byteblocks.c:122:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a, src, src_size);
data/r-bioc-xvector-0.30.0/src/Ocopy_byteblocks.c:129:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a, src, q * blocksize);
data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:103:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errmsg_buf[40];
data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:211:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char LONG_LENGTH_bytes[4] = {0xff, 0xff, 0xff, 0xff};
data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:212:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8];
data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:271:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char NA_STRING_bytes[4] = {0xff, 0xff, 0xff, 0xff};
data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:272:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:400:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char EOA_bytes[4] = {0x00, 0x00, 0x00, 0xfe},
data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:402:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:420:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char NEW_SYMBOL_bytes[4] = {0x00, 0x00, 0x00, 0x01};
data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:421:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:489:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obj_header[4];
data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:548:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char RDS_header[14] = {0x58, 0x0a,
data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:552:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char file_header[sizeof(RDS_header)];
data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:612:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char obj_header[4];
data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:632:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errmsg_buf[80];
data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:708:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errmsg_buf[40];
data/r-bioc-xvector-0.30.0/src/SharedDouble_class.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100]; /* should be enough... */
data/r-bioc-xvector-0.30.0/src/SharedInteger_class.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100]; /* should be enough... */
data/r-bioc-xvector-0.30.0/src/SharedRaw_class.c:57:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const char *) RAW(x_tag), LENGTH(x_tag),
data/r-bioc-xvector-0.30.0/src/SharedRaw_class.c:82:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const char *) RAW(x_tag), LENGTH(x_tag),
data/r-bioc-xvector-0.30.0/src/SharedVector_class.c:20:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[40]; /* should be enough, even for 128-bit addresses */
data/r-bioc-xvector-0.30.0/src/SharedVector_class.c:223:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20]; /* should be enough... */
data/r-bioc-xvector-0.30.0/src/SharedVector_class.c:440:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char classname_buf[80];
data/r-bioc-xvector-0.30.0/src/io_utils.c:284:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(expath, mode);
data/r-bioc-xvector-0.30.0/src/io_utils.c:400:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[7];
data/r-bioc-xvector-0.30.0/src/io_utils.c:405:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(expath, "rb")) == NULL)
data/r-bioc-xvector-0.30.0/src/io_utils.c:636:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_len = strlen(buf);
ANALYSIS SUMMARY:
Hits = 32
Lines analyzed = 6820 in approximately 0.18 seconds (37922 lines/second)
Physical Source Lines of Code (SLOC) = 4970
Hits@level = [0] 13 [1] 1 [2] 29 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 45 [1+] 32 [2+] 31 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 9.05433 [1+] 6.43863 [2+] 6.23742 [3+] 0.402414 [4+] 0.402414 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.