Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-sf-0.9-6+dfsg/src/zm_range.cpp
Examining data/r-cran-sf-0.9-6+dfsg/src/gdal_read.cpp
Examining data/r-cran-sf-0.9-6+dfsg/src/wkb.cpp
Examining data/r-cran-sf-0.9-6+dfsg/src/polygonize.cpp
Examining data/r-cran-sf-0.9-6+dfsg/src/geos.cpp
Examining data/r-cran-sf-0.9-6+dfsg/src/hex.cpp
Examining data/r-cran-sf-0.9-6+dfsg/src/gdal_sf_pkg.h
Examining data/r-cran-sf-0.9-6+dfsg/src/zm_range.h
Examining data/r-cran-sf-0.9-6+dfsg/src/gdal_read.h
Examining data/r-cran-sf-0.9-6+dfsg/src/sfg.cpp
Examining data/r-cran-sf-0.9-6+dfsg/src/signed_area.cpp
Examining data/r-cran-sf-0.9-6+dfsg/src/hex.h
Examining data/r-cran-sf-0.9-6+dfsg/src/wkb.h
Examining data/r-cran-sf-0.9-6+dfsg/src/stars.cpp
Examining data/r-cran-sf-0.9-6+dfsg/src/ops.cpp
Examining data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp
Examining data/r-cran-sf-0.9-6+dfsg/src/bbox.cpp
Examining data/r-cran-sf-0.9-6+dfsg/src/proj_info.cpp
Examining data/r-cran-sf-0.9-6+dfsg/src/gdal_write.cpp
Examining data/r-cran-sf-0.9-6+dfsg/src/gdal.cpp
Examining data/r-cran-sf-0.9-6+dfsg/src/proj.cpp
Examining data/r-cran-sf-0.9-6+dfsg/src/raster2sf.cpp
Examining data/r-cran-sf-0.9-6+dfsg/src/bbox.h
Examining data/r-cran-sf-0.9-6+dfsg/src/gdal.h
Examining data/r-cran-sf-0.9-6+dfsg/src/gdal_geom.cpp
Examining data/r-cran-sf-0.9-6+dfsg/src/RcppExports.cpp
Examining data/r-cran-sf-0.9-6+dfsg/inst/include/sf.h
Examining data/r-cran-sf-0.9-6+dfsg/inst/include/sf_RcppExports.h
FINAL RESULTS:
data/r-cran-sf-0.9-6+dfsg/src/geos.cpp:53:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, ap);
data/r-cran-sf-0.9-6+dfsg/src/geos.cpp:69:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, ap);
data/r-cran-sf-0.9-6+dfsg/src/gdal.cpp:118:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *options[3] = { "MULTILINE=YES", "FORMAT=WKT2", NULL };
data/r-cran-sf-0.9-6+dfsg/src/gdal.cpp:139:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
handle_error(srs->SetFromUserInput((const char *) proj4string[0]));
data/r-cran-sf-0.9-6+dfsg/src/gdal.cpp:237:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
out(10) = Rcpp::IntegerVector::create(atoi(srs->GetAuthorityCode(NULL)));
data/r-cran-sf-0.9-6+dfsg/src/gdal.cpp:281:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *options[2] = { NULL, NULL };
data/r-cran-sf-0.9-6+dfsg/src/gdal.cpp:325:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ret[i] = (char *) (lco[i]);
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:55:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GDALDatasetH ds = GDALOpenEx((const char *) obj[0], GA_ReadOnly, NULL, oo_char.data(), NULL);
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:78:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
src_pt[i] = GDALOpenEx((const char *) src[i], GA_ReadOnly, NULL, oo_char.data(), NULL);
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:81:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GDALDatasetH dst_ds = GDALOpenEx((const char *) dst[0], GDAL_OF_RASTER | GA_Update, NULL, doo_char.data(), NULL);
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:92:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GDALDatasetH result = GDALWarp(dst_ds == NULL ? (const char *) dst[0] : NULL, dst_ds,
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:115:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GDALDatasetH src_pt = GDALOpenEx((const char *) src[0], GDAL_OF_VECTOR | GA_ReadOnly,
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:123:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
dst_pt = GDALOpenEx((const char *) dst[0], GDAL_OF_RASTER | GA_Update, NULL, doo_char.data(), NULL);
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:127:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GDALRasterize(dst_pt == NULL ? (const char *) dst[0] : NULL, dst_pt, src_pt, opt, &err);
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:149:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GDALDatasetH src_pt = GDALOpenEx((const char *) src[0], GDAL_OF_RASTER | GA_ReadOnly,
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:153:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GDALDatasetH result = GDALTranslate((const char *) dst[0], src_pt, opt, &err);
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:175:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GDALDatasetH src_pt = GDALOpenEx((const char *) src[0], GDAL_OF_VECTOR | GA_ReadOnly, NULL,
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:181:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GDALDatasetH dst_pt = GDALOpenEx((const char *) dst[0], GDAL_OF_VECTOR | GA_Update, NULL, doo_char.data(), NULL);
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:184:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GDALVectorTranslate(dst_pt == NULL ? (const char *) dst[0] : NULL, dst_pt, 1, &src_pt, opt, &err);
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:208:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
srcpt[i] = GDALOpenEx((const char *) src[i], GDAL_OF_RASTER | GA_ReadOnly, NULL,
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:213:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
result = GDALBuildVRT((const char *) dst[0], src.size(), srcpt.data(), NULL, opt, &err);
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:219:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
srcpt[i] = (const char *) src[i];
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:220:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
result = GDALBuildVRT((const char *) dst[0], src.size(), NULL, srcpt.data(), opt, &err);
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:240:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GDALDatasetH src_pt = GDALOpenEx((const char *) src[0], GDAL_OF_RASTER | GA_ReadOnly,
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:244:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GDALDatasetH result = GDALDEMProcessing((const char *) dst[0], src_pt,
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:245:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
processing.size() == 0 ? NULL : (const char *) processing[0],
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:246:45: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
colorfilename.size() == 0 ? NULL : (const char *) colorfilename[0],
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:270:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GDALDatasetH src_pt = GDALOpenEx((const char *) src[0], GDAL_OF_RASTER | GA_ReadOnly, NULL, oo_char.data(), NULL);
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:271:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GDALDatasetH dst_pt = GDALOpenEx((const char *) dst[0], GDAL_OF_RASTER | GA_Update, NULL, doo_char.data(), NULL);
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:272:62: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GDALDatasetH result = GDALNearblack(dst_pt == NULL ? (const char *) dst[0] : NULL, dst_pt, src_pt, opt, &err);
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:293:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GDALDatasetH src_pt = GDALOpenEx((const char *) src[0], GDAL_OF_ALL | GA_ReadOnly,
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:295:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GDALDatasetH result = GDALGrid((const char *) dst[0], src_pt, opt, &err);
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:310:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GDALDatasetH ds = GDALOpenEx((const char *) obj[0], GA_ReadOnly, NULL, oo_char.data(), NULL);
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:338:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GDALDatasetH src_pt = GDALOpenEx((const char *) src[0], GDAL_OF_RASTER | GA_ReadOnly,
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:344:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
srcpt[i] = GDALOpenEx((const char *) src[i], GDAL_OF_RASTER | GA_ReadOnly, NULL,
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:349:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
GDALDatasetH result = GDALMultiDimTranslate((const char *) dst[0], NULL, srcpt.size(), srcpt.data(), opt, &err);
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:478:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(psWarpOptions->padfSrcNoDataReal[i]), &d, sizeof(double));
data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:485:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(psWarpOptions->padfDstNoDataReal[i]), &d, sizeof(double));
data/r-cran-sf-0.9-6+dfsg/src/gdal_write.cpp:75:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
poFeature->SetField(j, (const char *) cv[i]);
data/r-cran-sf-0.9-6+dfsg/src/gdal_write.cpp:77:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
poFeature->SetField(nm[j], (const char *) cv[i]);
data/r-cran-sf-0.9-6+dfsg/src/geos.cpp:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ], *p;
data/r-cran-sf-0.9-6+dfsg/src/geos.cpp:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ], *p;
data/r-cran-sf-0.9-6+dfsg/src/geos.cpp:183:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(raw[0]), buf, size);
data/r-cran-sf-0.9-6+dfsg/src/hex.cpp:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[16] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9',
data/r-cran-sf-0.9-6+dfsg/src/stars.cpp:551:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
oSRS.SetFromUserInput((const char *) p4s[0]); // handles wkt too
data/r-cran-sf-0.9-6+dfsg/src/wkb.cpp:38:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, wkb->pt, n);
data/r-cran-sf-0.9-6+dfsg/src/wkb.cpp:49:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dst, wkb->pt, sizeof(T));
data/r-cran-sf-0.9-6+dfsg/src/wkb.cpp:60:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char u8[sizeof(T)];
data/r-cran-sf-0.9-6+dfsg/src/geos.cpp:55:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = buf + strlen(buf) - 1;
data/r-cran-sf-0.9-6+dfsg/src/geos.cpp:56:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(buf) > 0 && *p == '\n') *p = '\0';
data/r-cran-sf-0.9-6+dfsg/src/geos.cpp:71:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = buf + strlen(buf) - 1;
data/r-cran-sf-0.9-6+dfsg/src/geos.cpp:72:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(buf) > 0 && *p == '\n') *p = '\0';
ANALYSIS SUMMARY:
Hits = 52
Lines analyzed = 7469 in approximately 0.23 seconds (33164 lines/second)
Physical Source Lines of Code (SLOC) = 6431
Hits@level = [0] 0 [1] 4 [2] 46 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 52 [1+] 52 [2+] 48 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 8.08583 [1+] 8.08583 [2+] 7.46385 [3+] 0.310994 [4+] 0.310994 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.