stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/woff2-1.0.2/include/woff2/decode.h
Examining data/woff2-1.0.2/include/woff2/encode.h
Examining data/woff2-1.0.2/include/woff2/output.h
Examining data/woff2-1.0.2/src/buffer.h
Examining data/woff2-1.0.2/src/convert_woff2ttf_fuzzer.cc
Examining data/woff2-1.0.2/src/convert_woff2ttf_fuzzer_new_entry.cc
Examining data/woff2-1.0.2/src/file.h
Examining data/woff2-1.0.2/src/font.cc
Examining data/woff2-1.0.2/src/font.h
Examining data/woff2-1.0.2/src/glyph.cc
Examining data/woff2-1.0.2/src/glyph.h
Examining data/woff2-1.0.2/src/normalize.cc
Examining data/woff2-1.0.2/src/normalize.h
Examining data/woff2-1.0.2/src/port.h
Examining data/woff2-1.0.2/src/round.h
Examining data/woff2-1.0.2/src/store_bytes.h
Examining data/woff2-1.0.2/src/table_tags.cc
Examining data/woff2-1.0.2/src/table_tags.h
Examining data/woff2-1.0.2/src/transform.cc
Examining data/woff2-1.0.2/src/transform.h
Examining data/woff2-1.0.2/src/variable_length.cc
Examining data/woff2-1.0.2/src/variable_length.h
Examining data/woff2-1.0.2/src/woff2_common.cc
Examining data/woff2-1.0.2/src/woff2_common.h
Examining data/woff2-1.0.2/src/woff2_compress.cc
Examining data/woff2-1.0.2/src/woff2_dec.cc
Examining data/woff2-1.0.2/src/woff2_decompress.cc
Examining data/woff2-1.0.2/src/woff2_enc.cc
Examining data/woff2-1.0.2/src/woff2_info.cc
Examining data/woff2-1.0.2/src/woff2_out.cc

FINAL RESULTS:

data/woff2-1.0.2/src/buffer.h:78:12:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      std::memcpy(data, buffer_ + offset_, n_bytes);
data/woff2-1.0.2/src/buffer.h:97:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    std::memcpy(value, buffer_ + offset_, sizeof(uint16_t));
data/woff2-1.0.2/src/buffer.h:122:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    std::memcpy(value, buffer_ + offset_, sizeof(uint32_t));
data/woff2-1.0.2/src/buffer.h:136:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    std::memcpy(value, buffer_ + offset_, sizeof(uint32_t));
data/woff2-1.0.2/src/buffer.h:145:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    std::memcpy(value, buffer_ + offset_, sizeof(uint64_t));
data/woff2-1.0.2/src/font.cc:250:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst + table.offset, table.data, table.length);
data/woff2-1.0.2/src/normalize.cc:99:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, table->data, table->length);
data/woff2-1.0.2/src/store_bytes.h:65:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&dst[*offset], data, len);
data/woff2-1.0.2/src/transform.cc:30:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&(*out)[offset], data, len);
data/woff2-1.0.2/src/woff2_out.cc:61:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  std::memcpy(buf_ + offset, buf, n);

ANALYSIS SUMMARY:

Hits = 10
Lines analyzed = 4795 in approximately 0.12 seconds (38401 lines/second)
Physical Source Lines of Code (SLOC) = 3651
Hits@level = [0]  50 [1]   0 [2]  10 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  60 [1+]  10 [2+]  10 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 16.4339 [1+] 2.73898 [2+] 2.73898 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.