Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/cg3-1.3.1/include/cycle.h Examining data/cg3-1.3.1/include/posix/popen_plus.cpp Examining data/cg3-1.3.1/include/posix/popen_plus.hpp Examining data/cg3-1.3.1/include/uoptions.hpp Examining data/cg3-1.3.1/include/win32/getopt.cpp Examining data/cg3-1.3.1/include/win32/getopt.h Examining data/cg3-1.3.1/src/AST.hpp Examining data/cg3-1.3.1/src/ApertiumApplicator.cpp Examining data/cg3-1.3.1/src/ApertiumApplicator.hpp Examining data/cg3-1.3.1/src/BinaryGrammar.cpp Examining data/cg3-1.3.1/src/BinaryGrammar.hpp Examining data/cg3-1.3.1/src/BinaryGrammar_read.cpp Examining data/cg3-1.3.1/src/BinaryGrammar_read_10043.cpp Examining data/cg3-1.3.1/src/BinaryGrammar_write.cpp Examining data/cg3-1.3.1/src/Cohort.cpp Examining data/cg3-1.3.1/src/Cohort.hpp Examining data/cg3-1.3.1/src/CohortIterator.cpp Examining data/cg3-1.3.1/src/CohortIterator.hpp Examining data/cg3-1.3.1/src/ContextualTest.cpp Examining data/cg3-1.3.1/src/ContextualTest.hpp Examining data/cg3-1.3.1/src/FSTApplicator.cpp Examining data/cg3-1.3.1/src/FSTApplicator.hpp Examining data/cg3-1.3.1/src/FormatConverter.cpp Examining data/cg3-1.3.1/src/FormatConverter.hpp Examining data/cg3-1.3.1/src/Grammar.cpp Examining data/cg3-1.3.1/src/Grammar.hpp Examining data/cg3-1.3.1/src/GrammarApplicator.cpp Examining data/cg3-1.3.1/src/GrammarApplicator.hpp Examining data/cg3-1.3.1/src/GrammarApplicator_matchSet.cpp Examining data/cg3-1.3.1/src/GrammarApplicator_reflow.cpp Examining data/cg3-1.3.1/src/GrammarApplicator_runContextualTest.cpp Examining data/cg3-1.3.1/src/GrammarApplicator_runGrammar.cpp Examining data/cg3-1.3.1/src/GrammarApplicator_runRules.cpp Examining data/cg3-1.3.1/src/GrammarWriter.cpp Examining data/cg3-1.3.1/src/GrammarWriter.hpp Examining data/cg3-1.3.1/src/IGrammarParser.hpp Examining data/cg3-1.3.1/src/MatxinApplicator.cpp Examining data/cg3-1.3.1/src/MatxinApplicator.hpp Examining data/cg3-1.3.1/src/MweSplitApplicator.cpp Examining data/cg3-1.3.1/src/MweSplitApplicator.hpp Examining data/cg3-1.3.1/src/NicelineApplicator.cpp Examining data/cg3-1.3.1/src/NicelineApplicator.hpp Examining data/cg3-1.3.1/src/PlaintextApplicator.cpp Examining data/cg3-1.3.1/src/PlaintextApplicator.hpp Examining data/cg3-1.3.1/src/Reading.cpp Examining data/cg3-1.3.1/src/Reading.hpp Examining data/cg3-1.3.1/src/Relabeller.cpp Examining data/cg3-1.3.1/src/Relabeller.hpp Examining data/cg3-1.3.1/src/Rule.cpp Examining data/cg3-1.3.1/src/Rule.hpp Examining data/cg3-1.3.1/src/Set.cpp Examining data/cg3-1.3.1/src/Set.hpp Examining data/cg3-1.3.1/src/SingleWindow.cpp Examining data/cg3-1.3.1/src/SingleWindow.hpp Examining data/cg3-1.3.1/src/Strings.cpp Examining data/cg3-1.3.1/src/Strings.hpp Examining data/cg3-1.3.1/src/Tag.cpp Examining data/cg3-1.3.1/src/Tag.hpp Examining data/cg3-1.3.1/src/TagTrie.hpp Examining data/cg3-1.3.1/src/TextualParser.cpp Examining data/cg3-1.3.1/src/TextualParser.hpp Examining data/cg3-1.3.1/src/Window.cpp Examining data/cg3-1.3.1/src/Window.hpp Examining data/cg3-1.3.1/src/all_cg_comp.cpp Examining data/cg3-1.3.1/src/all_cg_conv.cpp Examining data/cg3-1.3.1/src/all_cg_proc.cpp Examining data/cg3-1.3.1/src/all_vislcg3.cpp Examining data/cg3-1.3.1/src/bloomish.hpp Examining data/cg3-1.3.1/src/cg-mwesplit.cpp Examining data/cg3-1.3.1/src/cg-relabel.cpp Examining data/cg3-1.3.1/src/cg3.h Examining data/cg3-1.3.1/src/cg_comp.cpp Examining data/cg3-1.3.1/src/cg_conv.cpp Examining data/cg3-1.3.1/src/cg_proc.cpp Examining data/cg3-1.3.1/src/flat_unordered_map.hpp Examining data/cg3-1.3.1/src/flat_unordered_set.hpp Examining data/cg3-1.3.1/src/icu_uoptions.cpp Examining data/cg3-1.3.1/src/inlines.hpp Examining data/cg3-1.3.1/src/interval_vector.hpp Examining data/cg3-1.3.1/src/libcg3.cpp Examining data/cg3-1.3.1/src/main.cpp Examining data/cg3-1.3.1/src/options.hpp Examining data/cg3-1.3.1/src/options_conv.hpp Examining data/cg3-1.3.1/src/parser_helpers.hpp Examining data/cg3-1.3.1/src/process.hpp Examining data/cg3-1.3.1/src/scoped_stack.hpp Examining data/cg3-1.3.1/src/sorted_vector.hpp Examining data/cg3-1.3.1/src/stdafx.hpp Examining data/cg3-1.3.1/src/streambuf.hpp Examining data/cg3-1.3.1/src/test_libcg3.c Examining data/cg3-1.3.1/src/uextras.cpp Examining data/cg3-1.3.1/src/uextras.hpp Examining data/cg3-1.3.1/src/version.hpp FINAL RESULTS: data/cg3-1.3.1/include/posix/popen_plus.cpp:84:9: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execv(_PATH_BSHELL, argv); data/cg3-1.3.1/include/posix/popen_plus.cpp:155:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(command); data/cg3-1.3.1/include/posix/popen_plus.cpp:165:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(command); data/cg3-1.3.1/include/posix/popen_plus.cpp:175:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(command); data/cg3-1.3.1/include/posix/popen_plus.cpp:185:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system(command); data/cg3-1.3.1/include/uoptions.hpp:144:57: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define uprv_strcpy(dst, src) U_STANDARD_CPP_NAMESPACE strcpy(dst, src) data/cg3-1.3.1/include/uoptions.hpp:149:56: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). #define uprv_strcat(dst, src) U_STANDARD_CPP_NAMESPACE strcat(dst, src) data/cg3-1.3.1/src/uextras.cpp:40:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, in); data/cg3-1.3.1/src/uextras.cpp:43:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, dir); data/cg3-1.3.1/include/win32/getopt.cpp:31:5: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int getopt(int argc, char **argv, const char *opts) { data/cg3-1.3.1/include/win32/getopt.h:10:5: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int getopt(int argc, char** argv, const char* opts); data/cg3-1.3.1/src/cg_proc.cpp:116:7: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "ds:f:tr:n1wvhz", long_options, &option_index); data/cg3-1.3.1/src/cg_proc.cpp:118:7: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt(argc, argv, "ds:f:tr:in1wvhz"); data/cg3-1.3.1/src/main.cpp:39:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(static_cast<uint32_t>(time(0))); data/cg3-1.3.1/include/cycle.h:493:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open ("/dev/mem", O_RDONLY | O_SYNC, 0); data/cg3-1.3.1/include/posix/popen_plus.cpp:35:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[4]; data/cg3-1.3.1/include/posix/popen_plus.cpp:152:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[64]; data/cg3-1.3.1/include/posix/popen_plus.cpp:154:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "kill -9 %d", process->pid); data/cg3-1.3.1/include/posix/popen_plus.cpp:162:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[64]; data/cg3-1.3.1/include/posix/popen_plus.cpp:164:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "kill -9 %d", process_id); data/cg3-1.3.1/include/posix/popen_plus.cpp:172:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[64]; data/cg3-1.3.1/include/posix/popen_plus.cpp:174:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "kill -TERM %d", process->pid); data/cg3-1.3.1/include/posix/popen_plus.cpp:182:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[64]; data/cg3-1.3.1/include/posix/popen_plus.cpp:184:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(command, "kill -TERM %d", process_id); data/cg3-1.3.1/include/win32/getopt.cpp:20:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[2];\ data/cg3-1.3.1/src/BinaryGrammar.cpp:61:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). input.open(filename, std::ios::binary); data/cg3-1.3.1/src/BinaryGrammar_read.cpp:165:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[sizeof(uint64_t) + sizeof(int32_t)] = {}; data/cg3-1.3.1/src/FSTApplicator.cpp:198:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/cg3-1.3.1/src/FSTApplicator.cpp:205:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. i = sprintf(buf, "%f", NUMERIC_MAX); data/cg3-1.3.1/src/FSTApplicator.cpp:210:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. i = sprintf(buf, "%f", weight); data/cg3-1.3.1/src/Set.cpp:50:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. size_t n = sprintf(&cbuffers[0][0], "_G_%u_%u_", line, to); data/cg3-1.3.1/src/cg-relabel.cpp:112:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* gout = fopen(argv[3], "wb"); data/cg3-1.3.1/src/cg_comp.cpp:68:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* input = fopen(argv[1], "rb"); data/cg3-1.3.1/src/cg_comp.cpp:108:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* gout = fopen(argv[2], "wb"); data/cg3-1.3.1/src/cg_proc.cpp:135:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). stream_format = atoi(optarg); data/cg3-1.3.1/src/cg_proc.cpp:150:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). sections = atoi(optarg); data/cg3-1.3.1/src/cg_proc.cpp:204:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* in = fopen(argv[optind], "rb"); data/cg3-1.3.1/src/inlines.hpp:547:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint32_t low = abs(atoi(comma)), high = low; data/cg3-1.3.1/src/inlines.hpp:552:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). high = abs(atoi(delim + 1)); data/cg3-1.3.1/src/main.cpp:197:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* input = fopen(options[GRAMMAR].value, "rb"); data/cg3-1.3.1/src/main.cpp:223:35: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint32_t verbosity_level = abs(atoi(options[VERBOSE].value)); data/cg3-1.3.1/src/main.cpp:371:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* gout = fopen(options[GRAMMAR_BIN].value, "wb"); data/cg3-1.3.1/src/main.cpp:463:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). applicator.section_max_count = abs(atoi(options[MAXRUNS].value)); data/cg3-1.3.1/src/main.cpp:473:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). applicator.valid_rules.push_back(atoi(options[RULE].value)); data/cg3-1.3.1/src/main.cpp:490:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). applicator.verbosity_level = abs(atoi(options[VERBOSE].value)); data/cg3-1.3.1/src/main.cpp:498:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). applicator.debug_level = abs(atoi(options[DODEBUG].value)); data/cg3-1.3.1/src/main.cpp:506:32: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). applicator.num_windows = abs(atoi(options[NUM_WINDOWS].value)); data/cg3-1.3.1/src/main.cpp:509:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). applicator.soft_limit = abs(atoi(options[SOFT_LIMIT].value)); data/cg3-1.3.1/src/main.cpp:512:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). applicator.hard_limit = abs(atoi(options[HARD_LIMIT].value)); data/cg3-1.3.1/src/main.cpp:516:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). applicator.dep_delimit = abs(atoi(options[DEP_DELIMIT].value)); data/cg3-1.3.1/src/uextras.cpp:32:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[32768] = { 0 }; data/cg3-1.3.1/src/uextras.cpp:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4]; data/cg3-1.3.1/src/uextras.cpp:188:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _buf8[size(_buf16) * 3]; data/cg3-1.3.1/src/uextras.cpp:246:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf8[5]; data/cg3-1.3.1/include/uoptions.hpp:145:63: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). #define uprv_strncpy(dst, src, size) U_STANDARD_CPP_NAMESPACE strncpy(dst, src, size) data/cg3-1.3.1/include/uoptions.hpp:146:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define uprv_strlen(str) U_STANDARD_CPP_NAMESPACE strlen(str) data/cg3-1.3.1/include/uoptions.hpp:150:60: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. #define uprv_strncat(dst, src, n) U_STANDARD_CPP_NAMESPACE strncat(dst, src, n) data/cg3-1.3.1/include/win32/getopt.cpp:22:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) fwrite(argv[0], (unsigned)strlen(argv[0]), 1, stderr);\ data/cg3-1.3.1/include/win32/getopt.cpp:23:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void) fwrite(s, (unsigned)strlen(s), 1, stderr);\ data/cg3-1.3.1/src/Cohort.cpp:165:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void Cohort::appendReading(Reading* read, ReadingList& readings) { data/cg3-1.3.1/src/Cohort.cpp:166:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readings.push_back(read); data/cg3-1.3.1/src/Cohort.cpp:173:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void Cohort::appendReading(Reading* read) { data/cg3-1.3.1/src/Cohort.cpp:174:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return appendReading(read, readings); data/cg3-1.3.1/src/Cohort.cpp:179:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readings.push_back(read); data/cg3-1.3.1/src/Cohort.cpp:184:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/cg3-1.3.1/src/Cohort.cpp:189:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). readings.push_back(read); data/cg3-1.3.1/src/Cohort.cpp:194:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/cg3-1.3.1/src/Cohort.hpp:86:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void appendReading(Reading* read, ReadingList& readings); data/cg3-1.3.1/src/Cohort.hpp:87:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void appendReading(Reading* read); data/cg3-1.3.1/src/GrammarApplicator.cpp:685:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). input.read(&buf[0], cs); data/cg3-1.3.1/src/TextualParser.cpp:2309:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read >= grammar_size * 2 - 1) { data/cg3-1.3.1/src/TextualParser.cpp:2582:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read >= result->grammar_size * 2 - 1) { data/cg3-1.3.1/src/cg-mwesplit.cpp:66:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(options[i].longName); data/cg3-1.3.1/src/cg-mwesplit.cpp:80:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t ldiff = longest - strlen(options[i].longName); data/cg3-1.3.1/src/cg-relabel.cpp:56:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!input.read(&cbuffers[0][0], 4)) { data/cg3-1.3.1/src/cg_conv.cpp:56:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(options[i].longName); data/cg3-1.3.1/src/cg_conv.cpp:70:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t ldiff = longest - strlen(options[i].longName); data/cg3-1.3.1/src/cg_conv.cpp:140:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). std::cin.read(&buf8[0], BUF_SIZE - 4); data/cg3-1.3.1/src/cg_conv.cpp:146:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!std::cin.read(&buf8[sz], 3 - i)) { data/cg3-1.3.1/src/cg_conv.cpp:154:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!std::cin.read(&buf8[sz], 2 - i)) { data/cg3-1.3.1/src/cg_conv.cpp:162:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!std::cin.read(&buf8[sz], 1 - i)) { data/cg3-1.3.1/src/cg_conv.cpp:236:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). auto sn = static_cast<int32_t>(strlen(options[MAPPING_PREFIX].value)); data/cg3-1.3.1/src/cg_conv.cpp:244:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). auto sn = static_cast<int32_t>(strlen(options[SUB_DELIMITER].value)); data/cg3-1.3.1/src/cg_conv.cpp:253:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). auto sn = static_cast<int32_t>(strlen(options[FST_WTAG].value)); data/cg3-1.3.1/src/cg_proc.cpp:144:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(optarg) + 1; data/cg3-1.3.1/src/inlines.hpp:170:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/cg3-1.3.1/src/inlines.hpp:400:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). stream.read(reinterpret_cast<char*>(&value), sizeof(T)); data/cg3-1.3.1/src/inlines.hpp:429:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). input.read(&buffer[0], len); data/cg3-1.3.1/src/inlines.hpp:499:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). stream.read(reinterpret_cast<char*>(&tmp), sizeof(T)); data/cg3-1.3.1/src/inlines.hpp:504:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). stream.read(reinterpret_cast<char*>(&tmp), sizeof(T)); data/cg3-1.3.1/src/inlines.hpp:509:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). stream.read(reinterpret_cast<char*>(&tmp), sizeof(T)); data/cg3-1.3.1/src/inlines.hpp:514:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). stream.read(reinterpret_cast<char*>(&tmp), sizeof(T)); data/cg3-1.3.1/src/inlines.hpp:672:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!stream.read(static_cast<char*>(buffer), size * count)) { data/cg3-1.3.1/src/libcg3.cpp:97:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!input.read(&cbuffers[0][0], 4)) { data/cg3-1.3.1/src/libcg3.cpp:502:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u_strFromUTF8(&gbuffers[0][0], CG3_BUFFER_SIZE - 1, 0, text, static_cast<int32_t>(strlen(text)), &status); data/cg3-1.3.1/src/libcg3.cpp:535:83: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u_strFromWCS(&gbuffers[0][0], CG3_BUFFER_SIZE - 1, 0, text, static_cast<int32_t>(wcslen(text)), &status); data/cg3-1.3.1/src/main.cpp:79:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(options[i].longName); data/cg3-1.3.1/src/main.cpp:93:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t ldiff = longest - strlen(options[i].longName); data/cg3-1.3.1/src/main.cpp:252:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sn = strlen(options[MAPPING_PREFIX].value); data/cg3-1.3.1/src/main.cpp:477:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sn = strlen(options[RULE].value); data/cg3-1.3.1/src/process.hpp:98:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(char *buffer, size_t count) { data/cg3-1.3.1/src/process.hpp:180:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void read(char *buffer, size_t count) { data/cg3-1.3.1/src/streambuf.hpp:45:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). auto c = fgetc(stream); data/cg3-1.3.1/src/streambuf.hpp:109:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). stream->read(s + i, count - i); data/cg3-1.3.1/src/uextras.cpp:46:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t tlen = strlen(tmp); data/cg3-1.3.1/src/uextras.cpp:101:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!input.read(buf + i, 3)) { data/cg3-1.3.1/src/uextras.cpp:107:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!input.read(buf + i, 2)) { data/cg3-1.3.1/src/uextras.cpp:113:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!input.read(buf + i, 1)) { ANALYSIS SUMMARY: Hits = 108 Lines analyzed = 29454 in approximately 0.72 seconds (40780 lines/second) Physical Source Lines of Code (SLOC) = 23771 Hits@level = [0] 58 [1] 54 [2] 40 [3] 5 [4] 9 [5] 0 Hits@level+ = [0+] 166 [1+] 108 [2+] 54 [3+] 14 [4+] 9 [5+] 0 Hits/KSLOC@level+ = [0+] 6.9833 [1+] 4.54335 [2+] 2.27168 [3+] 0.588953 [4+] 0.378613 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.