Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ros-perception-pcl-1.7.2/pcl_conversions/include/pcl_conversions/pcl_conversions.h
Examining data/ros-perception-pcl-1.7.2/pcl_conversions/test/test_pcl_conversions.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/boundary.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/feature.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/fpfh.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/fpfh_omp.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/moment_invariants.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/normal_3d.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/normal_3d_omp.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/normal_3d_tbb.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/pfh.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/principal_curvatures.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/shot.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/shot_omp.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/vfh.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/filters/crop_box.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/filters/extract_indices.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/filters/filter.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/filters/passthrough.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/filters/project_inliers.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/filters/radius_outlier_removal.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/filters/statistical_outlier_removal.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/filters/voxel_grid.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/impl/transforms.hpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/io/bag_io.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/io/concatenate_data.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/io/concatenate_fields.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/io/pcd_io.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/pcl_nodelet.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/point_cloud.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/publisher.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/segmentation/extract_clusters.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/segmentation/extract_polygonal_prism_data.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/segmentation/sac_segmentation.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/segmentation/segment_differences.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/surface/convex_hull.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/surface/moving_least_squares.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/transforms.h
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/boundary.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/feature.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/fpfh.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/fpfh_omp.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/moment_invariants.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/normal_3d.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/normal_3d_omp.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/normal_3d_tbb.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/pfh.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/principal_curvatures.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/shot.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/shot_omp.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/vfh.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/filters/crop_box.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/filters/extract_indices.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/filters/filter.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/filters/passthrough.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/filters/project_inliers.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/filters/radius_outlier_removal.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/filters/statistical_outlier_removal.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/filters/voxel_grid.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/io/bag_io.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/io/concatenate_data.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/io/concatenate_fields.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/io/io.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/io/pcd_io.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/segmentation/extract_clusters.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/segmentation/extract_polygonal_prism_data.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/segmentation/sac_segmentation.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/segmentation/segment_differences.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/segmentation/segmentation.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/surface/convex_hull.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/surface/moving_least_squares.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/surface/surface.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/test/test_tf_message_filter_pcl.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/transforms.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/tools/bag_to_pcd.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/tools/convert_pcd_to_image.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/tools/convert_pointcloud_to_image.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/tools/pcd_to_pointcloud.cpp
Examining data/ros-perception-pcl-1.7.2/pcl_ros/tools/pointcloud_to_pcd.cpp
FINAL RESULTS:
data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/segmentation/sac_segmentation.cpp:106:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (time (0));
data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/segmentation/sac_segmentation.cpp:426:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand (time (0));
data/ros-perception-pcl-1.7.2/pcl_conversions/include/pcl_conversions/pcl_conversions.h:530:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pixel, &cloud (x, y).rgb, 3 * sizeof(std::uint8_t));
data/ros-perception-pcl-1.7.2/pcl_conversions/include/pcl_conversions/pcl_conversions.h:689:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (reinterpret_cast<char*> (&cloud_out.data[nrpts + cp * cloud1.point_step + cloud1.fields[i].offset]),
data/ros-perception-pcl-1.7.2/pcl_conversions/include/pcl_conversions/pcl_conversions.h:713:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&cloud_out.data[nrpts], &cloud2.data[0], cloud2.data.size ());
data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/io/bag_io.h:89:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open (const std::string &file_name, const std::string &topic_name);
data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/point_cloud.h:30:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream_.advance(name_length), name, name_length);
data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/point_cloud.h:167:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream.advance(data_size), &m.points[0], data_size);
data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/point_cloud.h:217:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (m_data, stream.advance(data_size), data_size);
data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/point_cloud.h:222:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (m_data, stream.advance(row_step), m_row_step);
data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/point_cloud.h:232:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_data + fm.struct_offset, stream_data + fm.serialized_offset, fm.size);
data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/io/bag_io.cpp:44:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pcl_ros::BAGReader::open (const std::string &file_name, const std::string &topic_name)
data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/io/bag_io.cpp:48:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bag_.open (file_name, rosbag::bagmode::Read);
data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/io/bag_io.cpp:92:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!open (file_name_, topic_name_))
data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/io/concatenate_fields.cpp:150:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&cloud_out.data[point_offset], &clouds[i]->data[cp * clouds[i]->point_step], clouds[i]->point_step);
data/ros-perception-pcl-1.7.2/pcl_ros/src/transforms.cpp:191:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&out.data[0], &in.data[0], in.data.size ());
data/ros-perception-pcl-1.7.2/pcl_ros/src/transforms.cpp:230:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&out.data[xyz_offset[0]], &pt_out[0], sizeof (float));
data/ros-perception-pcl-1.7.2/pcl_ros/src/transforms.cpp:231:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&out.data[xyz_offset[1]], &pt_out[1], sizeof (float));
data/ros-perception-pcl-1.7.2/pcl_ros/src/transforms.cpp:232:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&out.data[xyz_offset[2]], &pt_out[2], sizeof (float));
data/ros-perception-pcl-1.7.2/pcl_ros/tools/bag_to_pcd.cpp:81:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bag.open (argv[1], rosbag::bagmode::Read);
data/ros-perception-pcl-1.7.2/pcl_conversions/include/pcl_conversions/pcl_conversions.h:792:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline static void read(Stream& stream, pcl::PCLPointCloud2& m)
data/ros-perception-pcl-1.7.2/pcl_conversions/include/pcl_conversions/pcl_conversions.h:848:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline static void read(Stream& stream, pcl::PCLPointField& m)
data/ros-perception-pcl-1.7.2/pcl_conversions/include/pcl_conversions/pcl_conversions.h:884:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline static void read(Stream& stream, pcl::PCLHeader& m)
data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/point_cloud.h:27:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::uint32_t name_length = strlen(name);
data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/point_cloud.h:52:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::uint32_t name_length = strlen(traits::name<PointT, U>::value);
data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/point_cloud.h:174:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline static void read(Stream& stream, pcl::PointCloud<T>& m)
data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/io/pcd_io.cpp:90:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (impl_.read (file_name_, cloud) < 0)
ANALYSIS SUMMARY:
Hits = 27
Lines analyzed = 12623 in approximately 0.41 seconds (30855 lines/second)
Physical Source Lines of Code (SLOC) = 6674
Hits@level = [0] 0 [1] 7 [2] 18 [3] 2 [4] 0 [5] 0
Hits@level+ = [0+] 27 [1+] 27 [2+] 20 [3+] 2 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 4.04555 [1+] 4.04555 [2+] 2.9967 [3+] 0.29967 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.