Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-actuar-3.0-0/src/exp.c
Examining data/r-cran-actuar-3.0-0/src/ztgeom.c
Examining data/r-cran-actuar-3.0-0/src/poisinvgauss.c
Examining data/r-cran-actuar-3.0-0/src/actuar.h
Examining data/r-cran-actuar-3.0-0/src/gamma.c
Examining data/r-cran-actuar-3.0-0/src/pareto1.c
Examining data/r-cran-actuar-3.0-0/src/util.c
Examining data/r-cran-actuar-3.0-0/src/beta.c
Examining data/r-cran-actuar-3.0-0/src/trgamma.c
Examining data/r-cran-actuar-3.0-0/src/ztbinom.c
Examining data/r-cran-actuar-3.0-0/src/fpareto.c
Examining data/r-cran-actuar-3.0-0/src/locale.h
Examining data/r-cran-actuar-3.0-0/src/pareto3.c
Examining data/r-cran-actuar-3.0-0/src/pareto.c
Examining data/r-cran-actuar-3.0-0/src/phtype.c
Examining data/r-cran-actuar-3.0-0/src/invweibull.c
Examining data/r-cran-actuar-3.0-0/src/llogis.c
Examining data/r-cran-actuar-3.0-0/src/lgamma.c
Examining data/r-cran-actuar-3.0-0/src/pareto2.c
Examining data/r-cran-actuar-3.0-0/src/zmbinom.c
Examining data/r-cran-actuar-3.0-0/src/ztnbinom.c
Examining data/r-cran-actuar-3.0-0/src/hierarc.c
Examining data/r-cran-actuar-3.0-0/src/zmlogarithmic.c
Examining data/r-cran-actuar-3.0-0/src/init.c
Examining data/r-cran-actuar-3.0-0/src/dpq.c
Examining data/r-cran-actuar-3.0-0/src/ztpois.c
Examining data/r-cran-actuar-3.0-0/src/genpareto.c
Examining data/r-cran-actuar-3.0-0/src/lnorm.c
Examining data/r-cran-actuar-3.0-0/src/betaint.c
Examining data/r-cran-actuar-3.0-0/src/names.c
Examining data/r-cran-actuar-3.0-0/src/logarithmic.c
Examining data/r-cran-actuar-3.0-0/src/burr.c
Examining data/r-cran-actuar-3.0-0/src/zmpois.c
Examining data/r-cran-actuar-3.0-0/src/chisq.c
Examining data/r-cran-actuar-3.0-0/src/weibull.c
Examining data/r-cran-actuar-3.0-0/src/gumbel.c
Examining data/r-cran-actuar-3.0-0/src/invtrgamma.c
Examining data/r-cran-actuar-3.0-0/src/invpareto.c
Examining data/r-cran-actuar-3.0-0/src/invparalogis.c
Examining data/r-cran-actuar-3.0-0/src/random.c
Examining data/r-cran-actuar-3.0-0/src/zmgeom.c
Examining data/r-cran-actuar-3.0-0/src/randomphtype.c
Examining data/r-cran-actuar-3.0-0/src/invgauss.c
Examining data/r-cran-actuar-3.0-0/src/unif.c
Examining data/r-cran-actuar-3.0-0/src/invburr.c
Examining data/r-cran-actuar-3.0-0/src/genbeta.c
Examining data/r-cran-actuar-3.0-0/src/zmnbinom.c
Examining data/r-cran-actuar-3.0-0/src/panjer.c
Examining data/r-cran-actuar-3.0-0/src/pareto4.c
Examining data/r-cran-actuar-3.0-0/src/paralogis.c
Examining data/r-cran-actuar-3.0-0/src/dpq.h
Examining data/r-cran-actuar-3.0-0/src/invgamma.c
Examining data/r-cran-actuar-3.0-0/src/trbeta.c
Examining data/r-cran-actuar-3.0-0/src/invexp.c
Examining data/r-cran-actuar-3.0-0/src/dpqphtype.c
Examining data/r-cran-actuar-3.0-0/src/norm.c
Examining data/r-cran-actuar-3.0-0/inst/include/actuarAPI.h
FINAL RESULTS:
data/r-cran-actuar-3.0-0/src/hierarc.c:26:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(REAL(ans), x, size * sizeof(double));
data/r-cran-actuar-3.0-0/src/hierarc.c:77:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fnodes[i], INTEGER(VECTOR_ELT(s_fnodes, i)),
data/r-cran-actuar-3.0-0/src/hierarc.c:79:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tweights[nlevels], REAL(VECTOR_ELT(s_tweights, nlevels)),
data/r-cran-actuar-3.0-0/src/hierarc.c:81:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wmeans[nlevels], REAL(VECTOR_ELT(s_wmeans, nlevels)),
data/r-cran-actuar-3.0-0/src/panjer.c:165:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ofs, fs, x * sizeof(double)); /* keep previous array */
data/r-cran-actuar-3.0-0/src/panjer.c:178:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(REAL(sfs), fs, x * sizeof(double));
ANALYSIS SUMMARY:
Hits = 6
Lines analyzed = 11055 in approximately 0.32 seconds (34988 lines/second)
Physical Source Lines of Code (SLOC) = 7773
Hits@level = [0] 0 [1] 0 [2] 6 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 6 [1+] 6 [2+] 6 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.771903 [1+] 0.771903 [2+] 0.771903 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.