Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/r-cran-fansi-0.4.1/src/read.c Examining data/r-cran-fansi-0.4.1/src/rnchar.c Examining data/r-cran-fansi-0.4.1/src/has.c Examining data/r-cran-fansi-0.4.1/src/strsplit.c Examining data/r-cran-fansi-0.4.1/src/tabs.c Examining data/r-cran-fansi-0.4.1/src/state.c Examining data/r-cran-fansi-0.4.1/src/init.c Examining data/r-cran-fansi-0.4.1/src/utils.c Examining data/r-cran-fansi-0.4.1/src/wrap.c Examining data/r-cran-fansi-0.4.1/src/fansi.h Examining data/r-cran-fansi-0.4.1/src/unhandled.c Examining data/r-cran-fansi-0.4.1/src/assumptions.c Examining data/r-cran-fansi-0.4.1/src/nchar.c Examining data/r-cran-fansi-0.4.1/src/utf8.c Examining data/r-cran-fansi-0.4.1/src/strip.c Examining data/r-cran-fansi-0.4.1/src/unique.c Examining data/r-cran-fansi-0.4.1/src/tohtml.c FINAL RESULTS: data/r-cran-fansi-0.4.1/src/state.c:439:22: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. write_chrs = sprintf( data/r-cran-fansi-0.4.1/src/state.c:444:22: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. write_chrs = sprintf(string + str_off, "5;%d;", color_extra[1]); data/r-cran-fansi-0.4.1/src/state.c:695:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * rownames[4] = { // make sure lines up with res_cols data/r-cran-fansi-0.4.1/src/strip.c:154:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res_track, chr_track, csi.start - chr_track); data/r-cran-fansi-0.4.1/src/strip.c:176:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res_track, chr_track, chr_end - chr_track); data/r-cran-fansi-0.4.1/src/strip.c:351:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff_track, string_start, copy_bytes); data/r-cran-fansi-0.4.1/src/strsplit.c:135:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff_track, chr, chr_len); data/r-cran-fansi-0.4.1/src/strsplit.c:137:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff_track, "\033[0m", 4); data/r-cran-fansi-0.4.1/src/tabs.c:140:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff_track, state.string + last_byte, write_bytes); data/r-cran-fansi-0.4.1/src/tohtml.c:70:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * std_16[16] = { data/r-cran-fansi-0.4.1/src/tohtml.c:79:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * std_8[8] = { data/r-cran-fansi-0.4.1/src/tohtml.c:83:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * std_5[6] = {"00", "5F", "87", "AF", "D7", "FF"}; data/r-cran-fansi-0.4.1/src/tohtml.c:84:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * bright[8] = { data/r-cran-fansi-0.4.1/src/tohtml.c:112:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff_track, std_16[color_5], 6); data/r-cran-fansi-0.4.1/src/tohtml.c:123:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff_track, std_5[c5_r], 2); data/r-cran-fansi-0.4.1/src/tohtml.c:125:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff_track, std_5[c5_g], 2); data/r-cran-fansi-0.4.1/src/tohtml.c:127:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff_track, std_5[c5_b], 2); data/r-cran-fansi-0.4.1/src/tohtml.c:145:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff_track, std_8[color], 6); data/r-cran-fansi-0.4.1/src/tohtml.c:154:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff_track, bright[c_bright], 6); data/r-cran-fansi-0.4.1/src/tohtml.c:177:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, "</span><span>", 13); data/r-cran-fansi-0.4.1/src/tohtml.c:182:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, "<span style='", 13); data/r-cran-fansi-0.4.1/src/tohtml.c:185:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, "</span><span style='", 20); data/r-cran-fansi-0.4.1/src/tohtml.c:197:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, "color: ", 7); data/r-cran-fansi-0.4.1/src/tohtml.c:203:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, "background-color: ", 18); data/r-cran-fansi-0.4.1/src/tohtml.c:212:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff, css_style[i - 1].css, css_style[i - 1].len); data/r-cran-fansi-0.4.1/src/tohtml.c:474:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff_track, string_last, bytes_prev); data/r-cran-fansi-0.4.1/src/tohtml.c:495:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff_track, string_last, bytes_stub); data/r-cran-fansi-0.4.1/src/tohtml.c:512:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff_track, "</span>", span_end); data/r-cran-fansi-0.4.1/src/utils.c:379:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(INTEGER(a), INTEGER(x), size); data/r-cran-fansi-0.4.1/src/utils.c:380:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(INTEGER(b), INTEGER(x) + len, size); data/r-cran-fansi-0.4.1/src/wrap.c:85:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, pre_chr, pre_len); data/r-cran-fansi-0.4.1/src/wrap.c:225:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff_track, pre_dat.string, pre_dat.bytes); data/r-cran-fansi-0.4.1/src/wrap.c:231:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( data/r-cran-fansi-0.4.1/src/wrap.c:246:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff_track, "\033[0m", 4); data/r-cran-fansi-0.4.1/src/utf8.c:65:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t loc_len = strlen(loc_string); data/r-cran-fansi-0.4.1/src/utf8.c:116:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(string); data/r-cran-fansi-0.4.1/src/utf8.c:120:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(string); data/r-cran-fansi-0.4.1/src/wrap.c:56:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int x_bytes = strlen(x_utf8); ANALYSIS SUMMARY: Hits = 38 Lines analyzed = 5189 in approximately 0.14 seconds (36125 lines/second) Physical Source Lines of Code (SLOC) = 2982 Hits@level = [0] 0 [1] 4 [2] 34 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 38 [1+] 38 [2+] 34 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 12.7431 [1+] 12.7431 [2+] 11.4017 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.