Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/r-cran-readxl-1.3.1/src/zip.cpp Examining data/r-cran-readxl-1.3.1/src/ole.c Examining data/r-cran-readxl-1.3.1/src/rapidxml_print.h Examining data/r-cran-readxl-1.3.1/src/XlsxWorkSheet.cpp Examining data/r-cran-readxl-1.3.1/src/cran.h Examining data/r-cran-readxl-1.3.1/src/XlsxCell.h Examining data/r-cran-readxl-1.3.1/src/XlsWorkBook.h Examining data/r-cran-readxl-1.3.1/src/XlsWorkBook.cpp Examining data/r-cran-readxl-1.3.1/src/XlsWorkSheet.cpp Examining data/r-cran-readxl-1.3.1/src/ColSpec.h Examining data/r-cran-readxl-1.3.1/src/Spinner.h Examining data/r-cran-readxl-1.3.1/src/XlsxWorkBook.h Examining data/r-cran-readxl-1.3.1/src/libxls/brdb.h Examining data/r-cran-readxl-1.3.1/src/libxls/xlsstruct.h Examining data/r-cran-readxl-1.3.1/src/libxls/endian.h Examining data/r-cran-readxl-1.3.1/src/libxls/xls.h Examining data/r-cran-readxl-1.3.1/src/libxls/brdb.c.h Examining data/r-cran-readxl-1.3.1/src/libxls/ole.h Examining data/r-cran-readxl-1.3.1/src/libxls/xlstypes.h Examining data/r-cran-readxl-1.3.1/src/libxls/xlstool.h Examining data/r-cran-readxl-1.3.1/src/StringSet.h Examining data/r-cran-readxl-1.3.1/src/windows/config.h Examining data/r-cran-readxl-1.3.1/src/CellLimits.h Examining data/r-cran-readxl-1.3.1/src/rapidxml.h Examining data/r-cran-readxl-1.3.1/src/XlsxWorkSheet.h Examining data/r-cran-readxl-1.3.1/src/utils.h Examining data/r-cran-readxl-1.3.1/src/XlsCell.h Examining data/r-cran-readxl-1.3.1/src/unix/config.h Examining data/r-cran-readxl-1.3.1/src/zip.h Examining data/r-cran-readxl-1.3.1/src/xlstool.c Examining data/r-cran-readxl-1.3.1/src/endian.c Examining data/r-cran-readxl-1.3.1/src/RcppExports.cpp Examining data/r-cran-readxl-1.3.1/src/cran.c Examining data/r-cran-readxl-1.3.1/src/XlsWorkSheet.h Examining data/r-cran-readxl-1.3.1/src/xls.c Examining data/r-cran-readxl-1.3.1/src/XlsxWorkBook.cpp Examining data/r-cran-readxl-1.3.1/src/XlsxString.h FINAL RESULTS: data/r-cran-readxl-1.3.1/src/cran.h:6:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printf Rprintf data/r-cran-readxl-1.3.1/src/cran.h:17:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define fprintf Rprintf2 data/r-cran-readxl-1.3.1/src/xls.c:1461:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pWB->charset, charset); data/r-cran-readxl-1.3.1/src/xlstool.c:717:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(borderleft,"%s", ""); data/r-cran-readxl-1.3.1/src/xlstool.c:727:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(borderright,"%s", ""); data/r-cran-readxl-1.3.1/src/xlstool.c:737:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(bordertop,"%s", ""); data/r-cran-readxl-1.3.1/src/xlstool.c:747:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(borderbottom,"%s", ""); data/r-cran-readxl-1.3.1/src/xlstool.c:757:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(color,"%s", ""); data/r-cran-readxl-1.3.1/src/xlstool.c:762:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(italic,"%s", ""); data/r-cran-readxl-1.3.1/src/xlstool.c:767:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(bold,"%s", ""); data/r-cran-readxl-1.3.1/src/xlstool.c:772:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(underline,"%s", ""); data/r-cran-readxl-1.3.1/src/xlstool.c:780:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fontname,"%s",pWB->fonts.font[xf->font-1].name); data/r-cran-readxl-1.3.1/src/xlstool.c:785:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf,".xf%i{ font-size:%ipt;font-family: \"%s\";background:#%.6X;text-align:%s;vertical-align:%s;%s%s%s%s%s%s%s%s}\n", data/r-cran-readxl-1.3.1/src/xlstool.c:788:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(ret,buf); data/r-cran-readxl-1.3.1/src/XlsxCell.h:131:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int id = atoi(v->value()); data/r-cran-readxl-1.3.1/src/XlsxCell.h:147:39: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int format = (s == NULL) ? -1 : atoi(s->value()); data/r-cran-readxl-1.3.1/src/XlsxCell.h:201:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(v->value()) ? "TRUE" : "FALSE"; data/r-cran-readxl-1.3.1/src/XlsxCell.h:259:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(v->value()) != 0; data/r-cran-readxl-1.3.1/src/XlsxCell.h:316:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int id = atoi(val); data/r-cran-readxl-1.3.1/src/XlsxString.h:19:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char utf8[16]; // 16 from definition of Rf_ucstoutf8 data/r-cran-readxl-1.3.1/src/XlsxWorkBook.h:255:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int n = atoi(count->value()); data/r-cran-readxl-1.3.1/src/XlsxWorkBook.h:298:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int id = atoi(numFmt->first_attribute("numFmtId")->value()); data/r-cran-readxl-1.3.1/src/XlsxWorkBook.h:321:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int formatId = atoi(cellXf->first_attribute("numFmtId")->value()); data/r-cran-readxl-1.3.1/src/XlsxWorkBook.h:348:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(date1904->value()) == 1; data/r-cran-readxl-1.3.1/src/libxls/ole.h:154:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/r-cran-readxl-1.3.1/src/libxls/xlsstruct.h:129:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1]; data/r-cran-readxl-1.3.1/src/libxls/xlsstruct.h:323:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1]; data/r-cran-readxl-1.3.1/src/libxls/xlsstruct.h:330:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[1]; data/r-cran-readxl-1.3.1/src/ole.c:131:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(olest->buf, ptr, olest->bufsize); data/r-cran-readxl-1.3.1/src/ole.c:193:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((BYTE*)buf + didReadCount, olest->buf + olest->pos, needToReadCount); data/r-cran-readxl-1.3.1/src/ole.c:197:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((BYTE*)buf + didReadCount, olest->buf + olest->pos, remainingBytes); data/r-cran-readxl-1.3.1/src/ole.c:383:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, (const char *)ole2->buffer + ole2->buffer_pos, size); data/r-cran-readxl-1.3.1/src/ole.c:601:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(ole->file=fopen(file, "rb"))) { data/r-cran-readxl-1.3.1/src/rapidxml.h:304:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_whitespace[256]; // Whitespace table data/r-cran-readxl-1.3.1/src/rapidxml.h:305:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_node_name[256]; // Node name table data/r-cran-readxl-1.3.1/src/rapidxml.h:306:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_text[256]; // Text table data/r-cran-readxl-1.3.1/src/rapidxml.h:307:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_text_pure_no_ws[256]; // Text table data/r-cran-readxl-1.3.1/src/rapidxml.h:308:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_text_pure_with_ws[256]; // Text table data/r-cran-readxl-1.3.1/src/rapidxml.h:309:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_attribute_name[256]; // Attribute name table data/r-cran-readxl-1.3.1/src/rapidxml.h:310:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_attribute_data_1[256]; // Attribute data table with single quote data/r-cran-readxl-1.3.1/src/rapidxml.h:311:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_attribute_data_1_pure[256]; // Attribute data table with single quote data/r-cran-readxl-1.3.1/src/rapidxml.h:312:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_attribute_data_2[256]; // Attribute data table with double quotes data/r-cran-readxl-1.3.1/src/rapidxml.h:313:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_attribute_data_2_pure[256]; // Attribute data table with double quotes data/r-cran-readxl-1.3.1/src/rapidxml.h:314:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_digits[256]; // Digits data/r-cran-readxl-1.3.1/src/rapidxml.h:315:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char lookup_upcase[256]; // To uppercase conversion table for ASCII characters data/r-cran-readxl-1.3.1/src/rapidxml.h:646:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char m_static_memory[RAPIDXML_STATIC_POOL_SIZE]; // Static raw memory data/r-cran-readxl-1.3.1/src/xls.c:279:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp+strlen(tmp), ret, strlen(ret)+1); data/r-cran-readxl-1.3.1/src/xls.c:335:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ret, &tmp, sizeof(unsigned64_t)); data/r-cran-readxl-1.3.1/src/xls.c:543:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cell->d, &((FORMULA*)buf)->resid, sizeof(double)); // Required for ARM data/r-cran-readxl-1.3.1/src/xls.c:554:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cell->d, &d, sizeof(double)); // Required for ARM data/r-cran-readxl-1.3.1/src/xls.c:558:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cell->d, &d, sizeof(double)); // Required for ARM data/r-cran-readxl-1.3.1/src/xls.c:613:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cell->d, &((BR_NUMBER*)buf)->value, sizeof(double)); // Required for ARM data/r-cran-readxl-1.3.1/src/xlstool.c:152:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, str, len); data/r-cran-readxl-1.3.1/src/xlstool.c:598:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, label, len); data/r-cran-readxl-1.3.1/src/xlstool.c:657:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char color[255]; data/r-cran-readxl-1.3.1/src/xlstool.c:660:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char borderleft[255]; data/r-cran-readxl-1.3.1/src/xlstool.c:661:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char borderright[255]; data/r-cran-readxl-1.3.1/src/xlstool.c:662:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bordertop[255]; data/r-cran-readxl-1.3.1/src/xlstool.c:663:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char borderbottom[255]; data/r-cran-readxl-1.3.1/src/xlstool.c:664:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char italic[255]; data/r-cran-readxl-1.3.1/src/xlstool.c:665:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char underline[255]; data/r-cran-readxl-1.3.1/src/xlstool.c:666:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bold[255]; data/r-cran-readxl-1.3.1/src/xlstool.c:668:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fontname[255]; data/r-cran-readxl-1.3.1/src/xlstool.c:720:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(borderleft,"border-left: 1px solid black;"); data/r-cran-readxl-1.3.1/src/xlstool.c:730:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(borderright,"border-right: 1px solid black;"); data/r-cran-readxl-1.3.1/src/xlstool.c:740:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bordertop,"border-top: 1px solid black;"); data/r-cran-readxl-1.3.1/src/xlstool.c:750:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(borderbottom,"border-bottom: 1px solid Black;"); data/r-cran-readxl-1.3.1/src/xlstool.c:755:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(color,"color:#%.6X;",xls_getColor(pWB->fonts.font[xf->font-1].color,0)); data/r-cran-readxl-1.3.1/src/xlstool.c:760:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(italic,"font-style: italic;"); data/r-cran-readxl-1.3.1/src/xlstool.c:765:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(bold,"font-weight: bold;"); data/r-cran-readxl-1.3.1/src/xlstool.c:770:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(underline,"text-decoration: underline;"); data/r-cran-readxl-1.3.1/src/xlstool.c:782:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fontname,"Arial"); data/r-cran-readxl-1.3.1/src/StringSet.h:12:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s) > 0) data/r-cran-readxl-1.3.1/src/xls.c:230:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_len = strlen(ret); data/r-cran-readxl-1.3.1/src/xls.c:273:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = realloc(tmp, strlen(tmp)+strlen(ret)+1); data/r-cran-readxl-1.3.1/src/xls.c:273:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp = realloc(tmp, strlen(tmp)+strlen(ret)+1); data/r-cran-readxl-1.3.1/src/xls.c:279:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(tmp+strlen(tmp), ret, strlen(ret)+1); data/r-cran-readxl-1.3.1/src/xls.c:279:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(tmp+strlen(tmp), ret, strlen(ret)+1); data/r-cran-readxl-1.3.1/src/xls.c:1083:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t read; data/r-cran-readxl-1.3.1/src/xls.c:1221:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). size_t read; data/r-cran-readxl-1.3.1/src/xls.c:1460:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pWB->charset = malloc(strlen(charset) * sizeof(char)+1); data/r-cran-readxl-1.3.1/src/xlstool.c:790:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = realloc(ret, strlen(ret)+1); ANALYSIS SUMMARY: Hits = 82 Lines analyzed = 11395 in approximately 0.31 seconds (36701 lines/second) Physical Source Lines of Code (SLOC) = 8092 Hits@level = [0] 244 [1] 10 [2] 58 [3] 0 [4] 14 [5] 0 Hits@level+ = [0+] 326 [1+] 82 [2+] 72 [3+] 14 [4+] 14 [5+] 0 Hits/KSLOC@level+ = [0+] 40.2867 [1+] 10.1335 [2+] 8.89768 [3+] 1.7301 [4+] 1.7301 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.