Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/cbor2-5.2.0/source/decoder.c Examining data/cbor2-5.2.0/source/decoder.h Examining data/cbor2-5.2.0/source/encoder.c Examining data/cbor2-5.2.0/source/encoder.h Examining data/cbor2-5.2.0/source/halffloat.c Examining data/cbor2-5.2.0/source/halffloat.h Examining data/cbor2-5.2.0/source/module.c Examining data/cbor2-5.2.0/source/module.h Examining data/cbor2-5.2.0/source/tags.c Examining data/cbor2-5.2.0/source/tags.h FINAL RESULTS: data/cbor2-5.2.0/source/decoder.c:350:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, data, size); data/cbor2-5.2.0/source/decoder.c:416:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. union { uint64_t value; char buf[sizeof(uint64_t)]; } u64; data/cbor2-5.2.0/source/decoder.c:417:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. union { uint32_t value; char buf[sizeof(uint32_t)]; } u32; data/cbor2-5.2.0/source/decoder.c:418:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. union { uint16_t value; char buf[sizeof(uint16_t)]; } u16; data/cbor2-5.2.0/source/decoder.c:419:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. union { uint8_t value; char buf[sizeof(uint8_t)]; } u8; data/cbor2-5.2.0/source/decoder.c:1523:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[sizeof(uint16_t)]; data/cbor2-5.2.0/source/decoder.c:1541:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[sizeof(float)]; data/cbor2-5.2.0/source/decoder.c:1561:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[sizeof(double)]; data/cbor2-5.2.0/source/encoder.c:341:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[sizeof(LeadByte) + sizeof(uint64_t)]; data/cbor2-5.2.0/source/encoder.c:1392:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[sizeof(double)]; data/cbor2-5.2.0/source/encoder.c:1494:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[sizeof(double)]; data/cbor2-5.2.0/source/encoder.c:1500:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[sizeof(float)]; data/cbor2-5.2.0/source/encoder.c:1505:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[sizeof(uint16_t)]; data/cbor2-5.2.0/source/decoder.c:76:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Py_VISIT(self->read); data/cbor2-5.2.0/source/decoder.c:88:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Py_CLEAR(self->read); data/cbor2-5.2.0/source/decoder.c:177:45: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). PyObject *ret = PyMethod_GET_SELF(self->read); data/cbor2-5.2.0/source/decoder.c:187:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). PyObject *tmp, *read; data/cbor2-5.2.0/source/decoder.c:194:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!(read && PyCallable_Check(read))) { data/cbor2-5.2.0/source/decoder.c:194:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!(read && PyCallable_Check(read))) { data/cbor2-5.2.0/source/decoder.c:201:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). tmp = self->read; data/cbor2-5.2.0/source/decoder.c:202:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). self->read = read; data/cbor2-5.2.0/source/decoder.c:345:50: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). obj = PyObject_CallFunctionObjArgs(self->read, size_obj, NULL); data/cbor2-5.2.0/source/decoder.c:1633:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). save_read = self->read; data/cbor2-5.2.0/source/decoder.c:1637:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (self->read) { data/cbor2-5.2.0/source/decoder.c:1639:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Py_DECREF(self->read); data/cbor2-5.2.0/source/decoder.h:8:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). PyObject *read; // cached read() method of fp data/cbor2-5.2.0/source/module.c:947:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). INTERN_STRING(read); ANALYSIS SUMMARY: Hits = 27 Lines analyzed = 5698 in approximately 0.26 seconds (21967 lines/second) Physical Source Lines of Code (SLOC) = 4751 Hits@level = [0] 0 [1] 14 [2] 13 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 27 [1+] 27 [2+] 13 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 5.68301 [1+] 5.68301 [2+] 2.73627 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.