Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/zimlib-6.3.0/examples/createZimExample.cpp
Examining data/zimlib-6.3.0/include/zim/article.h
Examining data/zimlib-6.3.0/include/zim/blob.h
Examining data/zimlib-6.3.0/include/zim/error.h
Examining data/zimlib-6.3.0/include/zim/file.h
Examining data/zimlib-6.3.0/include/zim/fileheader.h
Examining data/zimlib-6.3.0/include/zim/fileiterator.h
Examining data/zimlib-6.3.0/include/zim/search.h
Examining data/zimlib-6.3.0/include/zim/search_iterator.h
Examining data/zimlib-6.3.0/include/zim/uuid.h
Examining data/zimlib-6.3.0/include/zim/writer/article.h
Examining data/zimlib-6.3.0/include/zim/writer/creator.h
Examining data/zimlib-6.3.0/include/zim/writer/url.h
Examining data/zimlib-6.3.0/include/zim/zim.h
Examining data/zimlib-6.3.0/src/_dirent.h
Examining data/zimlib-6.3.0/src/article.cpp
Examining data/zimlib-6.3.0/src/blob.cpp
Examining data/zimlib-6.3.0/src/buffer.cpp
Examining data/zimlib-6.3.0/src/buffer.h
Examining data/zimlib-6.3.0/src/buffer_reader.cpp
Examining data/zimlib-6.3.0/src/buffer_reader.h
Examining data/zimlib-6.3.0/src/bufferstreamer.h
Examining data/zimlib-6.3.0/src/cluster.cpp
Examining data/zimlib-6.3.0/src/cluster.h
Examining data/zimlib-6.3.0/src/compression.cpp
Examining data/zimlib-6.3.0/src/compression.h
Examining data/zimlib-6.3.0/src/concurrent_cache.h
Examining data/zimlib-6.3.0/src/debug.h
Examining data/zimlib-6.3.0/src/decoderstreamreader.h
Examining data/zimlib-6.3.0/src/dirent.cpp
Examining data/zimlib-6.3.0/src/dirent_lookup.h
Examining data/zimlib-6.3.0/src/endian_tools.h
Examining data/zimlib-6.3.0/src/envvalue.cpp
Examining data/zimlib-6.3.0/src/envvalue.h
Examining data/zimlib-6.3.0/src/file.cpp
Examining data/zimlib-6.3.0/src/file_compound.cpp
Examining data/zimlib-6.3.0/src/file_compound.h
Examining data/zimlib-6.3.0/src/file_part.h
Examining data/zimlib-6.3.0/src/file_reader.cpp
Examining data/zimlib-6.3.0/src/file_reader.h
Examining data/zimlib-6.3.0/src/fileheader.cpp
Examining data/zimlib-6.3.0/src/fileimpl.cpp
Examining data/zimlib-6.3.0/src/fileimpl.h
Examining data/zimlib-6.3.0/src/fs.h
Examining data/zimlib-6.3.0/src/fs_unix.cpp
Examining data/zimlib-6.3.0/src/fs_unix.h
Examining data/zimlib-6.3.0/src/fs_windows.cpp
Examining data/zimlib-6.3.0/src/fs_windows.h
Examining data/zimlib-6.3.0/src/istreamreader.cpp
Examining data/zimlib-6.3.0/src/istreamreader.h
Examining data/zimlib-6.3.0/src/levenshtein.cpp
Examining data/zimlib-6.3.0/src/levenshtein.h
Examining data/zimlib-6.3.0/src/log.h
Examining data/zimlib-6.3.0/src/lrucache.h
Examining data/zimlib-6.3.0/src/md5.c
Examining data/zimlib-6.3.0/src/md5.h
Examining data/zimlib-6.3.0/src/narrowdown.h
Examining data/zimlib-6.3.0/src/rawstreamreader.h
Examining data/zimlib-6.3.0/src/reader.h
Examining data/zimlib-6.3.0/src/search.cpp
Examining data/zimlib-6.3.0/src/search_internal.h
Examining data/zimlib-6.3.0/src/search_iterator.cpp
Examining data/zimlib-6.3.0/src/template.cpp
Examining data/zimlib-6.3.0/src/template.h
Examining data/zimlib-6.3.0/src/tools.cpp
Examining data/zimlib-6.3.0/src/tools.h
Examining data/zimlib-6.3.0/src/uuid.cpp
Examining data/zimlib-6.3.0/src/writer/_dirent.h
Examining data/zimlib-6.3.0/src/writer/article.cpp
Examining data/zimlib-6.3.0/src/writer/cluster.cpp
Examining data/zimlib-6.3.0/src/writer/cluster.h
Examining data/zimlib-6.3.0/src/writer/creator.cpp
Examining data/zimlib-6.3.0/src/writer/creatordata.h
Examining data/zimlib-6.3.0/src/writer/dirent.cpp
Examining data/zimlib-6.3.0/src/writer/direntPool.h
Examining data/zimlib-6.3.0/src/writer/queue.h
Examining data/zimlib-6.3.0/src/writer/workers.cpp
Examining data/zimlib-6.3.0/src/writer/workers.h
Examining data/zimlib-6.3.0/src/writer/xapianIndexer.cpp
Examining data/zimlib-6.3.0/src/writer/xapianIndexer.h
Examining data/zimlib-6.3.0/src/xapian/htmlparse.cc
Examining data/zimlib-6.3.0/src/xapian/htmlparse.h
Examining data/zimlib-6.3.0/src/xapian/myhtmlparse.cc
Examining data/zimlib-6.3.0/src/xapian/myhtmlparse.h
Examining data/zimlib-6.3.0/src/xapian/namedentities.h
Examining data/zimlib-6.3.0/src/zim_types.h
Examining data/zimlib-6.3.0/test/bufferstreamer.cpp
Examining data/zimlib-6.3.0/test/cluster.cpp
Examining data/zimlib-6.3.0/test/compression.cpp
Examining data/zimlib-6.3.0/test/decoderstreamreader.cpp
Examining data/zimlib-6.3.0/test/dirent.cpp
Examining data/zimlib-6.3.0/test/dirent_lookup.cpp
Examining data/zimlib-6.3.0/test/find.cpp
Examining data/zimlib-6.3.0/test/header.cpp
Examining data/zimlib-6.3.0/test/istreamreader.cpp
Examining data/zimlib-6.3.0/test/iterator.cpp
Examining data/zimlib-6.3.0/test/lrucache.cpp
Examining data/zimlib-6.3.0/test/rawstreamreader.cpp
Examining data/zimlib-6.3.0/test/template.cpp
Examining data/zimlib-6.3.0/test/tools.cpp
Examining data/zimlib-6.3.0/test/tools.h
Examining data/zimlib-6.3.0/test/uuid.cpp
Examining data/zimlib-6.3.0/test/zimfile.cpp
FINAL RESULTS:
data/zimlib-6.3.0/src/envvalue.cpp:27:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* v = ::getenv(env);
data/zimlib-6.3.0/src/envvalue.cpp:38:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* v = ::getenv(env);
data/zimlib-6.3.0/src/fs_windows.cpp:41:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&m_criticalSection);
data/zimlib-6.3.0/src/fs_windows.cpp:46:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&m_criticalSection);
data/zimlib-6.3.0/src/fs_windows.cpp:76:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&mp_impl->m_criticalSection);
data/zimlib-6.3.0/test/cluster.cpp:192:37: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char* SKIP_BIG_MEMORY_TEST = std::getenv("SKIP_BIG_MEMORY_TEST");
data/zimlib-6.3.0/test/tools.cpp:50:35: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* const TMPDIR = std::getenv("TMPDIR");
data/zimlib-6.3.0/include/zim/uuid.h:37:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Uuid(const char uuid[16])
data/zimlib-6.3.0/include/zim/uuid.h:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[16];
data/zimlib-6.3.0/src/buffer_reader.cpp:58:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, source.data(offset), size.v);
data/zimlib-6.3.0/src/bufferstreamer.h:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[N];
data/zimlib-6.3.0/src/bufferstreamer.h:52:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, m_current, N);
data/zimlib-6.3.0/src/compression.h:116:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_ret_data.get(), ret_data.get(), stream.total_out);
data/zimlib-6.3.0/src/compression.h:231:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_ret_data.get(), ret_data.get(), stream.total_out);
data/zimlib-6.3.0/src/fileheader.cpp:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[Fileheader::size];
data/zimlib-6.3.0/src/fileimpl.cpp:442:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexdigest[33];
data/zimlib-6.3.0/src/fileimpl.cpp:493:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char chksumCalc[16];
data/zimlib-6.3.0/src/fs_unix.cpp:80:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filepath.c_str(), O_RDONLY);
data/zimlib-6.3.0/src/fs_windows.cpp:136:15: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
auto size = MultiByteToWideChar(CP_UTF8, 0,
data/zimlib-6.3.0/src/fs_windows.cpp:139:14: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
auto ret = MultiByteToWideChar(CP_UTF8, 0,
data/zimlib-6.3.0/src/istreamreader.h:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[N];
data/zimlib-6.3.0/src/md5.c:59:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define MD5_memcpy memcpy
data/zimlib-6.3.0/src/md5.c:62:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char PADDING[64] = {
data/zimlib-6.3.0/src/md5.c:163:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16], /* message digest */
data/zimlib-6.3.0/src/md5.c:166:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bits[8];
data/zimlib-6.3.0/src/md5.c:192:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char block[64])
data/zimlib-6.3.0/src/md5.c:338:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((char *)output)[i] = (char)value;
data/zimlib-6.3.0/src/md5.h:91:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[64]; /* input buffer */
data/zimlib-6.3.0/src/reader.h:44:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_buf[sizeof(T)];
data/zimlib-6.3.0/src/search.cpp:75:66: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
result.insert( std::pair<std::string, int>(tmp_elems[0], atoi(tmp_elems[1].c_str())) );
data/zimlib-6.3.0/src/search_iterator.cpp:192:77: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return internal->get_document().get_value(2).empty() == true ? -1 : atoi(internal->get_document().get_value(2).c_str());
data/zimlib-6.3.0/src/search_iterator.cpp:196:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(internal->get_document().get_value(internal->search->valuesmap["size"]).c_str());
data/zimlib-6.3.0/src/search_iterator.cpp:212:77: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return internal->get_document().get_value(3).empty() == true ? -1 : atoi(internal->get_document().get_value(3).c_str());
data/zimlib-6.3.0/src/search_iterator.cpp:216:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(internal->get_document().get_value(internal->search->valuesmap["wordcount"]).c_str());
data/zimlib-6.3.0/src/writer/cluster.cpp:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_buf[sizeof(OFFSET_TYPE)];
data/zimlib-6.3.0/src/writer/cluster.cpp:270:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(data.value.c_str(), O_RDONLY);
data/zimlib-6.3.0/src/writer/creator.cpp:311:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_buff[sizeof(offset_type)];
data/zimlib-6.3.0/src/writer/creator.cpp:320:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_buff[sizeof(article_index_type)];
data/zimlib-6.3.0/src/writer/creator.cpp:329:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_buff[sizeof(offset_type)];
data/zimlib-6.3.0/src/writer/creator.cpp:342:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char batch_read[1024+1];
data/zimlib-6.3.0/src/writer/creator.cpp:356:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digest[16];
data/zimlib-6.3.0/src/writer/creator.cpp:393:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out_fd = open(zim_name.c_str(), O_RDWR|O_CREAT|O_TRUNC, mode);
data/zimlib-6.3.0/src/writer/dirent.cpp:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d[16];
data/zimlib-6.3.0/src/xapian/htmlparse.cc:140:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(s.substr(p - s.begin(), end - p).c_str());
data/zimlib-6.3.0/src/xapian/htmlparse.cc:156:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char seq[4];
data/zimlib-6.3.0/test/cluster.cpp:253:29: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
std::FILE* tmpfile = std::tmpfile();
data/zimlib-6.3.0/test/cluster.cpp:254:19: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
int fd = fileno(tmpfile);
data/zimlib-6.3.0/test/cluster.cpp:268:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_buf[sizeof(uint64_t)];
data/zimlib-6.3.0/test/cluster.cpp:308:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fflush(tmpfile);
data/zimlib-6.3.0/test/cluster.cpp:310:46: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
auto filePart = new zim::FilePart<>(fileno(tmpfile));
data/zimlib-6.3.0/test/cluster.cpp:335:10: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fclose(tmpfile);
data/zimlib-6.3.0/test/istreamreader.cpp:56:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char zerobuf[N] = {0};
data/zimlib-6.3.0/test/tools.cpp:43:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t cbase[MAX_PATH];
data/zimlib-6.3.0/test/tools.cpp:53:17: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
auto tmp_fd = mkstemp(&path_[0]);
data/zimlib-6.3.0/test/tools.cpp:74:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_ = open(path_.c_str(), O_RDWR);
data/zimlib-6.3.0/test/tools.h:63:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wpath_[MAX_PATH];
data/zimlib-6.3.0/include/zim/blob.h:62:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
&& std::equal(b1.data(), b1.data() + b1.size(), b2.data());
data/zimlib-6.3.0/include/zim/fileheader.h:75:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(const Reader& reader);
data/zimlib-6.3.0/include/zim/uuid.h:45:21: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
{ return std::equal(data, data+16, other.data); }
data/zimlib-6.3.0/src/buffer_reader.cpp:52:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void BufferReader::read(char* dest, offset_t offset, zsize_t size) const {
data/zimlib-6.3.0/src/buffer_reader.cpp:62:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char BufferReader::read(offset_t offset) const {
data/zimlib-6.3.0/src/buffer_reader.h:36:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(char* dest, offset_t offset, zsize_t size) const;
data/zimlib-6.3.0/src/buffer_reader.h:37:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char read(offset_t offset) const;
data/zimlib-6.3.0/src/bufferstreamer.h:48:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template<typename T> T read()
data/zimlib-6.3.0/src/cluster.cpp:50:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t clusterInfo = zimReader.read(offset);
data/zimlib-6.3.0/src/cluster.cpp:74:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::shared_ptr<Cluster> Cluster::read(const Reader& zimReader, offset_t clusterOffset)
data/zimlib-6.3.0/src/cluster.cpp:99:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
OFFSET_TYPE offset = m_reader->read<OFFSET_TYPE>();
data/zimlib-6.3.0/src/cluster.cpp:115:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
OFFSET_TYPE new_offset = seqReader.read<OFFSET_TYPE>();
data/zimlib-6.3.0/src/cluster.h:79:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static std::shared_ptr<Cluster> read(const Reader& zimReader, offset_t clusterOffset);
data/zimlib-6.3.0/src/compression.h:181:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader->read(raw_data.data(), startOffset, zim::zsize_t(inputSize));
data/zimlib-6.3.0/src/dirent.cpp:45:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint16_t mimeType = reader.read<uint16_t>();
data/zimlib-6.3.0/src/dirent.cpp:49:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint8_t extraLen = reader.read<uint8_t>();
data/zimlib-6.3.0/src/dirent.cpp:50:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char ns = reader.read<char>();
data/zimlib-6.3.0/src/dirent.cpp:51:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t version = reader.read<uint32_t>();
data/zimlib-6.3.0/src/dirent.cpp:57:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
article_index_t redirectIndex(reader.read<article_index_type>());
data/zimlib-6.3.0/src/dirent.cpp:72:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t clusterNumber = reader.read<uint32_t>();
data/zimlib-6.3.0/src/dirent.cpp:73:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t blobNumber = reader.read<uint32_t>();
data/zimlib-6.3.0/src/file_reader.cpp:63:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char FileReader::read(offset_t offset) const {
data/zimlib-6.3.0/src/file_reader.cpp:90:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void FileReader::read(char* dest, offset_t offset, zsize_t size) const {
data/zimlib-6.3.0/src/file_reader.cpp:203:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(const_cast<char*>(ret_buffer.data()), offset, size);
data/zimlib-6.3.0/src/file_reader.h:37:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char read(offset_t offset) const;
data/zimlib-6.3.0/src/file_reader.h:38:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(char* dest, offset_t offset, zsize_t size) const;
data/zimlib-6.3.0/src/fileheader.cpp:67:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void Fileheader::read(const Reader& reader)
data/zimlib-6.3.0/src/fileheader.cpp:71:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t magicNumber = seqReader.read<uint32_t>();
data/zimlib-6.3.0/src/fileheader.cpp:79:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint16_t major_version = seqReader.read<uint16_t>();
data/zimlib-6.3.0/src/fileheader.cpp:88:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
setMinorVersion(seqReader.read<uint16_t>());
data/zimlib-6.3.0/src/fileheader.cpp:95:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
setArticleCount(seqReader.read<uint32_t>());
data/zimlib-6.3.0/src/fileheader.cpp:96:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
setClusterCount(seqReader.read<uint32_t>());
data/zimlib-6.3.0/src/fileheader.cpp:97:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
setUrlPtrPos(seqReader.read<uint64_t>());
data/zimlib-6.3.0/src/fileheader.cpp:98:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
setTitleIdxPos(seqReader.read<uint64_t>());
data/zimlib-6.3.0/src/fileheader.cpp:99:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
setClusterPtrPos(seqReader.read<uint64_t>());
data/zimlib-6.3.0/src/fileheader.cpp:100:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
setMimeListPos(seqReader.read<uint64_t>());
data/zimlib-6.3.0/src/fileheader.cpp:101:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
setMainPage(seqReader.read<uint32_t>());
data/zimlib-6.3.0/src/fileheader.cpp:102:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
setLayoutPage(seqReader.read<uint32_t>());
data/zimlib-6.3.0/src/fileheader.cpp:103:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
setChecksumPos(seqReader.read<uint64_t>());
data/zimlib-6.3.0/src/fileimpl.cpp:92:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
header.read(*zimReader);
data/zimlib-6.3.0/src/fileimpl.cpp:164:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset_type len = strlen(buffer.data(current));
data/zimlib-6.3.0/src/fileimpl.cpp:325:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zimReader->read(bufferDirentZone.data(), indexOffset, bufferSize);
data/zimlib-6.3.0/src/fileimpl.cpp:369:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return Cluster::read(*zimReader, clusterOffset);
data/zimlib-6.3.0/src/istreamreader.h:57:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template<typename T> T read();
data/zimlib-6.3.0/src/istreamreader.h:77:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
IStreamReader::read()
data/zimlib-6.3.0/src/narrowdown.h:146:25: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
const auto m = std::mismatch(a.begin(), a.begin()+minlen, b.begin());
data/zimlib-6.3.0/src/rawstreamreader.h:40:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_reader->read(buf, m_readerPos, zsize_t(nbytes));
data/zimlib-6.3.0/src/reader.h:39:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void read(char* dest, offset_t offset, zsize_t size) const = 0;
data/zimlib-6.3.0/src/reader.h:45:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(tmp_buf, offset, zsize_t(sizeof(T)));
data/zimlib-6.3.0/src/reader.h:48:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual char read(offset_t offset) const = 0;
data/zimlib-6.3.0/src/writer/cluster.cpp:276:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
auto r = read(fd, buffer, 1024*1024);
data/zimlib-6.3.0/src/writer/creator.cpp:346:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
auto r = read(out_fd, batch_read, 1024);
data/zimlib-6.3.0/test/bufferstreamer.cpp:44:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT_EQ(1234, bds.read<uint32_t>());
data/zimlib-6.3.0/test/bufferstreamer.cpp:56:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT_EQ(-987654321, bds.read<int64_t>());
data/zimlib-6.3.0/test/cluster.cpp:100:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const auto cluster2shptr = zim::Cluster::read(zim::BufferReader(buffer), zim::offset_t(0));
data/zimlib-6.3.0/test/cluster.cpp:120:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const auto cluster2shptr = zim::Cluster::read(zim::BufferReader(buffer), zim::offset_t(0));
data/zimlib-6.3.0/test/cluster.cpp:144:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const auto cluster2shptr = zim::Cluster::read(zim::BufferReader(buffer), zim::offset_t(0));
data/zimlib-6.3.0/test/cluster.cpp:171:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const auto cluster2shptr = zim::Cluster::read(zim::BufferReader(buffer), zim::offset_t(0));
data/zimlib-6.3.0/test/cluster.cpp:236:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const auto cluster2shptr = zim::Cluster::read(zim::BufferReader(buffer), zim::offset_t(0));
data/zimlib-6.3.0/test/cluster.cpp:312:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const auto cluster2shptr = zim::Cluster::read(zim::FileReader(fileCompound), zim::offset_t(0));
data/zimlib-6.3.0/test/header.cpp:73:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
header2.read(zim::BufferReader(buffer));
data/zimlib-6.3.0/test/istreamreader.cpp:42:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
TEST(IStreamReader, read)
data/zimlib-6.3.0/test/istreamreader.cpp:46:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
EXPECT_EQ(0, ids.read<int>());
data/zimlib-6.3.0/test/istreamreader.cpp:47:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
EXPECT_EQ(0L, ids.read<long>());
data/zimlib-6.3.0/test/rawstreamreader.cpp:46:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT_EQ(1234, rdr.read<uint32_t>());
data/zimlib-6.3.0/test/rawstreamreader.cpp:51:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ASSERT_EQ(-987654321, rdr.read<int64_t>());
data/zimlib-6.3.0/test/tools.h:97:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(tmp_fd, const_cast<char*>(buf.data()), size) == -1)
ANALYSIS SUMMARY:
Hits = 123
Lines analyzed = 13680 in approximately 0.47 seconds (29159 lines/second)
Physical Source Lines of Code (SLOC) = 9401
Hits@level = [0] 1 [1] 67 [2] 49 [3] 7 [4] 0 [5] 0
Hits@level+ = [0+] 124 [1+] 123 [2+] 56 [3+] 7 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 13.1901 [1+] 13.0837 [2+] 5.95681 [3+] 0.744602 [4+] 0 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.