Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/sparsehash-2.0.3/experimental/example.c
Examining data/sparsehash-2.0.3/experimental/libchash.c
Examining data/sparsehash-2.0.3/experimental/libchash.h
Examining data/sparsehash-2.0.3/src/google/sparsehash/densehashtable.h
Examining data/sparsehash-2.0.3/src/google/sparsehash/hashtable-common.h
Examining data/sparsehash-2.0.3/src/google/sparsehash/libc_allocator_with_realloc.h
Examining data/sparsehash-2.0.3/src/google/sparsehash/sparsehashtable.h
Examining data/sparsehash-2.0.3/src/google/template_util.h
Examining data/sparsehash-2.0.3/src/google/type_traits.h
Examining data/sparsehash-2.0.3/src/hash_test_interface.h
Examining data/sparsehash-2.0.3/src/hashtable_test.cc
Examining data/sparsehash-2.0.3/src/libc_allocator_with_realloc_test.cc
Examining data/sparsehash-2.0.3/src/simple_compat_test.cc
Examining data/sparsehash-2.0.3/src/simple_test.cc
Examining data/sparsehash-2.0.3/src/sparsehash/internal/densehashtable.h
Examining data/sparsehash-2.0.3/src/sparsehash/internal/hashtable-common.h
Examining data/sparsehash-2.0.3/src/sparsehash/internal/libc_allocator_with_realloc.h
Examining data/sparsehash-2.0.3/src/sparsehash/internal/sparsehashtable.h
Examining data/sparsehash-2.0.3/src/sparsehash/template_util.h
Examining data/sparsehash-2.0.3/src/sparsehash/type_traits.h
Examining data/sparsehash-2.0.3/src/sparsetable_unittest.cc
Examining data/sparsehash-2.0.3/src/template_util_unittest.cc
Examining data/sparsehash-2.0.3/src/testutil.h
Examining data/sparsehash-2.0.3/src/time_hash_map.cc
Examining data/sparsehash-2.0.3/src/type_traits_unittest.cc
Examining data/sparsehash-2.0.3/src/windows/config.h
Examining data/sparsehash-2.0.3/src/windows/google/sparsehash/sparseconfig.h
Examining data/sparsehash-2.0.3/src/windows/port.cc
Examining data/sparsehash-2.0.3/src/windows/port.h
Examining data/sparsehash-2.0.3/src/windows/sparsehash/internal/sparseconfig.h
FINAL RESULTS:
data/sparsehash-2.0.3/experimental/libchash.c:156:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)(keyTo), (char *)(keyFrom)); \
data/sparsehash-2.0.3/src/sparsetable_unittest.cc:65:28: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define TEST(cond) out += snprintf(out, LEFT, #cond "? %s\n", \
data/sparsehash-2.0.3/src/windows/port.cc:44:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf(char *str, size_t size, const char *format, ...) {
data/sparsehash-2.0.3/src/windows/port.h:66:12: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int snprintf(char *str, size_t size, const char *format, ...);
data/sparsehash-2.0.3/src/time_hash_map.cc:495:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(r); // keep compiler from optimizing away r (we never call rand())
data/sparsehash-2.0.3/src/time_hash_map.cc:510:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(9);
data/sparsehash-2.0.3/src/time_hash_map.cc:540:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(r); // keep compiler from optimizing away r (we never call rand())
data/sparsehash-2.0.3/src/time_hash_map.cc:603:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(r); // keep compiler from optimizing away r (we never call rand())
data/sparsehash-2.0.3/experimental/libchash.c:132:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grgKeyTruncMask[sizeof(ulong)][sizeof(ulong)];
data/sparsehash-2.0.3/experimental/libchash.c:161:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (char *)(keyTo), (char *)(keyFrom), (ht)->cchKey); \
data/sparsehash-2.0.3/experimental/libchash.c:1405:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szMagicKey[4], *rgchKeys;
data/sparsehash-2.0.3/experimental/libchash.c:1451:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bck->key, rgchKeys, ht->cchKey);
data/sparsehash-2.0.3/src/hashtable_test.cc:314:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/sparsehash-2.0.3/src/hashtable_test.cc:329:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/sparsehash-2.0.3/src/hashtable_test.cc:391:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (*this)(fp, atoi(value));
data/sparsehash-2.0.3/src/hashtable_test.cc:1442:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen(file.c_str(), "wb");
data/sparsehash-2.0.3/src/hashtable_test.cc:1449:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file.c_str(), "rb");
data/sparsehash-2.0.3/src/hashtable_test.cc:1477:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen(file.c_str(), "wb");
data/sparsehash-2.0.3/src/hashtable_test.cc:1493:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file.c_str(), "rb");
data/sparsehash-2.0.3/src/hashtable_test.cc:1535:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen(file.c_str(), "wb");
data/sparsehash-2.0.3/src/hashtable_test.cc:1541:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file.c_str(), "rb");
data/sparsehash-2.0.3/src/hashtable_test.cc:1567:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen(file.c_str(), "wb");
data/sparsehash-2.0.3/src/hashtable_test.cc:1573:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file.c_str(), "rb");
data/sparsehash-2.0.3/src/hashtable_test.cc:1599:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reinterpret_cast<char*>(buf), s_->data(), len);
data/sparsehash-2.0.3/src/hashtable_test.cc:1675:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fp = fopen(file.c_str(), "wb");
data/sparsehash-2.0.3/src/hashtable_test.cc:1683:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file.c_str(), "rb");
data/sparsehash-2.0.3/src/hashtable_test.cc:1685:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char contents[24];
data/sparsehash-2.0.3/src/sparsehash/template_util.h:60:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[2];
data/sparsehash-2.0.3/src/sparsetable_unittest.cc:61:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outbuf[10240]; // big enough for these tests
data/sparsehash-2.0.3/src/sparsetable_unittest.cc:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[N];
data/sparsehash-2.0.3/src/sparsetable_unittest.cc:349:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(file, "wb");
data/sparsehash-2.0.3/src/sparsetable_unittest.cc:353:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file, "wb");
data/sparsehash-2.0.3/src/sparsetable_unittest.cc:362:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file, "rb");
data/sparsehash-2.0.3/src/sparsetable_unittest.cc:381:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file, "wb");
data/sparsehash-2.0.3/src/sparsetable_unittest.cc:388:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file, "rb");
data/sparsehash-2.0.3/src/time_hash_map.cc:237:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer_[Size - sizeof(int)];
data/sparsehash-2.0.3/src/time_hash_map.cc:413:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char heap[100] = "";
data/sparsehash-2.0.3/src/time_hash_map.cc:706:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
iters = atoi(argv[1]);
data/sparsehash-2.0.3/src/windows/port.cc:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmppath_buffer[1024];
data/sparsehash-2.0.3/experimental/libchash.c:155:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(keyTo) = (ulong)HTsmalloc( WORD_ROUND(strlen((char *)(keyFrom))+1) ); \
data/sparsehash-2.0.3/experimental/libchash.c:168:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HTfree((char *)(key), WORD_ROUND(strlen((char *)(key))+1)); \
data/sparsehash-2.0.3/experimental/libchash.c:889:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cchKeyOrig = ht->cchKey == NULL_TERMINATED ? strlen(key) : ht->cchKey;
data/sparsehash-2.0.3/experimental/libchash.c:1383:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(KEY_PTR(ht, bck->key))+1 : ht->cchKey), fp);
data/sparsehash-2.0.3/experimental/libchash.c:1511:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WORD_ROUND(strlen((char *)item->key)+1) : ht->cchKey;
data/sparsehash-2.0.3/experimental/libchash.h:252:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct HashTable *HashLoad(FILE *fp, char * (*read)(FILE *, int));
data/sparsehash-2.0.3/experimental/libchash.h:253:51: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
struct HashTable *HashLoadKeys(FILE *fp, char * (*read)(FILE *, int));
data/sparsehash-2.0.3/src/hashtable_test.cc:1687:20: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
EXPECT_EQ(EOF, fgetc(fp)); // check we're *exactly* the right size
data/sparsehash-2.0.3/src/sparsehash/internal/hashtable-common.h:107:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return fp->read(reinterpret_cast<char*>(data), length).good();
ANALYSIS SUMMARY:
Hits = 48
Lines analyzed = 12095 in approximately 0.33 seconds (36259 lines/second)
Physical Source Lines of Code (SLOC) = 7932
Hits@level = [0] 132 [1] 9 [2] 31 [3] 4 [4] 4 [5] 0
Hits@level+ = [0+] 180 [1+] 48 [2+] 39 [3+] 8 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 22.6929 [1+] 6.05144 [2+] 4.91679 [3+] 1.00857 [4+] 0.504286 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.