Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/fasttext-0.9.2/scripts/kbcompletion/eval.cpp
Examining data/fasttext-0.9.2/src/dictionary.h
Examining data/fasttext-0.9.2/src/matrix.h
Examining data/fasttext-0.9.2/src/vector.h
Examining data/fasttext-0.9.2/src/real.h
Examining data/fasttext-0.9.2/src/densematrix.cc
Examining data/fasttext-0.9.2/src/utils.h
Examining data/fasttext-0.9.2/src/productquantizer.h
Examining data/fasttext-0.9.2/src/utils.cc
Examining data/fasttext-0.9.2/src/autotune.h
Examining data/fasttext-0.9.2/src/args.h
Examining data/fasttext-0.9.2/src/meter.h
Examining data/fasttext-0.9.2/src/args.cc
Examining data/fasttext-0.9.2/src/productquantizer.cc
Examining data/fasttext-0.9.2/src/fasttext.cc
Examining data/fasttext-0.9.2/src/fasttext.h
Examining data/fasttext-0.9.2/src/model.cc
Examining data/fasttext-0.9.2/src/matrix.cc
Examining data/fasttext-0.9.2/src/vector.cc
Examining data/fasttext-0.9.2/src/quantmatrix.h
Examining data/fasttext-0.9.2/src/autotune.cc
Examining data/fasttext-0.9.2/src/densematrix.h
Examining data/fasttext-0.9.2/src/dictionary.cc
Examining data/fasttext-0.9.2/src/meter.cc
Examining data/fasttext-0.9.2/src/quantmatrix.cc
Examining data/fasttext-0.9.2/src/main.cc
Examining data/fasttext-0.9.2/src/loss.cc
Examining data/fasttext-0.9.2/src/model.h
Examining data/fasttext-0.9.2/src/loss.h
Examining data/fasttext-0.9.2/webassembly/fasttext_wasm.cc
Examining data/fasttext-0.9.2/python/fasttext_module/fasttext/pybind/fasttext_pybind.cc
Examining data/fasttext-0.9.2/crawl/dedup.cc
Examining data/fasttext-0.9.2/crawl/filter_utf8.cc
FINAL RESULTS:
data/fasttext-0.9.2/scripts/kbcompletion/eval.cpp:49:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (argc == 5) { k = atoi(argv[4]);}
data/fasttext-0.9.2/src/main.cc:234:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open(infile);
data/fasttext-0.9.2/src/productquantizer.cc:123:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(centroids + k * d, centroids + m * d, sizeof(real) * d);
data/fasttext-0.9.2/src/productquantizer.cc:140:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&c[i * d], x + perm[i] * d, d * sizeof(real));
data/fasttext-0.9.2/src/productquantizer.cc:168:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/fasttext-0.9.2/src/args.cc:342:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&(dim), sizeof(int));
data/fasttext-0.9.2/src/args.cc:343:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&(ws), sizeof(int));
data/fasttext-0.9.2/src/args.cc:344:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&(epoch), sizeof(int));
data/fasttext-0.9.2/src/args.cc:345:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&(minCount), sizeof(int));
data/fasttext-0.9.2/src/args.cc:346:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&(neg), sizeof(int));
data/fasttext-0.9.2/src/args.cc:347:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&(wordNgrams), sizeof(int));
data/fasttext-0.9.2/src/args.cc:348:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&(loss), sizeof(loss_name));
data/fasttext-0.9.2/src/args.cc:349:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&(model), sizeof(model_name));
data/fasttext-0.9.2/src/args.cc:350:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&(bucket), sizeof(int));
data/fasttext-0.9.2/src/args.cc:351:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&(minn), sizeof(int));
data/fasttext-0.9.2/src/args.cc:352:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&(maxn), sizeof(int));
data/fasttext-0.9.2/src/args.cc:353:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&(lrUpdateRate), sizeof(int));
data/fasttext-0.9.2/src/args.cc:354:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&(t), sizeof(double));
data/fasttext-0.9.2/src/densematrix.cc:156:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&m_, sizeof(int64_t));
data/fasttext-0.9.2/src/densematrix.cc:157:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&n_, sizeof(int64_t));
data/fasttext-0.9.2/src/densematrix.cc:159:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)data_.data(), m_ * n_ * sizeof(real));
data/fasttext-0.9.2/src/dictionary.cc:452:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&size_, sizeof(int32_t));
data/fasttext-0.9.2/src/dictionary.cc:453:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&nwords_, sizeof(int32_t));
data/fasttext-0.9.2/src/dictionary.cc:454:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&nlabels_, sizeof(int32_t));
data/fasttext-0.9.2/src/dictionary.cc:455:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&ntokens_, sizeof(int64_t));
data/fasttext-0.9.2/src/dictionary.cc:456:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&pruneidx_size_, sizeof(int64_t));
data/fasttext-0.9.2/src/dictionary.cc:463:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&e.count, sizeof(int64_t));
data/fasttext-0.9.2/src/dictionary.cc:464:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&e.type, sizeof(entry_type));
data/fasttext-0.9.2/src/dictionary.cc:471:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&first, sizeof(int32_t));
data/fasttext-0.9.2/src/dictionary.cc:472:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&second, sizeof(int32_t));
data/fasttext-0.9.2/src/fasttext.cc:174:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&(magic), sizeof(int32_t));
data/fasttext-0.9.2/src/fasttext.cc:178:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&(version), sizeof(int32_t));
data/fasttext-0.9.2/src/fasttext.cc:251:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&quant_input, sizeof(bool));
data/fasttext-0.9.2/src/fasttext.cc:265:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&args_->qout, sizeof(bool));
data/fasttext-0.9.2/src/productquantizer.cc:241:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&dim_, sizeof(dim_));
data/fasttext-0.9.2/src/productquantizer.cc:242:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&nsubq_, sizeof(nsubq_));
data/fasttext-0.9.2/src/productquantizer.cc:243:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&dsub_, sizeof(dsub_));
data/fasttext-0.9.2/src/productquantizer.cc:244:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&lastdsub_, sizeof(lastdsub_));
data/fasttext-0.9.2/src/productquantizer.cc:247:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)¢roids_[i], sizeof(real));
data/fasttext-0.9.2/src/quantmatrix.cc:97:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&qnorm_, sizeof(qnorm_));
data/fasttext-0.9.2/src/quantmatrix.cc:98:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&m_, sizeof(m_));
data/fasttext-0.9.2/src/quantmatrix.cc:99:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&n_, sizeof(n_));
data/fasttext-0.9.2/src/quantmatrix.cc:100:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)&codesize_, sizeof(codesize_));
data/fasttext-0.9.2/src/quantmatrix.cc:102:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)codes_.data(), codesize_ * sizeof(uint8_t));
data/fasttext-0.9.2/src/quantmatrix.cc:107:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read((char*)norm_codes_.data(), m_ * sizeof(uint8_t));
ANALYSIS SUMMARY:
Hits = 45
Lines analyzed = 6484 in approximately 0.21 seconds (30840 lines/second)
Physical Source Lines of Code (SLOC) = 5458
Hits@level = [0] 0 [1] 40 [2] 5 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 45 [1+] 45 [2+] 5 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 8.24478 [1+] 8.24478 [2+] 0.916086 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.