Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/spirv-headers-1.5.4/example/example.cpp Examining data/spirv-headers-1.5.4/include/spirv/1.0/GLSL.std.450.h Examining data/spirv-headers-1.5.4/include/spirv/1.0/OpenCL.std.h Examining data/spirv-headers-1.5.4/include/spirv/1.0/spirv.h Examining data/spirv-headers-1.5.4/include/spirv/1.0/spirv.hpp Examining data/spirv-headers-1.5.4/include/spirv/1.1/GLSL.std.450.h Examining data/spirv-headers-1.5.4/include/spirv/1.1/OpenCL.std.h Examining data/spirv-headers-1.5.4/include/spirv/1.1/spirv.h Examining data/spirv-headers-1.5.4/include/spirv/1.1/spirv.hpp Examining data/spirv-headers-1.5.4/include/spirv/1.2/GLSL.std.450.h Examining data/spirv-headers-1.5.4/include/spirv/1.2/OpenCL.std.h Examining data/spirv-headers-1.5.4/include/spirv/1.2/spirv.h Examining data/spirv-headers-1.5.4/include/spirv/1.2/spirv.hpp Examining data/spirv-headers-1.5.4/include/spirv/unified1/AMD_gcn_shader.h Examining data/spirv-headers-1.5.4/include/spirv/unified1/AMD_shader_ballot.h Examining data/spirv-headers-1.5.4/include/spirv/unified1/AMD_shader_explicit_vertex_parameter.h Examining data/spirv-headers-1.5.4/include/spirv/unified1/AMD_shader_trinary_minmax.h Examining data/spirv-headers-1.5.4/include/spirv/unified1/DebugInfo.h Examining data/spirv-headers-1.5.4/include/spirv/unified1/GLSL.std.450.h Examining data/spirv-headers-1.5.4/include/spirv/unified1/NonSemanticClspvReflection.h Examining data/spirv-headers-1.5.4/include/spirv/unified1/NonSemanticDebugPrintf.h Examining data/spirv-headers-1.5.4/include/spirv/unified1/OpenCL.std.h Examining data/spirv-headers-1.5.4/include/spirv/unified1/OpenCLDebugInfo100.h Examining data/spirv-headers-1.5.4/include/spirv/unified1/spirv.h Examining data/spirv-headers-1.5.4/include/spirv/unified1/spirv.hpp Examining data/spirv-headers-1.5.4/tools/buildHeaders/header.cpp Examining data/spirv-headers-1.5.4/tools/buildHeaders/header.h Examining data/spirv-headers-1.5.4/tools/buildHeaders/jsonToSpirv.cpp Examining data/spirv-headers-1.5.4/tools/buildHeaders/jsonToSpirv.h Examining data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/json/json-forwards.h Examining data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/json/json.h Examining data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp Examining data/spirv-headers-1.5.4/tools/buildHeaders/main.cpp FINAL RESULTS: data/spirv-headers-1.5.4/tools/buildHeaders/header.cpp:56:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/spirv-headers-1.5.4/tools/buildHeaders/header.cpp:56:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/spirv-headers-1.5.4/tools/buildHeaders/header.cpp:140:13: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(buff, sizeof(buff), fmt, val); data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:209:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:209:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:807:13: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. count = sscanf(buffer, format, &value); data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:810:13: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. count = sscanf(buffer.c_str(), format, &value); data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:1770:13: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. count = sscanf(buffer, format, &value); data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:1773:13: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. count = sscanf(buffer.c_str(), format, &value); data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3967:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3967:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3969:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf snprintf data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3969:18: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf snprintf data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3971:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf std::snprintf data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3971:23: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf std::snprintf data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3977:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3977:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/spirv-headers-1.5.4/tools/buildHeaders/header.cpp:139:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[16]; // ample for 8 hex digits + 0x data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:142:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char UIntToStringBuffer[uintToStringBufferSize]; data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:805:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, token.start_, length); data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:1006:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[18 + 16 + 16 + 1]; data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:1768:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, token.start_, length); data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:1969:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[18 + 16 + 16 + 1]; data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:2412:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char ALIGNAS(8) kNull[sizeof(Value)] = { 0 }; data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:2473:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newString, value, length); data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:2497:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newString + sizeof(unsigned), value, length); data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:4047:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[32]; data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:2506:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *length = strlen(prefixed); data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:2747:79: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value_.string_ = duplicateAndPrefixStringValue(value, static_cast<unsigned>(strlen(value))); data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:2818:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). otherComment.comment_, strlen(otherComment.comment_)); data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3359:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). key, static_cast<unsigned>(strlen(key)), CZString::noDuplication); // NOTE! data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3410:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Value const* found = find(key, key + strlen(key)); data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3422:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return resolveReference(key, key + strlen(key)); data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3454:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return get(key, key + strlen(key), defaultValue); data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3477:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return removeMember(key, key + strlen(key), removed); data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3491:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). removeMember(key, key + strlen(key), &removed); data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3536:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return isMember(key, key + strlen(key)); data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3699:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). setComment(comment, strlen(comment), placement); data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:4094:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(value) * 2 + 3; // allescaped+quotes+NULL ANALYSIS SUMMARY: Hits = 39 Lines analyzed = 21894 in approximately 0.44 seconds (49776 lines/second) Physical Source Lines of Code (SLOC) = 17754 Hits@level = [0] 11 [1] 12 [2] 10 [3] 0 [4] 17 [5] 0 Hits@level+ = [0+] 50 [1+] 39 [2+] 27 [3+] 17 [4+] 17 [5+] 0 Hits/KSLOC@level+ = [0+] 2.81627 [1+] 2.19669 [2+] 1.52078 [3+] 0.957531 [4+] 0.957531 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.