Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ragel-6.10/test/eofact.h Examining data/ragel-6.10/test/mailbox1.h Examining data/ragel-6.10/test/strings2.h Examining data/ragel-6.10/test/cppscan1.h Examining data/ragel-6.10/ragel/cdtable.cpp Examining data/ragel-6.10/ragel/mlfflat.h Examining data/ragel-6.10/ragel/rlscan.h Examining data/ragel-6.10/ragel/buffer.h Examining data/ragel-6.10/ragel/redfsm.cpp Examining data/ragel-6.10/ragel/rubycodegen.h Examining data/ragel-6.10/ragel/cstable.cpp Examining data/ragel-6.10/ragel/mlflat.h Examining data/ragel-6.10/ragel/mlgoto.h Examining data/ragel-6.10/ragel/csfflat.h Examining data/ragel-6.10/ragel/csfflat.cpp Examining data/ragel-6.10/ragel/cdftable.cpp Examining data/ragel-6.10/ragel/cssplit.h Examining data/ragel-6.10/ragel/rubyfflat.h Examining data/ragel-6.10/ragel/parsetree.cpp Examining data/ragel-6.10/ragel/rubyflat.h Examining data/ragel-6.10/ragel/mlgoto.cpp Examining data/ragel-6.10/ragel/cdfflat.h Examining data/ragel-6.10/ragel/goftable.h Examining data/ragel-6.10/ragel/rlparse.h Examining data/ragel-6.10/ragel/cssplit.cpp Examining data/ragel-6.10/ragel/mlcodegen.cpp Examining data/ragel-6.10/ragel/csgoto.h Examining data/ragel-6.10/ragel/rubyflat.cpp Examining data/ragel-6.10/ragel/common.cpp Examining data/ragel-6.10/ragel/fsmmin.cpp Examining data/ragel-6.10/ragel/goflat.cpp Examining data/ragel-6.10/ragel/gendata.cpp Examining data/ragel-6.10/ragel/fsmgraph.h Examining data/ragel-6.10/ragel/csflat.h Examining data/ragel-6.10/ragel/cdipgoto.h Examining data/ragel-6.10/ragel/version.h Examining data/ragel-6.10/ragel/csftable.h Examining data/ragel-6.10/ragel/fsmbase.cpp Examining data/ragel-6.10/ragel/rubyftable.h Examining data/ragel-6.10/ragel/rlparse.cpp Examining data/ragel-6.10/ragel/rubycodegen.cpp Examining data/ragel-6.10/ragel/goftable.cpp Examining data/ragel-6.10/ragel/cdtable.h Examining data/ragel-6.10/ragel/cdgoto.cpp Examining data/ragel-6.10/ragel/mltable.cpp Examining data/ragel-6.10/ragel/inputdata.cpp Examining data/ragel-6.10/ragel/gofflat.cpp Examining data/ragel-6.10/ragel/goflat.h Examining data/ragel-6.10/ragel/gofgoto.h Examining data/ragel-6.10/ragel/gogoto.h Examining data/ragel-6.10/ragel/csipgoto.cpp Examining data/ragel-6.10/ragel/cstable.h Examining data/ragel-6.10/ragel/cdcodegen.h Examining data/ragel-6.10/ragel/gendata.h Examining data/ragel-6.10/ragel/fsmattach.cpp Examining data/ragel-6.10/ragel/rubytable.h Examining data/ragel-6.10/ragel/pcheck.h Examining data/ragel-6.10/ragel/cdflat.h Examining data/ragel-6.10/ragel/redfsm.h Examining data/ragel-6.10/ragel/rubytable.cpp Examining data/ragel-6.10/ragel/csfgoto.h Examining data/ragel-6.10/ragel/xmlcodegen.cpp Examining data/ragel-6.10/ragel/cdgoto.h Examining data/ragel-6.10/ragel/mlflat.cpp Examining data/ragel-6.10/ragel/fsmap.cpp Examining data/ragel-6.10/ragel/gofgoto.cpp Examining data/ragel-6.10/ragel/gotablish.h Examining data/ragel-6.10/ragel/mlftable.cpp Examining data/ragel-6.10/ragel/dotcodegen.h Examining data/ragel-6.10/ragel/rubyfflat.cpp Examining data/ragel-6.10/ragel/csflat.cpp Examining data/ragel-6.10/ragel/dotcodegen.cpp Examining data/ragel-6.10/ragel/csgoto.cpp Examining data/ragel-6.10/ragel/cdftable.h Examining data/ragel-6.10/ragel/gotablish.cpp Examining data/ragel-6.10/ragel/csftable.cpp Examining data/ragel-6.10/ragel/common.h Examining data/ragel-6.10/ragel/cdsplit.cpp Examining data/ragel-6.10/ragel/csipgoto.h Examining data/ragel-6.10/ragel/cdfflat.cpp Examining data/ragel-6.10/ragel/gotable.cpp Examining data/ragel-6.10/ragel/cdipgoto.cpp Examining data/ragel-6.10/ragel/rubyftable.cpp Examining data/ragel-6.10/ragel/cscodegen.h Examining data/ragel-6.10/ragel/fsmstate.cpp Examining data/ragel-6.10/ragel/fsmgraph.cpp Examining data/ragel-6.10/ragel/xmlcodegen.h Examining data/ragel-6.10/ragel/mlfgoto.cpp Examining data/ragel-6.10/ragel/mlftable.h Examining data/ragel-6.10/ragel/parsedata.h Examining data/ragel-6.10/ragel/gocodegen.cpp Examining data/ragel-6.10/ragel/cdfgoto.cpp Examining data/ragel-6.10/ragel/ragel.h Examining data/ragel-6.10/ragel/cdflat.cpp Examining data/ragel-6.10/ragel/javacodegen.h Examining data/ragel-6.10/ragel/main.cpp Examining data/ragel-6.10/ragel/rbxgoto.cpp Examining data/ragel-6.10/ragel/mlfgoto.h Examining data/ragel-6.10/ragel/gofflat.h Examining data/ragel-6.10/ragel/rlscan.cpp Examining data/ragel-6.10/ragel/cdsplit.h Examining data/ragel-6.10/ragel/parsetree.h Examining data/ragel-6.10/ragel/cscodegen.cpp Examining data/ragel-6.10/ragel/javacodegen.cpp Examining data/ragel-6.10/ragel/gogoto.cpp Examining data/ragel-6.10/ragel/csfgoto.cpp Examining data/ragel-6.10/ragel/cdfgoto.h Examining data/ragel-6.10/ragel/gotable.h Examining data/ragel-6.10/ragel/gocodegen.h Examining data/ragel-6.10/ragel/parsedata.cpp Examining data/ragel-6.10/ragel/cdcodegen.cpp Examining data/ragel-6.10/ragel/inputdata.h Examining data/ragel-6.10/ragel/mlcodegen.h Examining data/ragel-6.10/ragel/rbxgoto.h Examining data/ragel-6.10/ragel/goipgoto.h Examining data/ragel-6.10/ragel/mlfflat.cpp Examining data/ragel-6.10/ragel/goipgoto.cpp Examining data/ragel-6.10/ragel/mltable.h Examining data/ragel-6.10/aapl/avlibasic.h Examining data/ragel-6.10/aapl/avlbasic.h Examining data/ragel-6.10/aapl/compare.h Examining data/ragel-6.10/aapl/avlimel.h Examining data/ragel-6.10/aapl/svector.h Examining data/ragel-6.10/aapl/insertsort.h Examining data/ragel-6.10/aapl/avlcommon.h Examining data/ragel-6.10/aapl/avlmelkey.h Examining data/ragel-6.10/aapl/avlmap.h Examining data/ragel-6.10/aapl/avltree.h Examining data/ragel-6.10/aapl/bstset.h Examining data/ragel-6.10/aapl/bstcommon.h Examining data/ragel-6.10/aapl/avlimelkey.h Examining data/ragel-6.10/aapl/dlistval.h Examining data/ragel-6.10/aapl/avliset.h Examining data/ragel-6.10/aapl/avlmel.h Examining data/ragel-6.10/aapl/mergesort.h Examining data/ragel-6.10/aapl/avlikeyless.h Examining data/ragel-6.10/aapl/resize.h Examining data/ragel-6.10/aapl/bsttable.h Examining data/ragel-6.10/aapl/sbsttable.h Examining data/ragel-6.10/aapl/sbstmap.h Examining data/ragel-6.10/aapl/table.h Examining data/ragel-6.10/aapl/bubblesort.h Examining data/ragel-6.10/aapl/sbstset.h Examining data/ragel-6.10/aapl/quicksort.h Examining data/ragel-6.10/aapl/dlistmel.h Examining data/ragel-6.10/aapl/dlist.h Examining data/ragel-6.10/aapl/avlkeyless.h Examining data/ragel-6.10/aapl/dlcommon.h Examining data/ragel-6.10/aapl/avlitree.h Examining data/ragel-6.10/aapl/vector.h Examining data/ragel-6.10/aapl/bstmap.h Examining data/ragel-6.10/aapl/avlimap.h Examining data/ragel-6.10/aapl/avlset.h Examining data/ragel-6.10/examples/statechart.cpp Examining data/ragel-6.10/examples/pullscan.c Examining data/ragel-6.10/examples/params.c Examining data/ragel-6.10/examples/awkemu.c Examining data/ragel-6.10/examples/atoi.cpp Examining data/ragel-6.10/examples/gotocallret.cpp Examining data/ragel-6.10/examples/mailbox.cpp Examining data/ragel-6.10/examples/format.c Examining data/ragel-6.10/examples/concurrent.cpp Examining data/ragel-6.10/examples/rlscan.cpp Examining data/ragel-6.10/examples/cppscan.cpp Examining data/ragel-6.10/examples/clang.c FINAL RESULTS: data/ragel-6.10/ragel/cdsplit.cpp:351:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( suffix, suffFormat, p ); data/ragel-6.10/ragel/common.cpp:369:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( retVal + len, suffix ); data/ragel-6.10/ragel/cssplit.cpp:343:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf( suffix, suffFormat, p ); data/ragel-6.10/ragel/main.cpp:531:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( result, templ ); data/ragel-6.10/ragel/main.cpp:537:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( result+baseLen, templ ); data/ragel-6.10/ragel/rlscan.cpp:437:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy( test, fileName ); data/ragel-6.10/aapl/bubblesort.h:76:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[sizeof(T)]; data/ragel-6.10/aapl/bubblesort.h:79:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tmp, data+i, sizeof(T) ); data/ragel-6.10/aapl/bubblesort.h:80:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( data+i, data+i+1, sizeof(T) ); data/ragel-6.10/aapl/bubblesort.h:81:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( data+i+1, tmp, sizeof(T) ); data/ragel-6.10/aapl/insertsort.h:82:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[sizeof(T)]; data/ragel-6.10/aapl/insertsort.h:83:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tmp, dest, sizeof(T) ); data/ragel-6.10/aapl/insertsort.h:84:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( dest, smallest, sizeof(T) ); data/ragel-6.10/aapl/insertsort.h:85:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( smallest, tmp, sizeof(T) ); data/ragel-6.10/aapl/mergesort.h:102:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( dest, upper, (endUpper - upper) * sizeof(T) ); data/ragel-6.10/aapl/mergesort.h:108:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( dest, lower, (endLower - lower) * sizeof(T) ); data/ragel-6.10/aapl/mergesort.h:114:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( dest++, lower++, sizeof(T) ); data/ragel-6.10/aapl/mergesort.h:116:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( dest++, upper++, sizeof(T) ); data/ragel-6.10/aapl/mergesort.h:121:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( data, tmpStor, sizeof( T ) * len ); data/ragel-6.10/aapl/quicksort.h:112:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pcPivot[sizeof(T)]; data/ragel-6.10/aapl/quicksort.h:115:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( pcPivot, pivot, sizeof(T) ); data/ragel-6.10/aapl/quicksort.h:117:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( pivot, end, sizeof(T) ); data/ragel-6.10/aapl/quicksort.h:132:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(last, first, sizeof(T)); data/ragel-6.10/aapl/quicksort.h:143:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(first, last, sizeof(T)); data/ragel-6.10/aapl/quicksort.h:150:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( first, pivot, sizeof(T) ); data/ragel-6.10/examples/atoi.cpp:23:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long long atoi( char *str ) data/ragel-6.10/examples/atoi.cpp:114:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/ragel-6.10/examples/atoi.cpp:116:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long long value = atoi( buf ); data/ragel-6.10/examples/awkemu.c:27:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/ragel-6.10/examples/awkemu.c:33:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ws[MAXWORDS]; data/ragel-6.10/examples/awkemu.c:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *we[MAXWORDS]; data/ragel-6.10/examples/clang.c:30:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[BUFSIZE]; data/ragel-6.10/examples/concurrent.cpp:971:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/ragel-6.10/examples/cppscan.cpp:55:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[BUFSIZE]; data/ragel-6.10/examples/format.c:14:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFLEN+1]; data/ragel-6.10/examples/format.c:522:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[INPUT_BUFSIZE]; data/ragel-6.10/examples/gotocallret.cpp:277:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/ragel-6.10/examples/mailbox.cpp:1551:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/ragel-6.10/examples/params.c:14:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BUFLEN+1]; data/ragel-6.10/examples/pullscan.c:28:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/ragel-6.10/examples/rlscan.cpp:92:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char inbuf[BUFSIZE]; data/ragel-6.10/examples/statechart.cpp:177:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/ragel-6.10/examples/statechart.cpp:179:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). StateChart atoi; data/ragel-6.10/examples/statechart.cpp:180:2: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi.init(); data/ragel-6.10/examples/statechart.cpp:182:3: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). atoi.execute( buf, strlen(buf) ); data/ragel-6.10/examples/statechart.cpp:184:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if ( atoi.finish() <= 0 ) data/ragel-6.10/ragel/cdsplit.cpp:350:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char suffix[10]; data/ragel-6.10/ragel/cdsplit.cpp:357:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). partFilter->open( fn, ios::out|ios::trunc ); data/ragel-6.10/ragel/cssplit.cpp:342:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char suffix[10]; data/ragel-6.10/ragel/cssplit.cpp:349:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). partFilter->open( fn, ios::out|ios::trunc ); data/ragel-6.10/ragel/gendata.cpp:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/ragel-6.10/ragel/gendata.cpp:77:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( buf, "%i", i ); data/ragel-6.10/ragel/inputdata.cpp:156:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outFilter->open( outputFileName, ios::out|ios::trunc ); data/ragel-6.10/ragel/main.cpp:418:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). numSplitPartitions = atoi( pc.paramArg ); data/ragel-6.10/ragel/main.cpp:536:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( result, baseFileName, baseLen ); data/ragel-6.10/ragel/parsedata.cpp:45:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( data, str, len ); data/ragel-6.10/ragel/parsedata.cpp:53:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( newString, data, length ); data/ragel-6.10/ragel/parsedata.cpp:54:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( newString + length, other.data, other.length ); data/ragel-6.10/ragel/parsetree.cpp:185:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( actName, "store%i", lmi->longestMatchId ); data/ragel-6.10/ragel/parsetree.cpp:198:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( actName, "last%i", lmi->longestMatchId ); data/ragel-6.10/ragel/parsetree.cpp:212:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( actName, "next%i", lmi->longestMatchId ); data/ragel-6.10/ragel/parsetree.cpp:225:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( actName, "lag%i", lmi->longestMatchId ); data/ragel-6.10/ragel/rlscan.cpp:292:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( token_strings[cur_token], start, toklen ); data/ragel-6.10/ragel/rlscan.cpp:514:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( tokdata, start, toklen ); data/ragel-6.10/ragel/rlscan.cpp:846:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( check, thisFileName, givenPathLen ); data/ragel-6.10/ragel/rlscan.cpp:847:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( check+givenPathLen, data, length ); data/ragel-6.10/ragel/rlscan.cpp:857:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( check, *incp, pathLen ); data/ragel-6.10/ragel/rlscan.cpp:859:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( check+pathLen+1, data, length ); data/ragel-6.10/ragel/rlscan.cpp:875:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inFile->open( *check ); data/ragel-6.10/ragel/rlscan.cpp:977:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( newbuf, buf, have ); data/ragel-6.10/ragel/rlscan.h:100:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *token_strings[max_tokens]; data/ragel-6.10/test/cppscan1.h:47:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( data, other.data, other.length ); data/ragel-6.10/test/cppscan1.h:61:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( data+length-len, str, len ); data/ragel-6.10/examples/atoi.cpp:25:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *p = str, *pe = str + strlen( str ); data/ragel-6.10/examples/cppscan.cpp:123:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read( p, space ); data/ragel-6.10/examples/gotocallret.cpp:282:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gcr.execute( buf, strlen(buf), false ); data/ragel-6.10/examples/params.c:369:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). params_execute( ¶ms, argv[a], strlen(argv[a])+1 ); data/ragel-6.10/examples/rlscan.cpp:121:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read( p, space ); data/ragel-6.10/examples/statechart.cpp:182:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). atoi.execute( buf, strlen(buf) ); data/ragel-6.10/ragel/common.cpp:326:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char *ppos = stemFile + strlen(stemFile) - 1; data/ragel-6.10/ragel/common.cpp:356:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). long len = strlen( stemFile ); data/ragel-6.10/ragel/common.cpp:367:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *retVal = new char[ len + strlen( suffix ) + 1 ]; data/ragel-6.10/ragel/common.cpp:368:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( retVal, stemFile, len ); data/ragel-6.10/ragel/main.cpp:530:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = new char[strlen(templ)+1]; data/ragel-6.10/ragel/main.cpp:535:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = new char[baseLen + strlen(templ) + 1]; data/ragel-6.10/ragel/rlscan.cpp:436:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char *test = new char[strlen(fileName)+1]; data/ragel-6.10/ragel/rlscan.cpp:854:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). long pathLen = strlen( *incp ); data/ragel-6.10/ragel/rlscan.cpp:982:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). input.read( p, space ); data/ragel-6.10/ragel/xmlcodegen.cpp:211:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xmlEscapeHost( out, item->data, strlen(item->data) ); ANALYSIS SUMMARY: Hits = 89 Lines analyzed = 79712 in approximately 1.95 seconds (40902 lines/second) Physical Source Lines of Code (SLOC) = 58546 Hits@level = [0] 64 [1] 16 [2] 67 [3] 0 [4] 6 [5] 0 Hits@level+ = [0+] 153 [1+] 89 [2+] 73 [3+] 6 [4+] 6 [5+] 0 Hits/KSLOC@level+ = [0+] 2.61333 [1+] 1.52017 [2+] 1.24688 [3+] 0.102484 [4+] 0.102484 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.