Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/zinnia-0.06/param.h
Examining data/zinnia-0.06/feature.h
Examining data/zinnia-0.06/zinnia.h
Examining data/zinnia-0.06/sexp.h
Examining data/zinnia-0.06/zinnia_learn.cpp
Examining data/zinnia-0.06/svm.cpp
Examining data/zinnia-0.06/ruby/zinnia_wrap.cpp
Examining data/zinnia-0.06/python/zinnia_wrap.cxx
Examining data/zinnia-0.06/libzinnia.cpp
Examining data/zinnia-0.06/perl/zinnia_wrap.cxx
Examining data/zinnia-0.06/sexp.cpp
Examining data/zinnia-0.06/sdk/example.cpp
Examining data/zinnia-0.06/sdk/example.c
Examining data/zinnia-0.06/feature.cpp
Examining data/zinnia-0.06/mmap.h
Examining data/zinnia-0.06/param.cpp
Examining data/zinnia-0.06/freelist.h
Examining data/zinnia-0.06/scoped_ptr.h
Examining data/zinnia-0.06/character.cpp
Examining data/zinnia-0.06/zinnia.cpp
Examining data/zinnia-0.06/svm.h
Examining data/zinnia-0.06/common.h
Examining data/zinnia-0.06/recognizer.cpp
Examining data/zinnia-0.06/swig/version.h
Examining data/zinnia-0.06/zinnia_convert.cpp
Examining data/zinnia-0.06/stream_wrapper.h
Examining data/zinnia-0.06/trainer.cpp
FINAL RESULTS:
data/zinnia-0.06/perl/zinnia_wrap.cxx:682:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r,name);
data/zinnia-0.06/perl/zinnia_wrap.cxx:1263:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r,SWIG_Perl_TypeProxyName(type));
data/zinnia-0.06/perl/zinnia_wrap.cxx:1884:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r, buf);
data/zinnia-0.06/python/zinnia_wrap.cxx:686:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r,name);
data/zinnia-0.06/python/zinnia_wrap.cxx:817:25: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define PyOS_snprintf _snprintf
data/zinnia-0.06/python/zinnia_wrap.cxx:819:25: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define PyOS_snprintf snprintf
data/zinnia-0.06/python/zinnia_wrap.cxx:836:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
res = vsnprintf(buf, sizeof(buf), fmt, ap);
data/zinnia-0.06/python/zinnia_wrap.cxx:3182:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r, buf);
data/zinnia-0.06/ruby/zinnia_wrap.cpp:790:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r,name);
data/zinnia-0.06/ruby/zinnia_wrap.cpp:1510:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(klass_name, "TYPE%s", type->name);
data/zinnia-0.06/ruby/zinnia_wrap.cpp:1566:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(klass_name, "TYPE%s", type->name);
data/zinnia-0.06/ruby/zinnia_wrap.cpp:1701:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r, type->name);
data/zinnia-0.06/ruby/zinnia_wrap.cpp:2089:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r, buf);
data/zinnia-0.06/scoped_ptr.h:66:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(p, str.c_str());
data/zinnia-0.06/scoped_ptr.h:72:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(p, str);
data/zinnia-0.06/character.cpp:138:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set_width(std::atoi(value));
data/zinnia-0.06/character.cpp:140:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
set_height(std::atoi(value));
data/zinnia-0.06/character.cpp:156:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int x = std::atoi(dot->car()->car()->atom());
data/zinnia-0.06/character.cpp:157:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int y = std::atoi(dot->car()->cdr()->car()->atom());
data/zinnia-0.06/character.cpp:185:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, buf.data(), buf.size());
data/zinnia-0.06/freelist.h:54:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
else memcpy(p, src, len * sizeof(T));
data/zinnia-0.06/libzinnia.cpp:158:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return recognizer->ptr->open(filename);
data/zinnia-0.06/libzinnia.cpp:163:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return recognizer->ptr->open(ptr, size);
data/zinnia-0.06/libzinnia.cpp:262:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!param.open(argc, argv, long_options)) {
data/zinnia-0.06/libzinnia.cpp:287:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
CHECK_DIE(recognizer->open(model.c_str())) << recognizer->what();
data/zinnia-0.06/libzinnia.cpp:323:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!param.open(argc, argv, long_options)) {
data/zinnia-0.06/libzinnia.cpp:375:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!param.open(argc, argv, long_options)) {
data/zinnia-0.06/mmap.h:60:49: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open__(const char* name, int flag) { return open(name, flag); }
data/zinnia-0.06/mmap.h:98:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const char *filename, const char *mode = "r") {
data/zinnia-0.06/mmap.h:148:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const char *filename, const char *mode = "r") {
data/zinnia-0.06/param.cpp:98:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool Param::open(int argc, char **argv, const Option *opts) {
data/zinnia-0.06/param.cpp:201:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool Param::open(const char *arg, const Option *opts) {
data/zinnia-0.06/param.cpp:202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[BUF_SIZE];
data/zinnia-0.06/param.cpp:216:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(size, ptr, opts);
data/zinnia-0.06/param.h:56:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(int argc, char **argv, const Option *opt);
data/zinnia-0.06/param.h:57:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const char *arg, const Option *opt);
data/zinnia-0.06/perl/zinnia_wrap.cxx:633:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hex[17] = "0123456789abcdef";
data/zinnia-0.06/perl/zinnia_wrap.cxx:1258:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[1024];
data/zinnia-0.06/perl/zinnia_wrap.cxx:1478:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#ifdef open
data/zinnia-0.06/perl/zinnia_wrap.cxx:1479:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#undef open
data/zinnia-0.06/perl/zinnia_wrap.cxx:1624:38: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
*cptr = reinterpret_cast< char* >(memcpy((new char[size]), cstr, sizeof(char)*(size)));
data/zinnia-0.06/perl/zinnia_wrap.cxx:1880:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192 * 16];
data/zinnia-0.06/perl/zinnia_wrap.cxx:2913:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
result = (bool)(arg1)->open((char const *)arg2);
data/zinnia-0.06/perl/zinnia_wrap.cxx:2970:32: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
result = (bool)(arg1)->open((char const *)arg2,arg3);
data/zinnia-0.06/perl/zinnia_wrap.cxx:4087:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
swig_create_magic(sv, (char *) swig_variables[i].name, swig_variables[i].set, swig_variables[i].get);
data/zinnia-0.06/perl/zinnia_wrap.cxx:4102:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sv_setpv(sv, (char *) swig_constants[i].pvalue);
data/zinnia-0.06/python/zinnia_wrap.cxx:637:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hex[17] = "0123456789abcdef";
data/zinnia-0.06/python/zinnia_wrap.cxx:789:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newstr, cstr, len+1);
data/zinnia-0.06/python/zinnia_wrap.cxx:833:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SWIG_PYBUFFER_SIZE * 2];
data/zinnia-0.06/python/zinnia_wrap.cxx:1519:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/zinnia-0.06/python/zinnia_wrap.cxx:1886:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/zinnia-0.06/python/zinnia_wrap.cxx:1900:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/zinnia-0.06/python/zinnia_wrap.cxx:1911:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/zinnia-0.06/python/zinnia_wrap.cxx:2041:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pack, ptr, size);
data/zinnia-0.06/python/zinnia_wrap.cxx:2059:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, sobj->pack, size);
data/zinnia-0.06/python/zinnia_wrap.cxx:2599:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mesg[256];
data/zinnia-0.06/python/zinnia_wrap.cxx:2909:40: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
*cptr = reinterpret_cast< char* >(memcpy((new char[len + 1]), cstr, sizeof(char)*(len + 1)));
data/zinnia-0.06/python/zinnia_wrap.cxx:3178:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192 * 16];
data/zinnia-0.06/python/zinnia_wrap.cxx:4051:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
result = (bool)(arg1)->open((char const *)arg2);
data/zinnia-0.06/python/zinnia_wrap.cxx:4104:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
result = (bool)(arg1)->open((char const *)arg2,arg3);
data/zinnia-0.06/recognizer.cpp:32:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, r, sizeof(T));
data/zinnia-0.06/recognizer.cpp:47:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, &x, sizeof(x));
data/zinnia-0.06/recognizer.cpp:76:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const char *filename);
data/zinnia-0.06/recognizer.cpp:77:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const char *ptr, size_t size);
data/zinnia-0.06/recognizer.cpp:103:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool RecognizerImpl::open(const char *filename) {
data/zinnia-0.06/recognizer.cpp:104:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
CHECK_FALSE(mmap_.open(filename))
data/zinnia-0.06/recognizer.cpp:107:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(mmap_.begin(), mmap_.file_size());
data/zinnia-0.06/recognizer.cpp:110:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool RecognizerImpl::open(const char *p, size_t ptr_size) {
data/zinnia-0.06/ruby/zinnia_wrap.cpp:741:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hex[17] = "0123456789abcdef";
data/zinnia-0.06/ruby/zinnia_wrap.cpp:1098:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/zinnia-0.06/ruby/zinnia_wrap.cpp:1111:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( buf, "%d of type ", argn-1 );
data/zinnia-0.06/ruby/zinnia_wrap.cpp:1696:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[1024];
data/zinnia-0.06/ruby/zinnia_wrap.cpp:1925:38: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
*cptr = reinterpret_cast< char* >(memcpy((new char[size]), cstr, sizeof(char)*(size)));
data/zinnia-0.06/ruby/zinnia_wrap.cpp:2085:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8192 * 16];
data/zinnia-0.06/ruby/zinnia_wrap.cpp:2970:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
result = (bool)(arg1)->open((char const *)arg2);
data/zinnia-0.06/ruby/zinnia_wrap.cpp:3023:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
result = (bool)(arg1)->open((char const *)arg2,arg3);
data/zinnia-0.06/sdk/example.cpp:10:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!recognizer->open("/usr/local/lib/zinnia/model/tomoe/handwriting-ja.model")) {
data/zinnia-0.06/trainer.cpp:180:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
is_binary = r->open(text_filename);
data/zinnia-0.06/trainer.cpp:192:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!mmap.open(binary.c_str(), "r")) {
data/zinnia-0.06/trainer.cpp:302:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char character[16];
data/zinnia-0.06/trainer.cpp:307:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const int index = std::atoi(col[i]);
data/zinnia-0.06/zinnia.h:156:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const char *filename) = 0;
data/zinnia-0.06/zinnia.h:157:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual bool open(const char *ptr, size_t size) = 0;
data/zinnia-0.06/character.cpp:24:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value_.assign(str, std::strlen(str));
data/zinnia-0.06/character.cpp:70:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return parse(str, std::strlen(str));
data/zinnia-0.06/character.cpp:116:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const Sexp::Cell *root_cell = sexp_->read(&begin, end);
data/zinnia-0.06/feature.cpp:60:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool Features::read(const Character &character) {
data/zinnia-0.06/feature.h:60:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(const Character &character);
data/zinnia-0.06/freelist.h:23:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t operator()(const char *str) const { return strlen(str) + 1; }
data/zinnia-0.06/mmap.h:180:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CHECK_CLOSE_FALSE(read(fd, text, length) >= 0)
data/zinnia-0.06/param.cpp:39:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = 1 + std::strlen(opts[i].name);
data/zinnia-0.06/param.cpp:41:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l += (1 + std::strlen(opts[i].arg_description));
data/zinnia-0.06/param.cpp:46:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = std::strlen(opts[i].name);
data/zinnia-0.06/param.cpp:48:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l += (1 + std::strlen(opts[i].arg_description));
data/zinnia-0.06/param.cpp:132:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nlen = std::strlen(opts[i].name);
data/zinnia-0.06/param.cpp:203:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(str, arg, sizeof(str));
data/zinnia-0.06/perl/zinnia_wrap.cxx:386:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* te = tb + strlen(tb);
data/zinnia-0.06/perl/zinnia_wrap.cxx:405:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* te = tb + strlen(tb);
data/zinnia-0.06/perl/zinnia_wrap.cxx:681:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/zinnia-0.06/perl/zinnia_wrap.cxx:702:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lname = (name ? strlen(name) : 0);
data/zinnia-0.06/perl/zinnia_wrap.cxx:707:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r,name,lname+1);
data/zinnia-0.06/perl/zinnia_wrap.cxx:1260:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((2*sz + 1 + strlen(SWIG_Perl_TypeProxyName(type))) > 1000) return;
data/zinnia-0.06/perl/zinnia_wrap.cxx:1348:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_magic(sv,sv,'U',(char *) name,strlen(name));
data/zinnia-0.06/perl/zinnia_wrap.cxx:1442:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#ifdef read
data/zinnia-0.06/perl/zinnia_wrap.cxx:1443:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#undef read
data/zinnia-0.06/perl/zinnia_wrap.cxx:1592:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
data/zinnia-0.06/perl/zinnia_wrap.cxx:1639:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (psize) *psize = vptr ? (strlen(vptr) + 1) : 0;
data/zinnia-0.06/perl/zinnia_wrap.cxx:1883:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *r = new char[strlen(buf) + 1];
data/zinnia-0.06/python/zinnia_wrap.cxx:390:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* te = tb + strlen(tb);
data/zinnia-0.06/python/zinnia_wrap.cxx:409:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* te = tb + strlen(tb);
data/zinnia-0.06/python/zinnia_wrap.cxx:685:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/zinnia-0.06/python/zinnia_wrap.cxx:706:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lname = (name ? strlen(name) : 0);
data/zinnia-0.06/python/zinnia_wrap.cxx:711:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r,name,lname+1);
data/zinnia-0.06/python/zinnia_wrap.cxx:870:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define PyString_AsStringAndSize(obj, s, len) {*s = PyString_AsString(obj); *len = *s ? strlen(*s) : 0;}
data/zinnia-0.06/python/zinnia_wrap.cxx:2864:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
data/zinnia-0.06/python/zinnia_wrap.cxx:2934:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0;
data/zinnia-0.06/python/zinnia_wrap.cxx:3181:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *r = new char[strlen(buf) + 1];
data/zinnia-0.06/python/zinnia_wrap.cxx:5293:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(name)+1;
data/zinnia-0.06/python/zinnia_wrap.cxx:5296:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gv->name,name,size);
data/zinnia-0.06/python/zinnia_wrap.cxx:5358:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(const_table[j].name)) == 0) {
data/zinnia-0.06/python/zinnia_wrap.cxx:5367:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lptr = strlen(ty->name)+2*sizeof(void*)+2;
data/zinnia-0.06/python/zinnia_wrap.cxx:5373:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buff, methods[i].ml_doc, ldoc);
data/zinnia-0.06/python/zinnia_wrap.cxx:5375:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buff, "swig_ptr: ", 10);
data/zinnia-0.06/recognizer.cpp:162:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!feature.read(character)) {
data/zinnia-0.06/ruby/zinnia_wrap.cpp:494:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* te = tb + strlen(tb);
data/zinnia-0.06/ruby/zinnia_wrap.cpp:513:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* te = tb + strlen(tb);
data/zinnia-0.06/ruby/zinnia_wrap.cpp:789:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/zinnia-0.06/ruby/zinnia_wrap.cpp:810:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lname = (name ? strlen(name) : 0);
data/zinnia-0.06/ruby/zinnia_wrap.cpp:815:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r,name,lname+1);
data/zinnia-0.06/ruby/zinnia_wrap.cpp:862:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#ifdef read
data/zinnia-0.06/ruby/zinnia_wrap.cpp:863:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# undef read
data/zinnia-0.06/ruby/zinnia_wrap.cpp:1509:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *klass_name = (char *) malloc(4 + strlen(type->name) + 1);
data/zinnia-0.06/ruby/zinnia_wrap.cpp:1565:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
klass_name = (char *) malloc(4 + strlen(type->name) + 1);
data/zinnia-0.06/ruby/zinnia_wrap.cpp:1698:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((2*sz + 1 + strlen(type->name)) > 1000) return 0;
data/zinnia-0.06/ruby/zinnia_wrap.cpp:1908:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
data/zinnia-0.06/ruby/zinnia_wrap.cpp:1940:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (psize) *psize = vptr ? (strlen((char*)vptr) + 1) : 0;
data/zinnia-0.06/ruby/zinnia_wrap.cpp:2088:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *r = new char[strlen(buf) + 1];
data/zinnia-0.06/scoped_ptr.h:71:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p = new char[std::strlen(str) + 1];
data/zinnia-0.06/sexp.cpp:50:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const Sexp::Cell *Sexp::read(char **begin, const char *end) {
data/zinnia-0.06/sexp.cpp:125:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cell->set_car(this->read(begin, end));
data/zinnia-0.06/sexp.h:58:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const Cell *read(char **begin, const char *end);
data/zinnia-0.06/trainer.cpp:25:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *stre = str + std::strlen(str);
data/zinnia-0.06/trainer.cpp:26:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *dele = del + std::strlen(del);
data/zinnia-0.06/trainer.cpp:99:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CHECK_FALSE(features.read(character)) << "cannot read character: " << y;
data/zinnia-0.06/trainer.cpp:303:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(character, col[0], sizeof(character));
ANALYSIS SUMMARY:
Hits = 145
Lines analyzed = 16649 in approximately 0.42 seconds (39314 lines/second)
Physical Source Lines of Code (SLOC) = 13268
Hits@level = [0] 51 [1] 62 [2] 68 [3] 0 [4] 15 [5] 0
Hits@level+ = [0+] 196 [1+] 145 [2+] 83 [3+] 15 [4+] 15 [5+] 0
Hits/KSLOC@level+ = [0+] 14.7724 [1+] 10.9285 [2+] 6.25565 [3+] 1.13054 [4+] 1.13054 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.