stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-redland-1.0.17-14/src/util.c
Examining data/r-cran-redland-1.0.17-14/src/redland.c

FINAL RESULTS:

data/r-cran-redland-1.0.17-14/src/redland.c:664:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(r,name);
data/r-cran-redland-1.0.17-14/src/redland.c:1337:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  return strcpy(newstr, str);
data/r-cran-redland-1.0.17-14/src/redland.c:1357:15:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      *cptr = strcpy(*cptr, cstr);
data/r-cran-redland-1.0.17-14/src/redland.c:615:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char hex[17] = "0123456789abcdef";
data/r-cran-redland-1.0.17-14/src/redland.c:1037:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pack, ptr, sz);
data/r-cran-redland-1.0.17-14/src/redland.c:1055:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, sobj->pack, size);
data/r-cran-redland-1.0.17-14/src/redland.c:1350:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        *cptr = (char *)memcpy(malloc((len + 1)*sizeof(char)), cstr, sizeof(char)*(len + 1));
data/r-cran-redland-1.0.17-14/src/redland.c:379:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const char* te = tb + strlen(tb);
data/r-cran-redland-1.0.17-14/src/redland.c:663:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/r-cran-redland-1.0.17-14/src/redland.c:684:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t lname = (name ? strlen(name) : 0);
data/r-cran-redland-1.0.17-14/src/redland.c:689:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(r,name,lname+1);
data/r-cran-redland-1.0.17-14/src/redland.c:1336:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char *newstr = (char *)(malloc(strlen(str) + 1));
data/r-cran-redland-1.0.17-14/src/redland.c:1346:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(cstr);
data/r-cran-redland-1.0.17-14/src/redland.c:1420:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy((char *)CHAR(c), carray, size);
data/r-cran-redland-1.0.17-14/src/redland.c:1431:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));

ANALYSIS SUMMARY:

Hits = 15
Lines analyzed = 8356 in approximately 0.24 seconds (35295 lines/second)
Physical Source Lines of Code (SLOC) = 6686
Hits@level = [0]  14 [1]   8 [2]   4 [3]   0 [4]   3 [5]   0
Hits@level+ = [0+]  29 [1+]  15 [2+]   7 [3+]   3 [4+]   3 [5+]   0
Hits/KSLOC@level+ = [0+] 4.33742 [1+] 2.24349 [2+] 1.04696 [3+] 0.448699 [4+] 0.448699 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.