Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-earth-5.3.0/src/earth.h
Examining data/r-cran-earth-5.3.0/src/allowed.c
Examining data/r-cran-earth-5.3.0/src/rentries.c
Examining data/r-cran-earth-5.3.0/src/earth.c
Examining data/r-cran-earth-5.3.0/src/allowed.h
Examining data/r-cran-earth-5.3.0/inst/slowtests/test.earthc.c
FINAL RESULTS:
data/r-cran-earth-5.3.0/inst/slowtests/test.earthc.c:30:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(s, args, p);
data/r-cran-earth-5.3.0/inst/slowtests/test.earthc.c:277:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sTestName1, "%s%s%s",
data/r-cran-earth-5.3.0/src/earth.c:70:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define printf Rprintf
data/r-cran-earth-5.3.0/src/earth.c:74:21: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define warning printf
data/r-cran-earth-5.3.0/src/earth.c:259:13: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(s, args, va);
data/r-cran-earth-5.3.0/src/earth.c:279:13: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(s, args, va);
data/r-cran-earth-5.3.0/src/earth.c:361:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(s, Align? "%6.3f GB": "%.3g GB", Size / ((size_t)1 << 30));
data/r-cran-earth-5.3.0/src/earth.c:363:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(s, Align? "%6.0f MB": "%.3g MB", Size / ((size_t)1 << 20));
data/r-cran-earth-5.3.0/src/earth.c:365:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(s, Align? "%6.0f kB": "%.3g kB", Size / ((size_t)1 << 10));
data/r-cran-earth-5.3.0/src/earth.c:367:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(s, Align? "%6.0f B": "%g Bytes", Size);
data/r-cran-earth-5.3.0/src/earth.c:378:9: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(s, args, va);
data/r-cran-earth-5.3.0/src/earth.c:2351:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sx, sFormatMemSize(nCases * nPreds * sizeof(double), false));
data/r-cran-earth-5.3.0/src/earth.c:2353:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sbx, sFormatMemSize(nCases * nMaxTerms * sizeof(double), false));
data/r-cran-earth-5.3.0/src/earth.c:2459:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sUsed, ", %d term%s used", nUsed, nUsed == 1? "": "s");
data/r-cran-earth-5.3.0/src/earth.c:2461:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sTerms, "%d term%s%s", nTerms, nTerms == 1? "": "s", sUsed);
data/r-cran-earth-5.3.0/src/earth.c:3470:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
char sPad[500]; sprintf(sPad, "%*s", 28+nDigits+nPredWidth, " "); // comment pad
data/r-cran-earth-5.3.0/src/earth.c:3472:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(sFormat, Betas_(0, iResp)); // intercept
data/r-cran-earth-5.3.0/src/earth.c:3488:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, " * max(0, %s - %*sx[%s])",
data/r-cran-earth-5.3.0/src/earth.c:3490:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(s, Cuts_(iTerm, iPred), iPred);
data/r-cran-earth-5.3.0/src/earth.c:3494:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, " * max(0, x[%s]%*s- %s)",
data/r-cran-earth-5.3.0/src/earth.c:3496:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(s, iPred, Cuts_(iTerm, iPred));
data/r-cran-earth-5.3.0/src/earth.c:3500:29: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, " * x[%s]%*s ",
data/r-cran-earth-5.3.0/src/earth.c:3502:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(s, iPred);
data/r-cran-earth-5.3.0/src/earth.c:3600:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(s, args, va);
data/r-cran-earth-5.3.0/inst/slowtests/test.earthc.c:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1000];
data/r-cran-earth-5.3.0/inst/slowtests/test.earthc.c:276:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sTestName1[200];
data/r-cran-earth-5.3.0/src/earth.c:256:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1000];
data/r-cran-earth-5.3.0/src/earth.c:276:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1000];
data/r-cran-earth-5.3.0/src/earth.c:358:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[100];
data/r-cran-earth-5.3.0/src/earth.c:375:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1000];
data/r-cran-earth-5.3.0/src/earth.c:517:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(SortedQ, Q, nQMax * sizeof(tQueue));
data/r-cran-earth-5.3.0/src/earth.c:666:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xUsed + iUsed * nCases,
data/r-cran-earth-5.3.0/src/earth.c:1152:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bxOrthCol, y, nCases * sizeof(double));
data/r-cran-earth-5.3.0/src/earth.c:1985:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bxTemp, bxUsed, nCases * nUsedCols * sizeof(double));
data/r-cran-earth-5.3.0/src/earth.c:2350:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sx[100];
data/r-cran-earth-5.3.0/src/earth.c:2352:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sbx[100];
data/r-cran-earth-5.3.0/src/earth.c:2456:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sUsed[100] = "";
data/r-cran-earth-5.3.0/src/earth.c:2460:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sTerms[200]; // May 2018: changed 100 to 200 for specious CRAN warning: '%s' directive writing up to 99 bytes into a region of size between 84 and 94 [-Wformat-overflow=]
data/r-cran-earth-5.3.0/src/earth.c:3098:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(PruneTerms + (nUsedCols-1) * nMaxTerms, WorkingSet,
data/r-cran-earth-5.3.0/src/earth.c:3255:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(BestSet, PruneTerms + iBestModel * nMaxTerms, nMaxTerms * sizeof(bool));
data/r-cran-earth-5.3.0/src/earth.c:3286:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bx + nUsed * nCases, bx + iTerm * nCases, nCases * sizeof(double));
data/r-cran-earth-5.3.0/src/earth.c:3458:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1000];
data/r-cran-earth-5.3.0/src/earth.c:3460:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sFormat[50]; sprintf(sFormat, "%%-%d.%dg", nDigits+6, nDigits);
data/r-cran-earth-5.3.0/src/earth.c:3460:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
char sFormat[50]; sprintf(sFormat, "%%-%d.%dg", nDigits+6, nDigits);
data/r-cran-earth-5.3.0/src/earth.c:3461:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sFormat1[50]; sprintf(sFormat1, "%%%d.%dg", nDigits+6, nDigits);
data/r-cran-earth-5.3.0/src/earth.c:3461:24: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
char sFormat1[50]; sprintf(sFormat1, "%%%d.%dg", nDigits+6, nDigits);
data/r-cran-earth-5.3.0/src/earth.c:3469:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sPredFormat[20]; sprintf(sPredFormat, "%%%dd", nPredWidth);
data/r-cran-earth-5.3.0/src/earth.c:3469:27: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
char sPredFormat[20]; sprintf(sPredFormat, "%%%dd", nPredWidth);
data/r-cran-earth-5.3.0/src/earth.c:3470:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sPad[500]; sprintf(sPad, "%*s", 28+nDigits+nPredWidth, " "); // comment pad
data/r-cran-earth-5.3.0/src/earth.c:3597:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1000];
data/r-cran-earth-5.3.0/src/earth.c:3614:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[7];
data/r-cran-earth-5.3.0/src/earth.c:3615:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, srname, 6);
ANALYSIS SUMMARY:
Hits = 52
Lines analyzed = 4898 in approximately 0.15 seconds (32828 lines/second)
Physical Source Lines of Code (SLOC) = 3901
Hits@level = [0] 87 [1] 1 [2] 27 [3] 0 [4] 24 [5] 0
Hits@level+ = [0+] 139 [1+] 52 [2+] 51 [3+] 24 [4+] 24 [5+] 0
Hits/KSLOC@level+ = [0+] 35.6319 [1+] 13.3299 [2+] 13.0736 [3+] 6.15227 [4+] 6.15227 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.