Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-httpuv-1.5.4+dfsg/src/websockets-hixie76.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/constants.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/fs.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/httpresponse.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/callback.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/websockets.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/filedatasource-unix.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/http.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/md5.c
Examining data/r-cran-httpuv-1.5.4+dfsg/src/httprequest.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/base64/base64.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/base64/base64.hpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/thread.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/websockets-base.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/websockets-ietf.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/set_invalid_parameter.c
Examining data/r-cran-httpuv-1.5.4+dfsg/src/webapplication.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/fs.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/utils.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/tqueue.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/winutils.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/staticpath.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/mime.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/websockets-ietf.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/sha1/sha1.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/sha1/sha1.c
Examining data/r-cran-httpuv-1.5.4+dfsg/src/websockets-hixie76.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/utils.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/http_parser.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/http_parser.c
Examining data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/contrib/parsertrace.c
Examining data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/contrib/url_parser.c
Examining data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/bench.c
Examining data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c
Examining data/r-cran-httpuv-1.5.4+dfsg/src/websockets-hybi03.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/winutils.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/websockets-hybi03.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/callback.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/uvutil.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/filedatasource-win.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/websockets-base.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/md5.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/httpuv.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/auto_deleter.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/filedatasource.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/mime.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/staticpath.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/RcppExports.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/websockets.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/RcppExports-legacy.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/callbackqueue.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/callbackqueue.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/http.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/httprequest.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/httpresponse.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/httpuv.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/socket.cpp
Examining data/r-cran-httpuv-1.5.4+dfsg/src/socket.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/thread.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/uvutil.h
Examining data/r-cran-httpuv-1.5.4+dfsg/src/webapplication.h
FINAL RESULTS:
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3590:20: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
size_t buf1len = sprintf(buf1, "%s\r\nConnection: Keep-Alive\r\nContent-Length: %lu\r\n\r\n",
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3627:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(total, r1->raw);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3628:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(total, r2->raw);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3629:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(total, r3->raw);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3680:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(total, r1->raw);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3681:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(total, r2->raw);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3682:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(total, r3->raw);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:4081:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s / HTTP/1.1\r\n\r\n", *this_method);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:4101:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s / HTTP/1.1\r\n\r\n", *this_method);
data/r-cran-httpuv-1.5.4+dfsg/src/utils.h:52:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int n = vsnprintf(buf, max_size, fmt, args);
data/r-cran-httpuv-1.5.4+dfsg/src/base64/base64.cpp:15:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void encodeblock( unsigned char in[3], unsigned char out[4], int len )
data/r-cran-httpuv-1.5.4+dfsg/src/base64/base64.cpp:15:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void encodeblock( unsigned char in[3], unsigned char out[4], int len )
data/r-cran-httpuv-1.5.4+dfsg/src/base64/base64.hpp:4:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void encodeblock( unsigned char in[3], unsigned char out[4], int len );
data/r-cran-httpuv-1.5.4+dfsg/src/base64/base64.hpp:4:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void encodeblock( unsigned char in[3], unsigned char out[4], int len );
data/r-cran-httpuv-1.5.4+dfsg/src/base64/base64.hpp:9:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[3], out[4];
data/r-cran-httpuv-1.5.4+dfsg/src/filedatasource-unix.cpp:14:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_fd = open(path.c_str(), O_RDONLY);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/contrib/parsertrace.c:111:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* file = fopen(filename, "r");
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/http_parser.c:190:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char tokens[256] = {
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:54:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char response_status[MAX_ELEMENT_SIZE];
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char request_path[MAX_ELEMENT_SIZE];
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char request_url[MAX_ELEMENT_SIZE];
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fragment[MAX_ELEMENT_SIZE];
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:58:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char query_string[MAX_ELEMENT_SIZE];
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char body[MAX_ELEMENT_SIZE];
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char headers [MAX_HEADERS][2][MAX_ELEMENT_SIZE];
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:1806:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst + dlen, src, ncpy);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:1830:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, ncpy);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:2381:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ubuf[256]; \
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:2384:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ubuf, (found)->request_url + (u)->field_data[(fn)].off, \
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3589:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[3000];
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3620:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char total[ strlen(r1->raw)
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3675:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char total[80*1024] = "\0";
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3676:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[80*1024] = "\0";
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3677:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[80*1024] = "\0";
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3678:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf3[80*1024] = "\0";
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3800:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, headers, headers_len);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3805:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + wrote, "400\r\n", 5);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3809:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf + wrote, "\r\n");
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3813:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + wrote, "0\r\n\r\n", 6);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:4080:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:4100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/r-cran-httpuv-1.5.4+dfsg/src/md5.c:226:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, size);
data/r-cran-httpuv-1.5.4+dfsg/src/md5.c:230:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->buffer[used], data, free);
data/r-cran-httpuv-1.5.4+dfsg/src/md5.c:241:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer, data, size);
data/r-cran-httpuv-1.5.4+dfsg/src/md5.h:37:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64];
data/r-cran-httpuv-1.5.4+dfsg/src/sha1/sha1.c:141:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block, buffer, 64);
data/r-cran-httpuv-1.5.4+dfsg/src/sha1/sha1.c:213:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[j], data, (i = 64-j));
data/r-cran-httpuv-1.5.4+dfsg/src/sha1/sha1.c:221:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->buffer[j], &data[i], len - i);
data/r-cran-httpuv-1.5.4+dfsg/src/sha1/sha1.c:268:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[SHA1_DIGEST_SIZE], buffer[16384];
data/r-cran-httpuv-1.5.4+dfsg/src/sha1/sha1.c:281:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(file = fopen(argv[1], "rb"))) {
data/r-cran-httpuv-1.5.4+dfsg/src/sha1/sha1.c:325:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(c,"%02X", digest[i*4+j]);
data/r-cran-httpuv-1.5.4+dfsg/src/sha1/sha1.c:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[80];
data/r-cran-httpuv-1.5.4+dfsg/src/utils.h:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[max_size];
data/r-cran-httpuv-1.5.4+dfsg/src/utils.h:250:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res[maxlen];
data/r-cran-httpuv-1.5.4+dfsg/src/uvutil.h:94:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char addr[16];
data/r-cran-httpuv-1.5.4+dfsg/src/websockets-base.cpp:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pData[MAX_HEADER_BYTES], size_t* pLen) const {
data/r-cran-httpuv-1.5.4+dfsg/src/websockets-base.cpp:46:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBuf + 2, &payloadSize_64, sizeof(uint16_t));
data/r-cran-httpuv-1.5.4+dfsg/src/websockets-base.cpp:53:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBuf + 2, &payloadSize_64, sizeof(uint64_t));
data/r-cran-httpuv-1.5.4+dfsg/src/websockets-base.cpp:60:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pMaskingKey, &maskingKey, sizeof(int32_t));
data/r-cran-httpuv-1.5.4+dfsg/src/websockets-base.h:29:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pData[MAX_HEADER_BYTES], size_t* pLen) const;
data/r-cran-httpuv-1.5.4+dfsg/src/websockets-hixie76.cpp:16:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pHeaderData[MAX_HEADER_BYTES], size_t* pHeaderLen,
data/r-cran-httpuv-1.5.4+dfsg/src/websockets-hixie76.cpp:17:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pFooterData[MAX_FOOTER_BYTES], size_t* pFooterLen) const {
data/r-cran-httpuv-1.5.4+dfsg/src/websockets-hixie76.h:46:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pHeaderData[MAX_HEADER_BYTES], size_t* pHeaderLen,
data/r-cran-httpuv-1.5.4+dfsg/src/websockets-hixie76.h:47:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pFooterData[MAX_FOOTER_BYTES], size_t* pFooterLen
data/r-cran-httpuv-1.5.4+dfsg/src/websockets-hybi03.cpp:72:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(handshake + 8, *ppData, 8);
data/r-cran-httpuv-1.5.4+dfsg/src/websockets-hybi03.h:23:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pData[MAX_HEADER_BYTES], size_t* pLen) const;
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.cpp:152:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pHeaderData[MAX_HEADER_BYTES], size_t* pHeaderLen,
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.cpp:153:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pFooterData[MAX_FOOTER_BYTES], size_t* pFooterLen
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.h:100:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pHeaderData[MAX_HEADER_BYTES], size_t* pHeaderLen,
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.h:101:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pFooterData[MAX_FOOTER_BYTES], size_t* pFooterLen
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.h:133:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pHeaderData[MAX_HEADER_BYTES], size_t* pHeaderLen,
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.h:134:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pFooterData[MAX_FOOTER_BYTES], size_t* pFooterLen
data/r-cran-httpuv-1.5.4+dfsg/src/winutils.cpp:40:18: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
int chars = ::MultiByteToWideChar(CP_UTF8, 0,
data/r-cran-httpuv-1.5.4+dfsg/src/winutils.cpp:48:14: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
chars = ::MultiByteToWideChar(CP_UTF8, 0,
data/r-cran-httpuv-1.5.4+dfsg/src/filedatasource-unix.cpp:65:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t bytesRead = read(_fd, buffer, bytesDesired);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/contrib/url_parser.c:34:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[2]);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:2428:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (http_parser_parse_url(m->request_url, strlen(m->request_url), 0, &u)) {
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:2522:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off += strlen(m->raw);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:2525:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off -= strlen(m->upgrade);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:2534:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(body + nread + strlen(m->upgrade)) = '\0';
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:2555:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t i, j, len = strlen(raw), error_location_line = 0;
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3179:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(test->url),
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3222:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t raw_len = strlen(message->raw);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3227:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t read;
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3236:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
messages[num_messages - 1].upgrade = msg1 + read;
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3240:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != msg1len) {
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3241:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(msg1, read);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3250:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
messages[num_messages - 1].upgrade = msg2 + read;
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3254:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != msg2len) {
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3255:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(msg2, read);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3261:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != 0) {
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3262:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(message->raw, read);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3284:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t read;
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3285:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(message->raw);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3292:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != toread) {
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3293:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(message->raw, read);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3300:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != 0) {
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3301:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(message->raw, read);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3322:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parse(buf, strlen(buf));
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3352:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf));
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3353:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(parsed == strlen(buf));
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3356:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(buf);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3386:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf));
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3387:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(parsed == strlen(buf));
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3390:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(buf);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3420:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf));
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3421:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(parsed == strlen(buf));
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3424:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(buf);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3447:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf));
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3448:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(parsed == strlen(buf));
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3451:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(buf);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3474:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf));
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3475:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(parsed == strlen(buf));
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3478:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(buf);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3499:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf));
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3500:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(parsed == strlen(buf));
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3503:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(buf);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3528:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf));
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3529:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(parsed == strlen(buf));
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3531:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(parser.nread == strlen(buf));
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3620:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char total[ strlen(r1->raw)
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3621:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(r2->raw)
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3622:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(r3->raw)
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3633:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t read;
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3635:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read = parse(total, strlen(total));
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3638:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
upgrade_message_fix(total, read, 3, r1, r2, r3);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3642:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != strlen(total)) {
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3642:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (read != strlen(total)) {
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3643:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(total, read);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3649:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != 0) {
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3650:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(total, read);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3684:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t read;
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3686:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int total_len = strlen(total);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3723:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != buf1_len) {
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3724:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(buf1, read);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3732:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != buf1_len + buf2_len) {
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3733:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(buf2, read);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3741:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != buf1_len + buf2_len + buf3_len) {
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3742:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
print_error(buf3, read);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3750:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
upgrade_message_fix(total, read, 3, r1, r2, r3);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3796:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t headers_len = strlen(headers);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3826:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(msg->raw);
data/r-cran-httpuv-1.5.4+dfsg/src/http-parser/test.c:3878:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buflen = strlen(msg->raw);
data/r-cran-httpuv-1.5.4+dfsg/src/http.cpp:75:15: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
oldMask = umask(mask);
data/r-cran-httpuv-1.5.4+dfsg/src/http.cpp:78:5: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(oldMask);
data/r-cran-httpuv-1.5.4+dfsg/src/httprequest.cpp:759:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
boost::bind(&WebSocketConnection::read,
data/r-cran-httpuv-1.5.4+dfsg/src/httprequest.cpp:866:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
p_wsc->read(buf->base, nread);
data/r-cran-httpuv-1.5.4+dfsg/src/sha1/sha1.c:328:9: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(c, " ");
data/r-cran-httpuv-1.5.4+dfsg/src/sha1/sha1.c:345:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
reid_SHA1_Update(&context, (uint8_t*)test_data[k], strlen(test_data[k]));
data/r-cran-httpuv-1.5.4+dfsg/src/websockets-hixie76.cpp:26:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void WSHixie76Parser::read(const char* data, size_t len) {
data/r-cran-httpuv-1.5.4+dfsg/src/websockets-hixie76.h:50:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(const char* data, size_t len);
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.cpp:60:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return _pProto->isFin(read(0, 1));
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.cpp:63:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t oc = read(4, 4);
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.cpp:67:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(8, 1) != 0;
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.cpp:70:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t pl = read(9, 7);
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.cpp:84:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
key[0] = read(9 + payloadLengthLength(), 8);
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.cpp:85:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
key[1] = read(9 + payloadLengthLength() + 8, 8);
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.cpp:86:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
key[2] = read(9 + payloadLengthLength() + 16, 8);
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.cpp:87:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
key[3] = read(9 + payloadLengthLength() + 24, 8);
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.cpp:93:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t WSHyBiFrameHeader::read(size_t bitOffset, size_t bitWidth) const {
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.cpp:125:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t pll = read(9, 7);
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.cpp:159:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void WSHyBiParser::read(const char* data, size_t len) {
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.cpp:308:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void WebSocketConnection::read(const char* data, size_t len) {
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.cpp:312:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_pParser->read(data, len);
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.cpp:315:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void WebSocketConnection::read(boost::shared_ptr<std::vector<char> > buf) {
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.cpp:318:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(safe_vec_addr(*buf), buf->size());
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.h:67:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t read(size_t bitOffset, size_t bitWidth) const;
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.h:104:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void read(const char* data, size_t len) = 0;
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.h:137:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(const char* data, size_t len);
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.h:195:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(const char* data, size_t len);
data/r-cran-httpuv-1.5.4+dfsg/src/websockets.h:196:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(boost::shared_ptr<std::vector<char> > buf);
ANALYSIS SUMMARY:
Hits = 171
Lines analyzed = 15567 in approximately 0.39 seconds (39623 lines/second)
Physical Source Lines of Code (SLOC) = 11791
Hits@level = [0] 103 [1] 97 [2] 64 [3] 0 [4] 10 [5] 0
Hits@level+ = [0+] 274 [1+] 171 [2+] 74 [3+] 10 [4+] 10 [5+] 0
Hits/KSLOC@level+ = [0+] 23.2381 [1+] 14.5026 [2+] 6.27597 [3+] 0.848104 [4+] 0.848104 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.