Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/r-cran-magick-2.5.2+dfsg/src/composite.cpp Examining data/r-cran-magick-2.5.2+dfsg/src/options.cpp Examining data/r-cran-magick-2.5.2+dfsg/src/fonts.cpp Examining data/r-cran-magick-2.5.2+dfsg/src/config.cc Examining data/r-cran-magick-2.5.2+dfsg/src/animation.cpp Examining data/r-cran-magick-2.5.2+dfsg/src/properties.cpp Examining data/r-cran-magick-2.5.2+dfsg/src/edges.cpp Examining data/r-cran-magick-2.5.2+dfsg/src/base.cpp Examining data/r-cran-magick-2.5.2+dfsg/src/magick_types.h Examining data/r-cran-magick-2.5.2+dfsg/src/segment.cpp Examining data/r-cran-magick-2.5.2+dfsg/src/color.cpp Examining data/r-cran-magick-2.5.2+dfsg/src/transformations.cpp Examining data/r-cran-magick-2.5.2+dfsg/src/edit.cpp Examining data/r-cran-magick-2.5.2+dfsg/src/device.cpp Examining data/r-cran-magick-2.5.2+dfsg/src/resize.cpp Examining data/r-cran-magick-2.5.2+dfsg/src/attributes.cpp Examining data/r-cran-magick-2.5.2+dfsg/src/RcppExports.cpp Examining data/r-cran-magick-2.5.2+dfsg/src/convolve.cpp FINAL RESULTS: data/r-cran-magick-2.5.2+dfsg/src/attributes.cpp:14:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output[10] = "#"; data/r-cran-magick-2.5.2+dfsg/src/device.cpp:13:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[10]; data/r-cran-magick-2.5.2+dfsg/src/device.cpp:406:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(out.begin(), output.data(), output.length()); data/r-cran-magick-2.5.2+dfsg/src/device.cpp:470:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[16]; data/r-cran-magick-2.5.2+dfsg/src/edit.cpp:155:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. std::memcpy(res.begin(), output.data(), output.length()); data/r-cran-magick-2.5.2+dfsg/src/edit.cpp:175:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res.begin(), output.data(), output.length()); data/r-cran-magick-2.5.2+dfsg/src/edit.cpp:192:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res.begin(), output.data(), output.length()); data/r-cran-magick-2.5.2+dfsg/src/options.cpp:36:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char path[MaxTextExtent] = ""; data/r-cran-magick-2.5.2+dfsg/src/base.cpp:72:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(pseudo_image)) data/r-cran-magick-2.5.2+dfsg/src/base.cpp:73:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). x.read(pseudo_image); data/r-cran-magick-2.5.2+dfsg/src/fonts.cpp:8:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(!strlen(family) || data/r-cran-magick-2.5.2+dfsg/src/options.cpp:27:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(new_tmpdir && strlen(new_tmpdir)){ data/r-cran-magick-2.5.2+dfsg/src/transformations.cpp:387:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Magick::MetricType compare_metric = strlen(metric) ? Metric(metric) : Magick::myUndefinedMetric; ANALYSIS SUMMARY: Hits = 13 Lines analyzed = 4435 in approximately 0.14 seconds (31636 lines/second) Physical Source Lines of Code (SLOC) = 3749 Hits@level = [0] 6 [1] 5 [2] 8 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 19 [1+] 13 [2+] 8 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 5.06802 [1+] 3.46759 [2+] 2.1339 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.