stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-fansi-0.4.1/src/read.c
Examining data/r-cran-fansi-0.4.1/src/rnchar.c
Examining data/r-cran-fansi-0.4.1/src/has.c
Examining data/r-cran-fansi-0.4.1/src/strsplit.c
Examining data/r-cran-fansi-0.4.1/src/tabs.c
Examining data/r-cran-fansi-0.4.1/src/state.c
Examining data/r-cran-fansi-0.4.1/src/init.c
Examining data/r-cran-fansi-0.4.1/src/utils.c
Examining data/r-cran-fansi-0.4.1/src/wrap.c
Examining data/r-cran-fansi-0.4.1/src/fansi.h
Examining data/r-cran-fansi-0.4.1/src/unhandled.c
Examining data/r-cran-fansi-0.4.1/src/assumptions.c
Examining data/r-cran-fansi-0.4.1/src/nchar.c
Examining data/r-cran-fansi-0.4.1/src/utf8.c
Examining data/r-cran-fansi-0.4.1/src/strip.c
Examining data/r-cran-fansi-0.4.1/src/unique.c
Examining data/r-cran-fansi-0.4.1/src/tohtml.c

FINAL RESULTS:

data/r-cran-fansi-0.4.1/src/state.c:439:22:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        write_chrs = sprintf(
data/r-cran-fansi-0.4.1/src/state.c:444:22:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        write_chrs = sprintf(string + str_off, "5;%d;", color_extra[1]);
data/r-cran-fansi-0.4.1/src/state.c:695:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char * rownames[4] = { // make sure lines up with res_cols
data/r-cran-fansi-0.4.1/src/strip.c:154:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(res_track, chr_track, csi.start - chr_track);
data/r-cran-fansi-0.4.1/src/strip.c:176:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(res_track, chr_track, chr_end - chr_track);
data/r-cran-fansi-0.4.1/src/strip.c:351:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(buff_track, string_start, copy_bytes);
data/r-cran-fansi-0.4.1/src/strsplit.c:135:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(buff_track, chr, chr_len);
data/r-cran-fansi-0.4.1/src/strsplit.c:137:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(buff_track, "\033[0m", 4);
data/r-cran-fansi-0.4.1/src/tabs.c:140:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(buff_track, state.string + last_byte, write_bytes);
data/r-cran-fansi-0.4.1/src/tohtml.c:70:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char * std_16[16] = {
data/r-cran-fansi-0.4.1/src/tohtml.c:79:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char * std_8[8] = {
data/r-cran-fansi-0.4.1/src/tohtml.c:83:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char * std_5[6] = {"00", "5F", "87", "AF", "D7", "FF"};
data/r-cran-fansi-0.4.1/src/tohtml.c:84:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char * bright[8] = {
data/r-cran-fansi-0.4.1/src/tohtml.c:112:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(buff_track, std_16[color_5], 6);
data/r-cran-fansi-0.4.1/src/tohtml.c:123:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(buff_track, std_5[c5_r], 2);
data/r-cran-fansi-0.4.1/src/tohtml.c:125:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(buff_track, std_5[c5_g], 2);
data/r-cran-fansi-0.4.1/src/tohtml.c:127:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(buff_track, std_5[c5_b], 2);
data/r-cran-fansi-0.4.1/src/tohtml.c:145:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buff_track, std_8[color], 6);
data/r-cran-fansi-0.4.1/src/tohtml.c:154:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buff_track, bright[c_bright], 6);
data/r-cran-fansi-0.4.1/src/tohtml.c:177:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buff, "</span><span>", 13);
data/r-cran-fansi-0.4.1/src/tohtml.c:182:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buff, "<span style='", 13);
data/r-cran-fansi-0.4.1/src/tohtml.c:185:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buff, "</span><span style='", 20);
data/r-cran-fansi-0.4.1/src/tohtml.c:197:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buff, "color: ", 7);
data/r-cran-fansi-0.4.1/src/tohtml.c:203:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buff, "background-color: ", 18);
data/r-cran-fansi-0.4.1/src/tohtml.c:212:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buff, css_style[i - 1].css, css_style[i - 1].len);
data/r-cran-fansi-0.4.1/src/tohtml.c:474:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buff_track, string_last, bytes_prev);
data/r-cran-fansi-0.4.1/src/tohtml.c:495:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buff_track, string_last, bytes_stub);
data/r-cran-fansi-0.4.1/src/tohtml.c:512:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buff_track, "</span>", span_end);
data/r-cran-fansi-0.4.1/src/utils.c:379:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(INTEGER(a), INTEGER(x), size);
data/r-cran-fansi-0.4.1/src/utils.c:380:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(INTEGER(b), INTEGER(x) + len, size);
data/r-cran-fansi-0.4.1/src/wrap.c:85:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(res, pre_chr, pre_len);
data/r-cran-fansi-0.4.1/src/wrap.c:225:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buff_track, pre_dat.string, pre_dat.bytes);
data/r-cran-fansi-0.4.1/src/wrap.c:231:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(
data/r-cran-fansi-0.4.1/src/wrap.c:246:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buff_track, "\033[0m", 4);
data/r-cran-fansi-0.4.1/src/utf8.c:65:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t loc_len = strlen(loc_string);
data/r-cran-fansi-0.4.1/src/utf8.c:116:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen(string);
data/r-cran-fansi-0.4.1/src/utf8.c:120:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(string);
data/r-cran-fansi-0.4.1/src/wrap.c:56:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int x_bytes = strlen(x_utf8);

ANALYSIS SUMMARY:

Hits = 38
Lines analyzed = 5189 in approximately 0.14 seconds (36125 lines/second)
Physical Source Lines of Code (SLOC) = 2982
Hits@level = [0]   0 [1]   4 [2]  34 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  38 [1+]  38 [2+]  34 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 12.7431 [1+] 12.7431 [2+] 11.4017 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.