stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bitshuffle-0.3.5/lz4/lz4.c
Examining data/bitshuffle-0.3.5/lz4/lz4.h
Examining data/bitshuffle-0.3.5/lzf/example.c
Examining data/bitshuffle-0.3.5/lzf/lzf/lzf.h
Examining data/bitshuffle-0.3.5/lzf/lzf/lzfP.h
Examining data/bitshuffle-0.3.5/lzf/lzf/lzf_c.c
Examining data/bitshuffle-0.3.5/lzf/lzf/lzf_d.c
Examining data/bitshuffle-0.3.5/lzf/lzf_filter.c
Examining data/bitshuffle-0.3.5/lzf/lzf_filter.h
Examining data/bitshuffle-0.3.5/src/bitshuffle.c
Examining data/bitshuffle-0.3.5/src/bitshuffle.h
Examining data/bitshuffle-0.3.5/src/bitshuffle_core.c
Examining data/bitshuffle-0.3.5/src/bitshuffle_core.h
Examining data/bitshuffle-0.3.5/src/bitshuffle_internals.h
Examining data/bitshuffle-0.3.5/src/bshuf_h5filter.c
Examining data/bitshuffle-0.3.5/src/bshuf_h5filter.h
Examining data/bitshuffle-0.3.5/src/bshuf_h5plugin.c
Examining data/bitshuffle-0.3.5/src/iochain.c
Examining data/bitshuffle-0.3.5/src/iochain.h
Examining data/bitshuffle-0.3.5/src/lzf_h5plugin.c

FINAL RESULTS:

data/bitshuffle-0.3.5/lz4/lz4.c:148:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&val16, memPtr, 2);
data/bitshuffle-0.3.5/lz4/lz4.c:169:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(memPtr, &value, 2);
data/bitshuffle-0.3.5/lz4/lz4.c:182:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&val32, memPtr, 4);
data/bitshuffle-0.3.5/lz4/lz4.c:189:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&val64, memPtr, 8);
data/bitshuffle-0.3.5/lz4/lz4.c:202:59:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void LZ4_copy4(void* dstPtr, const void* srcPtr) { memcpy(dstPtr, srcPtr, 4); }
data/bitshuffle-0.3.5/lz4/lz4.c:204:59:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void LZ4_copy8(void* dstPtr, const void* srcPtr) { memcpy(dstPtr, srcPtr, 8); }
data/bitshuffle-0.3.5/lz4/lz4.c:648:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(op, anchor, lastRun);
data/bitshuffle-0.3.5/lz4/lz4.c:884:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(op, anchor, lastRunSize);
data/bitshuffle-0.3.5/lz4/lz4.c:1186:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(op, ip, length);
data/bitshuffle-0.3.5/lz4/lz4.c:1228:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(op, dictEnd - copySize, copySize);
data/bitshuffle-0.3.5/lz4/lz4.c:1239:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(op, lowPrefix, copySize);
data/bitshuffle-0.3.5/src/bitshuffle.c:69:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((char *) out + 4, tmp_buf_lz4, nbytes);
data/bitshuffle-0.3.5/src/bitshuffle_core.c:137:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out_b, in_b, size * elem_size);
data/bitshuffle-0.3.5/src/bitshuffle_core.c:235:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&out_b[(jj*lda + ii) * elem_size],
data/bitshuffle-0.3.5/src/bitshuffle_core.c:1716:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(last_out, last_in, leftover_bytes);
data/bitshuffle-0.3.5/src/bshuf_h5filter.c:41:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[80];
data/bitshuffle-0.3.5/src/bshuf_h5filter.c:69:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(msg, "Error in bitshuffle. Invalid block size: %d.",
data/bitshuffle-0.3.5/src/bshuf_h5filter.c:100:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[80];
data/bitshuffle-0.3.5/src/bshuf_h5filter.c:181:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(msg, "Error in bitshuffle with error code %d.", err);

ANALYSIS SUMMARY:

Hits = 19
Lines analyzed = 5901 in approximately 0.17 seconds (34638 lines/second)
Physical Source Lines of Code (SLOC) = 3484
Hits@level = [0]   4 [1]   0 [2]  19 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  23 [1+]  19 [2+]  19 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 6.60161 [1+] 5.4535 [2+] 5.4535 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.