Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/wyhash-0~2.gbp234f0c6/benchmark.cpp Examining data/wyhash-0~2.gbp234f0c6/o1hash.h Examining data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_alpha.h Examining data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_beta.h Examining data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_gamma.h Examining data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v1.h Examining data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v2.h Examining data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v3.h Examining data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v4.h Examining data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v5.h Examining data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v6.h Examining data/wyhash-0~2.gbp234f0c6/test_vector.cpp Examining data/wyhash-0~2.gbp234f0c6/wyhash.h Examining data/wyhash-0~2.gbp234f0c6/wyhash32.h FINAL RESULTS: data/wyhash-0~2.gbp234f0c6/o1hash.h:16:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline unsigned _o1r4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return v;} data/wyhash-0~2.gbp234f0c6/o1hash.h:19:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline unsigned _o1r4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return __builtin_bswap32(v);} data/wyhash-0~2.gbp234f0c6/o1hash.h:21:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline unsigned _o1r4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return _byteswap_ulong(v);} data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_alpha.h:55:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return v;} data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_alpha.h:56:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return v;} data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_alpha.h:59:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return __builtin_bswap64(v);} data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_alpha.h:60:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return __builtin_bswap32(v);} data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_alpha.h:62:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return _byteswap_uint64(v);} data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_alpha.h:63:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return _byteswap_ulong(v);} data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_beta.h:87:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return v^0x5555555555555555ull;} data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_beta.h:88:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return v^0x5555555555555555ull;} data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_beta.h:91:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return __builtin_bswap64(v)^0x5555555555555555ull;} data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_beta.h:92:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return __builtin_bswap32(v)^0x5555555555555555ull;} data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_beta.h:94:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return _byteswap_uint64(v)^0x5555555555555555ull;} data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_beta.h:95:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return _byteswap_ulong(v)^0x5555555555555555ull;} data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_gamma.h:66:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return v;} data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_gamma.h:67:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return v;} data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_gamma.h:69:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return __builtin_bswap64(v);} data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_gamma.h:70:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return __builtin_bswap32(v);} data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_gamma.h:72:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return _byteswap_uint64(v);} data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_gamma.h:73:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return _byteswap_ulong(v);} data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v1.h:36:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 1); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v1.h:41:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 2); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v1.h:46:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 4); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v1.h:51:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 8); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v2.h:40:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 1); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v2.h:45:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 2); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v2.h:50:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 4); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v2.h:55:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 8); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v3.h:44:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 8); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v3.h:49:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 4); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v3.h:175:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static inline char *wysum(const void *key, uint64_t len, char result[15]) { data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v3.h:175:58: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static inline char *wysum(const void *key, uint64_t len, char result[15]) { data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v3.h:237:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + 1, _wyhanzi + (h & 2047) * 3, 3); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v3.h:238:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + 4, _wyhanzi + ((h >> 11) & 2047) * 3, 3); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v3.h:239:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + 7, _wyhanzi + ((h >> 22) & 2047) * 3, 3); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v3.h:240:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + 10, _wyhanzi + ((h >> 33) & 2047) * 3, 3); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v4.h:54:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 8); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v4.h:59:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 4); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v4.h:66:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 8); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v4.h:71:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 4); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v4.h:77:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 8); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v4.h:82:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 4); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v5.h:82:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 8); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v5.h:87:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 4); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v5.h:94:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 8); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v5.h:99:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 4); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v5.h:105:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 8); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v5.h:110:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 4); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v5.h:250:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->buffer + ctx->left, p, slots); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v5.h:259:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->buffer, p, len); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v6.h:86:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 8); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v6.h:91:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 4); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v6.h:98:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 8); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v6.h:103:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 4); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v6.h:109:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 8); data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v6.h:114:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, p, 4); data/wyhash-0~2.gbp234f0c6/wyhash.h:72:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return v;} data/wyhash-0~2.gbp234f0c6/wyhash.h:73:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return v;} data/wyhash-0~2.gbp234f0c6/wyhash.h:75:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return __builtin_bswap64(v);} data/wyhash-0~2.gbp234f0c6/wyhash.h:76:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return __builtin_bswap32(v);} data/wyhash-0~2.gbp234f0c6/wyhash.h:78:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return _byteswap_uint64(v);} data/wyhash-0~2.gbp234f0c6/wyhash.h:79:62: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return _byteswap_ulong(v);} data/wyhash-0~2.gbp234f0c6/wyhash32.h:5:63: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline unsigned _wyr32(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return v;} data/wyhash-0~2.gbp234f0c6/wyhash32.h:7:63: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline unsigned _wyr32(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return __builtin_bswap32(v);} data/wyhash-0~2.gbp234f0c6/wyhash32.h:9:63: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static inline unsigned _wyr32(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return _byteswap_ulong(v);} data/wyhash-0~2.gbp234f0c6/benchmark.cpp:29:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cerr.precision(2); cerr.setf(ios::fixed); cerr<<'|'<<name<<(strlen(name)<8?"\t\t|":"\t|"); ANALYSIS SUMMARY: Hits = 67 Lines analyzed = 2236 in approximately 0.10 seconds (22397 lines/second) Physical Source Lines of Code (SLOC) = 2108 Hits@level = [0] 0 [1] 1 [2] 66 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 67 [1+] 67 [2+] 66 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 31.7837 [1+] 31.7837 [2+] 31.3093 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.