Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cg3-1.3.1/include/cycle.h
Examining data/cg3-1.3.1/include/posix/popen_plus.cpp
Examining data/cg3-1.3.1/include/posix/popen_plus.hpp
Examining data/cg3-1.3.1/include/uoptions.hpp
Examining data/cg3-1.3.1/include/win32/getopt.cpp
Examining data/cg3-1.3.1/include/win32/getopt.h
Examining data/cg3-1.3.1/src/AST.hpp
Examining data/cg3-1.3.1/src/ApertiumApplicator.cpp
Examining data/cg3-1.3.1/src/ApertiumApplicator.hpp
Examining data/cg3-1.3.1/src/BinaryGrammar.cpp
Examining data/cg3-1.3.1/src/BinaryGrammar.hpp
Examining data/cg3-1.3.1/src/BinaryGrammar_read.cpp
Examining data/cg3-1.3.1/src/BinaryGrammar_read_10043.cpp
Examining data/cg3-1.3.1/src/BinaryGrammar_write.cpp
Examining data/cg3-1.3.1/src/Cohort.cpp
Examining data/cg3-1.3.1/src/Cohort.hpp
Examining data/cg3-1.3.1/src/CohortIterator.cpp
Examining data/cg3-1.3.1/src/CohortIterator.hpp
Examining data/cg3-1.3.1/src/ContextualTest.cpp
Examining data/cg3-1.3.1/src/ContextualTest.hpp
Examining data/cg3-1.3.1/src/FSTApplicator.cpp
Examining data/cg3-1.3.1/src/FSTApplicator.hpp
Examining data/cg3-1.3.1/src/FormatConverter.cpp
Examining data/cg3-1.3.1/src/FormatConverter.hpp
Examining data/cg3-1.3.1/src/Grammar.cpp
Examining data/cg3-1.3.1/src/Grammar.hpp
Examining data/cg3-1.3.1/src/GrammarApplicator.cpp
Examining data/cg3-1.3.1/src/GrammarApplicator.hpp
Examining data/cg3-1.3.1/src/GrammarApplicator_matchSet.cpp
Examining data/cg3-1.3.1/src/GrammarApplicator_reflow.cpp
Examining data/cg3-1.3.1/src/GrammarApplicator_runContextualTest.cpp
Examining data/cg3-1.3.1/src/GrammarApplicator_runGrammar.cpp
Examining data/cg3-1.3.1/src/GrammarApplicator_runRules.cpp
Examining data/cg3-1.3.1/src/GrammarWriter.cpp
Examining data/cg3-1.3.1/src/GrammarWriter.hpp
Examining data/cg3-1.3.1/src/IGrammarParser.hpp
Examining data/cg3-1.3.1/src/MatxinApplicator.cpp
Examining data/cg3-1.3.1/src/MatxinApplicator.hpp
Examining data/cg3-1.3.1/src/MweSplitApplicator.cpp
Examining data/cg3-1.3.1/src/MweSplitApplicator.hpp
Examining data/cg3-1.3.1/src/NicelineApplicator.cpp
Examining data/cg3-1.3.1/src/NicelineApplicator.hpp
Examining data/cg3-1.3.1/src/PlaintextApplicator.cpp
Examining data/cg3-1.3.1/src/PlaintextApplicator.hpp
Examining data/cg3-1.3.1/src/Reading.cpp
Examining data/cg3-1.3.1/src/Reading.hpp
Examining data/cg3-1.3.1/src/Relabeller.cpp
Examining data/cg3-1.3.1/src/Relabeller.hpp
Examining data/cg3-1.3.1/src/Rule.cpp
Examining data/cg3-1.3.1/src/Rule.hpp
Examining data/cg3-1.3.1/src/Set.cpp
Examining data/cg3-1.3.1/src/Set.hpp
Examining data/cg3-1.3.1/src/SingleWindow.cpp
Examining data/cg3-1.3.1/src/SingleWindow.hpp
Examining data/cg3-1.3.1/src/Strings.cpp
Examining data/cg3-1.3.1/src/Strings.hpp
Examining data/cg3-1.3.1/src/Tag.cpp
Examining data/cg3-1.3.1/src/Tag.hpp
Examining data/cg3-1.3.1/src/TagTrie.hpp
Examining data/cg3-1.3.1/src/TextualParser.cpp
Examining data/cg3-1.3.1/src/TextualParser.hpp
Examining data/cg3-1.3.1/src/Window.cpp
Examining data/cg3-1.3.1/src/Window.hpp
Examining data/cg3-1.3.1/src/all_cg_comp.cpp
Examining data/cg3-1.3.1/src/all_cg_conv.cpp
Examining data/cg3-1.3.1/src/all_cg_proc.cpp
Examining data/cg3-1.3.1/src/all_vislcg3.cpp
Examining data/cg3-1.3.1/src/bloomish.hpp
Examining data/cg3-1.3.1/src/cg-mwesplit.cpp
Examining data/cg3-1.3.1/src/cg-relabel.cpp
Examining data/cg3-1.3.1/src/cg3.h
Examining data/cg3-1.3.1/src/cg_comp.cpp
Examining data/cg3-1.3.1/src/cg_conv.cpp
Examining data/cg3-1.3.1/src/cg_proc.cpp
Examining data/cg3-1.3.1/src/flat_unordered_map.hpp
Examining data/cg3-1.3.1/src/flat_unordered_set.hpp
Examining data/cg3-1.3.1/src/icu_uoptions.cpp
Examining data/cg3-1.3.1/src/inlines.hpp
Examining data/cg3-1.3.1/src/interval_vector.hpp
Examining data/cg3-1.3.1/src/libcg3.cpp
Examining data/cg3-1.3.1/src/main.cpp
Examining data/cg3-1.3.1/src/options.hpp
Examining data/cg3-1.3.1/src/options_conv.hpp
Examining data/cg3-1.3.1/src/parser_helpers.hpp
Examining data/cg3-1.3.1/src/process.hpp
Examining data/cg3-1.3.1/src/scoped_stack.hpp
Examining data/cg3-1.3.1/src/sorted_vector.hpp
Examining data/cg3-1.3.1/src/stdafx.hpp
Examining data/cg3-1.3.1/src/streambuf.hpp
Examining data/cg3-1.3.1/src/test_libcg3.c
Examining data/cg3-1.3.1/src/uextras.cpp
Examining data/cg3-1.3.1/src/uextras.hpp
Examining data/cg3-1.3.1/src/version.hpp
FINAL RESULTS:
data/cg3-1.3.1/include/posix/popen_plus.cpp:84:9: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(_PATH_BSHELL, argv);
data/cg3-1.3.1/include/posix/popen_plus.cpp:155:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(command);
data/cg3-1.3.1/include/posix/popen_plus.cpp:165:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(command);
data/cg3-1.3.1/include/posix/popen_plus.cpp:175:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(command);
data/cg3-1.3.1/include/posix/popen_plus.cpp:185:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(command);
data/cg3-1.3.1/include/uoptions.hpp:144:57: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define uprv_strcpy(dst, src) U_STANDARD_CPP_NAMESPACE strcpy(dst, src)
data/cg3-1.3.1/include/uoptions.hpp:149:56: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define uprv_strcat(dst, src) U_STANDARD_CPP_NAMESPACE strcat(dst, src)
data/cg3-1.3.1/src/uextras.cpp:40:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, in);
data/cg3-1.3.1/src/uextras.cpp:43:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, dir);
data/cg3-1.3.1/include/win32/getopt.cpp:31:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int argc, char **argv, const char *opts) {
data/cg3-1.3.1/include/win32/getopt.h:10:5: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
int getopt(int argc, char** argv, const char* opts);
data/cg3-1.3.1/src/cg_proc.cpp:116:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, "ds:f:tr:n1wvhz", long_options, &option_index);
data/cg3-1.3.1/src/cg_proc.cpp:118:7: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt(argc, argv, "ds:f:tr:in1wvhz");
data/cg3-1.3.1/src/main.cpp:39:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(static_cast<uint32_t>(time(0)));
data/cg3-1.3.1/include/cycle.h:493:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open ("/dev/mem", O_RDONLY | O_SYNC, 0);
data/cg3-1.3.1/include/posix/popen_plus.cpp:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4];
data/cg3-1.3.1/include/posix/popen_plus.cpp:152:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[64];
data/cg3-1.3.1/include/posix/popen_plus.cpp:154:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "kill -9 %d", process->pid);
data/cg3-1.3.1/include/posix/popen_plus.cpp:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[64];
data/cg3-1.3.1/include/posix/popen_plus.cpp:164:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "kill -9 %d", process_id);
data/cg3-1.3.1/include/posix/popen_plus.cpp:172:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[64];
data/cg3-1.3.1/include/posix/popen_plus.cpp:174:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "kill -TERM %d", process->pid);
data/cg3-1.3.1/include/posix/popen_plus.cpp:182:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[64];
data/cg3-1.3.1/include/posix/popen_plus.cpp:184:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "kill -TERM %d", process_id);
data/cg3-1.3.1/include/win32/getopt.cpp:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[2];\
data/cg3-1.3.1/src/BinaryGrammar.cpp:61:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input.open(filename, std::ios::binary);
data/cg3-1.3.1/src/BinaryGrammar_read.cpp:165:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(uint64_t) + sizeof(int32_t)] = {};
data/cg3-1.3.1/src/FSTApplicator.cpp:198:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/cg3-1.3.1/src/FSTApplicator.cpp:205:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
i = sprintf(buf, "%f", NUMERIC_MAX);
data/cg3-1.3.1/src/FSTApplicator.cpp:210:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
i = sprintf(buf, "%f", weight);
data/cg3-1.3.1/src/Set.cpp:50:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t n = sprintf(&cbuffers[0][0], "_G_%u_%u_", line, to);
data/cg3-1.3.1/src/cg-relabel.cpp:112:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* gout = fopen(argv[3], "wb");
data/cg3-1.3.1/src/cg_comp.cpp:68:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* input = fopen(argv[1], "rb");
data/cg3-1.3.1/src/cg_comp.cpp:108:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* gout = fopen(argv[2], "wb");
data/cg3-1.3.1/src/cg_proc.cpp:135:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stream_format = atoi(optarg);
data/cg3-1.3.1/src/cg_proc.cpp:150:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sections = atoi(optarg);
data/cg3-1.3.1/src/cg_proc.cpp:204:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* in = fopen(argv[optind], "rb");
data/cg3-1.3.1/src/inlines.hpp:547:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t low = abs(atoi(comma)), high = low;
data/cg3-1.3.1/src/inlines.hpp:552:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
high = abs(atoi(delim + 1));
data/cg3-1.3.1/src/main.cpp:197:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* input = fopen(options[GRAMMAR].value, "rb");
data/cg3-1.3.1/src/main.cpp:223:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t verbosity_level = abs(atoi(options[VERBOSE].value));
data/cg3-1.3.1/src/main.cpp:371:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* gout = fopen(options[GRAMMAR_BIN].value, "wb");
data/cg3-1.3.1/src/main.cpp:463:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
applicator.section_max_count = abs(atoi(options[MAXRUNS].value));
data/cg3-1.3.1/src/main.cpp:473:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
applicator.valid_rules.push_back(atoi(options[RULE].value));
data/cg3-1.3.1/src/main.cpp:490:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
applicator.verbosity_level = abs(atoi(options[VERBOSE].value));
data/cg3-1.3.1/src/main.cpp:498:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
applicator.debug_level = abs(atoi(options[DODEBUG].value));
data/cg3-1.3.1/src/main.cpp:506:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
applicator.num_windows = abs(atoi(options[NUM_WINDOWS].value));
data/cg3-1.3.1/src/main.cpp:509:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
applicator.soft_limit = abs(atoi(options[SOFT_LIMIT].value));
data/cg3-1.3.1/src/main.cpp:512:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
applicator.hard_limit = abs(atoi(options[HARD_LIMIT].value));
data/cg3-1.3.1/src/main.cpp:516:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
applicator.dep_delimit = abs(atoi(options[DEP_DELIMIT].value));
data/cg3-1.3.1/src/uextras.cpp:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32768] = { 0 };
data/cg3-1.3.1/src/uextras.cpp:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/cg3-1.3.1/src/uextras.cpp:188:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _buf8[size(_buf16) * 3];
data/cg3-1.3.1/src/uextras.cpp:246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf8[5];
data/cg3-1.3.1/include/uoptions.hpp:145:63: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define uprv_strncpy(dst, src, size) U_STANDARD_CPP_NAMESPACE strncpy(dst, src, size)
data/cg3-1.3.1/include/uoptions.hpp:146:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define uprv_strlen(str) U_STANDARD_CPP_NAMESPACE strlen(str)
data/cg3-1.3.1/include/uoptions.hpp:150:60: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
#define uprv_strncat(dst, src, n) U_STANDARD_CPP_NAMESPACE strncat(dst, src, n)
data/cg3-1.3.1/include/win32/getopt.cpp:22:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) fwrite(argv[0], (unsigned)strlen(argv[0]), 1, stderr);\
data/cg3-1.3.1/include/win32/getopt.cpp:23:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void) fwrite(s, (unsigned)strlen(s), 1, stderr);\
data/cg3-1.3.1/src/Cohort.cpp:165:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void Cohort::appendReading(Reading* read, ReadingList& readings) {
data/cg3-1.3.1/src/Cohort.cpp:166:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readings.push_back(read);
data/cg3-1.3.1/src/Cohort.cpp:173:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void Cohort::appendReading(Reading* read) {
data/cg3-1.3.1/src/Cohort.cpp:174:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return appendReading(read, readings);
data/cg3-1.3.1/src/Cohort.cpp:179:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readings.push_back(read);
data/cg3-1.3.1/src/Cohort.cpp:184:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/cg3-1.3.1/src/Cohort.cpp:189:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readings.push_back(read);
data/cg3-1.3.1/src/Cohort.cpp:194:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/cg3-1.3.1/src/Cohort.hpp:86:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void appendReading(Reading* read, ReadingList& readings);
data/cg3-1.3.1/src/Cohort.hpp:87:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void appendReading(Reading* read);
data/cg3-1.3.1/src/GrammarApplicator.cpp:685:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
input.read(&buf[0], cs);
data/cg3-1.3.1/src/TextualParser.cpp:2309:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read >= grammar_size * 2 - 1) {
data/cg3-1.3.1/src/TextualParser.cpp:2582:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read >= result->grammar_size * 2 - 1) {
data/cg3-1.3.1/src/cg-mwesplit.cpp:66:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(options[i].longName);
data/cg3-1.3.1/src/cg-mwesplit.cpp:80:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ldiff = longest - strlen(options[i].longName);
data/cg3-1.3.1/src/cg-relabel.cpp:56:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!input.read(&cbuffers[0][0], 4)) {
data/cg3-1.3.1/src/cg_conv.cpp:56:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(options[i].longName);
data/cg3-1.3.1/src/cg_conv.cpp:70:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ldiff = longest - strlen(options[i].longName);
data/cg3-1.3.1/src/cg_conv.cpp:140:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::cin.read(&buf8[0], BUF_SIZE - 4);
data/cg3-1.3.1/src/cg_conv.cpp:146:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!std::cin.read(&buf8[sz], 3 - i)) {
data/cg3-1.3.1/src/cg_conv.cpp:154:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!std::cin.read(&buf8[sz], 2 - i)) {
data/cg3-1.3.1/src/cg_conv.cpp:162:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!std::cin.read(&buf8[sz], 1 - i)) {
data/cg3-1.3.1/src/cg_conv.cpp:236:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
auto sn = static_cast<int32_t>(strlen(options[MAPPING_PREFIX].value));
data/cg3-1.3.1/src/cg_conv.cpp:244:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
auto sn = static_cast<int32_t>(strlen(options[SUB_DELIMITER].value));
data/cg3-1.3.1/src/cg_conv.cpp:253:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
auto sn = static_cast<int32_t>(strlen(options[FST_WTAG].value));
data/cg3-1.3.1/src/cg_proc.cpp:144:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(optarg) + 1;
data/cg3-1.3.1/src/inlines.hpp:170:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/cg3-1.3.1/src/inlines.hpp:400:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream.read(reinterpret_cast<char*>(&value), sizeof(T));
data/cg3-1.3.1/src/inlines.hpp:429:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
input.read(&buffer[0], len);
data/cg3-1.3.1/src/inlines.hpp:499:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream.read(reinterpret_cast<char*>(&tmp), sizeof(T));
data/cg3-1.3.1/src/inlines.hpp:504:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream.read(reinterpret_cast<char*>(&tmp), sizeof(T));
data/cg3-1.3.1/src/inlines.hpp:509:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream.read(reinterpret_cast<char*>(&tmp), sizeof(T));
data/cg3-1.3.1/src/inlines.hpp:514:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream.read(reinterpret_cast<char*>(&tmp), sizeof(T));
data/cg3-1.3.1/src/inlines.hpp:672:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!stream.read(static_cast<char*>(buffer), size * count)) {
data/cg3-1.3.1/src/libcg3.cpp:97:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!input.read(&cbuffers[0][0], 4)) {
data/cg3-1.3.1/src/libcg3.cpp:502:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_strFromUTF8(&gbuffers[0][0], CG3_BUFFER_SIZE - 1, 0, text, static_cast<int32_t>(strlen(text)), &status);
data/cg3-1.3.1/src/libcg3.cpp:535:83: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_strFromWCS(&gbuffers[0][0], CG3_BUFFER_SIZE - 1, 0, text, static_cast<int32_t>(wcslen(text)), &status);
data/cg3-1.3.1/src/main.cpp:79:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(options[i].longName);
data/cg3-1.3.1/src/main.cpp:93:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ldiff = longest - strlen(options[i].longName);
data/cg3-1.3.1/src/main.cpp:252:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sn = strlen(options[MAPPING_PREFIX].value);
data/cg3-1.3.1/src/main.cpp:477:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sn = strlen(options[RULE].value);
data/cg3-1.3.1/src/process.hpp:98:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(char *buffer, size_t count) {
data/cg3-1.3.1/src/process.hpp:180:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(char *buffer, size_t count) {
data/cg3-1.3.1/src/streambuf.hpp:45:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
auto c = fgetc(stream);
data/cg3-1.3.1/src/streambuf.hpp:109:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(s + i, count - i);
data/cg3-1.3.1/src/uextras.cpp:46:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t tlen = strlen(tmp);
data/cg3-1.3.1/src/uextras.cpp:101:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!input.read(buf + i, 3)) {
data/cg3-1.3.1/src/uextras.cpp:107:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!input.read(buf + i, 2)) {
data/cg3-1.3.1/src/uextras.cpp:113:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!input.read(buf + i, 1)) {
ANALYSIS SUMMARY:
Hits = 108
Lines analyzed = 29454 in approximately 0.72 seconds (40780 lines/second)
Physical Source Lines of Code (SLOC) = 23771
Hits@level = [0] 58 [1] 54 [2] 40 [3] 5 [4] 9 [5] 0
Hits@level+ = [0+] 166 [1+] 108 [2+] 54 [3+] 14 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 6.9833 [1+] 4.54335 [2+] 2.27168 [3+] 0.588953 [4+] 0.378613 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.