Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c Examining data/r-cran-maptools-1.0-2+dfsg/src/Rshapewrite.c Examining data/r-cran-maptools-1.0-2+dfsg/src/Rshapeget.c Examining data/r-cran-maptools-1.0-2+dfsg/src/init.c Examining data/r-cran-maptools-1.0-2+dfsg/src/Rshapewrite1.c Examining data/r-cran-maptools-1.0-2+dfsg/src/maptools.h Examining data/r-cran-maptools-1.0-2+dfsg/src/insiders.c Examining data/r-cran-maptools-1.0-2+dfsg/src/Rgshhs.c Examining data/r-cran-maptools-1.0-2+dfsg/src/Rgshhs.h Examining data/r-cran-maptools-1.0-2+dfsg/src/shptree.c Examining data/r-cran-maptools-1.0-2+dfsg/src/Rcentroid.c Examining data/r-cran-maptools-1.0-2+dfsg/src/pip.c Examining data/r-cran-maptools-1.0-2+dfsg/src/Rshapeinfo.c Examining data/r-cran-maptools-1.0-2+dfsg/src/shapefil.h FINAL RESULTS: data/r-cran-maptools-1.0-2+dfsg/src/Rgshhs.c:100:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msg, "Could not find file %s", CHAR(STRING_ELT(fn, 0))); data/r-cran-maptools-1.0-2+dfsg/src/Rgshhs.c:337:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (msg, data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:444:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( pszBasename, pszLayer ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:458:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pszFullname, "%s.shp", pszBasename ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:462:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pszFullname, "%s.SHP", pszBasename ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:479:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pszFullname, "%s.shx", pszBasename ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:483:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pszFullname, "%s.SHX", pszBasename ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:740:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( pszBasename, pszLayer ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:753:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pszFullname, "%s.shp", pszBasename ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:765:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( pszFullname, "%s.shx", pszBasename ); data/r-cran-maptools-1.0-2+dfsg/src/Rgshhs.c:86:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[255]; data/r-cran-maptools-1.0-2+dfsg/src/Rgshhs.c:87:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *name[2] = {"polygon", "line"}; data/r-cran-maptools-1.0-2+dfsg/src/Rgshhs.c:98:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen (CHAR(STRING_ELT(fn, 0)), "rb"); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:218:29: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define ByteCopy( a, b, c ) memcpy( b, a, c ) data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:459:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). psSHP->fpSHP = fopen(pszFullname, pszAccess ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:463:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). psSHP->fpSHP = fopen(pszFullname, pszAccess ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:480:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). psSHP->fpSHX = fopen(pszFullname, pszAccess ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:484:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). psSHP->fpSHX = fopen(pszFullname, pszAccess ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:560:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &dValue, pabyBuf+36, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:564:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &dValue, pabyBuf+44, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:568:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &dValue, pabyBuf+52, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:572:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &dValue, pabyBuf+60, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:576:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &dValue, pabyBuf+68, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:580:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &dValue, pabyBuf+76, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:584:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &dValue, pabyBuf+84, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:588:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &dValue, pabyBuf+92, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:627:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &nOffset, pabyBuf + i * 8, 4 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:630:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &nLength, pabyBuf + i * 8 + 4, 4 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:754:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fpSHP = fopen(pszFullname, "wb" ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:766:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fpSHX = fopen(pszFullname, "wb" ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1146:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( pabyRec + nRecordSize, psObject->panPartType, data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1472:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &psShape->nSHPType, psSHP->pabyRec + 8, 4 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1491:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &(psShape->dfXMin), psSHP->pabyRec + 8 + 4, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1492:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &(psShape->dfYMin), psSHP->pabyRec + 8 + 12, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1493:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &(psShape->dfXMax), psSHP->pabyRec + 8 + 20, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1494:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &(psShape->dfYMax), psSHP->pabyRec + 8 + 28, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1505:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &nPoints, psSHP->pabyRec + 40 + 8, 4 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1506:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &nParts, psSHP->pabyRec + 36 + 8, 4 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1527:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( psShape->panPartStart, psSHP->pabyRec + 44 + 8, (size_t) (4 * nParts) ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1540:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( psShape->panPartType, psSHP->pabyRec + nOffset, (size_t) (4*nParts) ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1554:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(psShape->padfX + i, data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1558:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(psShape->padfY + i, data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1575:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &(psShape->dfZMin), psSHP->pabyRec + nOffset, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1576:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &(psShape->dfZMax), psSHP->pabyRec + nOffset + 8, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1583:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( psShape->padfZ + i, data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1599:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &(psShape->dfMMin), psSHP->pabyRec + nOffset, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1600:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &(psShape->dfMMax), psSHP->pabyRec + nOffset + 8, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1607:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( psShape->padfM + i, data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1625:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &nPoints, psSHP->pabyRec + 44, 4 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1636:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(psShape->padfX+i, psSHP->pabyRec + 48 + 16 * i, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1637:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(psShape->padfY+i, psSHP->pabyRec + 48 + 16 * i + 8, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1648:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &(psShape->dfXMin), psSHP->pabyRec + 8 + 4, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1649:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &(psShape->dfYMin), psSHP->pabyRec + 8 + 12, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1650:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &(psShape->dfXMax), psSHP->pabyRec + 8 + 20, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1651:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &(psShape->dfYMax), psSHP->pabyRec + 8 + 28, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1663:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &(psShape->dfZMin), psSHP->pabyRec + nOffset, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1664:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &(psShape->dfZMax), psSHP->pabyRec + nOffset + 8, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1671:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( psShape->padfZ + i, data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1687:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &(psShape->dfMMin), psSHP->pabyRec + nOffset, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1688:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( &(psShape->dfMMax), psSHP->pabyRec + nOffset + 8, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1695:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( psShape->padfM + i, data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1717:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( psShape->padfX, psSHP->pabyRec + 12, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1718:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( psShape->padfY, psSHP->pabyRec + 20, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1730:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( psShape->padfZ, psSHP->pabyRec + nOffset, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:1745:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( psShape->padfM, psSHP->pabyRec + nOffset, 8 ); data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:139:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( psTreeNode->adfBoundsMin, padfBoundsMin, sizeof(double) * 4 ); data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:142:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( psTreeNode->adfBoundsMax, padfBoundsMax, sizeof(double) * 4 ); data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:350:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( padfBoundsMin1, padfBoundsMinIn, sizeof(double) * 4 ); data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:351:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( padfBoundsMax1, padfBoundsMaxIn, sizeof(double) * 4 ); data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:352:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( padfBoundsMin2, padfBoundsMinIn, sizeof(double) * 4 ); data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:353:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( padfBoundsMax2, padfBoundsMaxIn, sizeof(double) * 4 ); data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:707:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. temp = ((unsigned char *) wordP)[i]; data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:708:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *)wordP)[i] = ((unsigned char *) wordP)[length-i-1]; data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:708:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *)wordP)[i] = ((unsigned char *) wordP)[length-i-1]; data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:709:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *) wordP)[length-i-1] = temp; data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:811:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char abyBuf[16]; data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:903:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( pabyRec, &offset, 4); data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:906:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( pabyRec+ 4, node->adfBoundsMin+0, sizeof(double) ); data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:907:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( pabyRec+12, node->adfBoundsMin+1, sizeof(double) ); data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:908:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( pabyRec+20, node->adfBoundsMax+0, sizeof(double) ); data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:909:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( pabyRec+28, node->adfBoundsMax+1, sizeof(double) ); data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:911:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( pabyRec+36, &node->nShapeCount, 4); data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:913:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( pabyRec+40, node->panShapeIds, (size_t) j); data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:914:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( pabyRec+j+40, &node->nSubNodes, 4); data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:932:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char signature[4] = "SQT"; data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:934:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char abyBuf[32]; data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:940:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(filename, "wb"); data/r-cran-maptools-1.0-2+dfsg/src/shptree.c:958:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( abyBuf+0, signature, 3 ); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:443:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pszBasename = (char *) malloc((size_t) (strlen(pszLayer)+5)); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:445:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( i = (int) strlen(pszBasename)-1; data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:457:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pszFullname = (char *) malloc((size_t) (strlen(pszBasename) + 5)); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:739:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pszBasename = (char *) malloc((size_t) (strlen(pszLayer)+5)); data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:741:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for( i = (int) strlen(pszBasename)-1; data/r-cran-maptools-1.0-2+dfsg/src/shpopen.c:752:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pszFullname = (char *) malloc((size_t) (strlen(pszBasename) + 5)); ANALYSIS SUMMARY: Hits = 94 Lines analyzed = 5238 in approximately 0.18 seconds (28396 lines/second) Physical Source Lines of Code (SLOC) = 3030 Hits@level = [0] 16 [1] 6 [2] 78 [3] 0 [4] 10 [5] 0 Hits@level+ = [0+] 110 [1+] 94 [2+] 88 [3+] 10 [4+] 10 [5+] 0 Hits/KSLOC@level+ = [0+] 36.3036 [1+] 31.0231 [2+] 29.0429 [3+] 3.30033 [4+] 3.30033 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.