Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/fmtlib-6.1.2+ds/include/fmt/chrono.h
Examining data/fmtlib-6.1.2+ds/include/fmt/color.h
Examining data/fmtlib-6.1.2+ds/include/fmt/format-inl.h
Examining data/fmtlib-6.1.2+ds/include/fmt/ostream.h
Examining data/fmtlib-6.1.2+ds/include/fmt/posix.h
Examining data/fmtlib-6.1.2+ds/include/fmt/printf.h
Examining data/fmtlib-6.1.2+ds/include/fmt/ranges.h
Examining data/fmtlib-6.1.2+ds/include/fmt/compile.h
Examining data/fmtlib-6.1.2+ds/include/fmt/format.h
Examining data/fmtlib-6.1.2+ds/include/fmt/locale.h
Examining data/fmtlib-6.1.2+ds/include/fmt/core.h
Examining data/fmtlib-6.1.2+ds/src/format.cc
Examining data/fmtlib-6.1.2+ds/src/posix.cc
Examining data/fmtlib-6.1.2+ds/test/add-subdirectory-test/main.cc
Examining data/fmtlib-6.1.2+ds/test/chrono-test.cc
Examining data/fmtlib-6.1.2+ds/test/color-test.cc
Examining data/fmtlib-6.1.2+ds/test/cuda-test/cpp14.cc
Examining data/fmtlib-6.1.2+ds/test/custom-formatter-test.cc
Examining data/fmtlib-6.1.2+ds/test/find-package-test/main.cc
Examining data/fmtlib-6.1.2+ds/test/fuzzing/chrono_duration.cpp
Examining data/fmtlib-6.1.2+ds/test/fuzzing/fuzzer_common.h
Examining data/fmtlib-6.1.2+ds/test/fuzzing/main.cpp
Examining data/fmtlib-6.1.2+ds/test/fuzzing/named_arg.cpp
Examining data/fmtlib-6.1.2+ds/test/fuzzing/one_arg.cpp
Examining data/fmtlib-6.1.2+ds/test/fuzzing/sprintf.cpp
Examining data/fmtlib-6.1.2+ds/test/fuzzing/two_args.cpp
Examining data/fmtlib-6.1.2+ds/test/gtest-extra-test.cc
Examining data/fmtlib-6.1.2+ds/test/gtest-extra.cc
Examining data/fmtlib-6.1.2+ds/test/header-only-test.cc
Examining data/fmtlib-6.1.2+ds/test/header-only-test2.cc
Examining data/fmtlib-6.1.2+ds/test/posix-mock.h
Examining data/fmtlib-6.1.2+ds/test/posix-test.cc
Examining data/fmtlib-6.1.2+ds/test/printf-test.cc
Examining data/fmtlib-6.1.2+ds/test/scan.h
Examining data/fmtlib-6.1.2+ds/test/std-format-test.cc
Examining data/fmtlib-6.1.2+ds/test/util.cc
Examining data/fmtlib-6.1.2+ds/test/util.h
Examining data/fmtlib-6.1.2+ds/test/compile-test.cc
Examining data/fmtlib-6.1.2+ds/test/core-test.cc
Examining data/fmtlib-6.1.2+ds/test/format-impl-test.cc
Examining data/fmtlib-6.1.2+ds/test/grisu-test.cc
Examining data/fmtlib-6.1.2+ds/test/gtest-extra.h
Examining data/fmtlib-6.1.2+ds/test/locale-test.cc
Examining data/fmtlib-6.1.2+ds/test/mock-allocator.h
Examining data/fmtlib-6.1.2+ds/test/ostream-test.cc
Examining data/fmtlib-6.1.2+ds/test/posix-mock-test.cc
Examining data/fmtlib-6.1.2+ds/test/ranges-test.cc
Examining data/fmtlib-6.1.2+ds/test/scan-test.cc
Examining data/fmtlib-6.1.2+ds/test/test-assert.h
Examining data/fmtlib-6.1.2+ds/test/test-main.cc
Examining data/fmtlib-6.1.2+ds/test/assert-test.cc
Examining data/fmtlib-6.1.2+ds/test/format-test.cc
FINAL RESULTS:
data/fmtlib-6.1.2+ds/include/fmt/format-inl.h:64:24: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define FMT_SNPRINTF snprintf
data/fmtlib-6.1.2+ds/include/fmt/printf.h:175:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void printf(buffer<Char>& buf, basic_string_view<Char> format,
data/fmtlib-6.1.2+ds/include/fmt/printf.h:181:41: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
internal::truncating_iterator<OutputIt> printf(
data/fmtlib-6.1.2+ds/include/fmt/printf.h:188:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
using internal::printf; // For printing into memory_buffer.
data/fmtlib-6.1.2+ds/include/fmt/printf.h:598:32: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
inline std::basic_string<Char> vsprintf(
data/fmtlib-6.1.2+ds/include/fmt/printf.h:601:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buffer, to_string_view(format), args);
data/fmtlib-6.1.2+ds/include/fmt/printf.h:616:32: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
inline std::basic_string<Char> sprintf(const S& format, const Args&... args) {
data/fmtlib-6.1.2+ds/include/fmt/printf.h:618:10: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
return vsprintf(to_string_view(format), {make_format_args<context>(args...)});
data/fmtlib-6.1.2+ds/include/fmt/printf.h:622:12: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
inline int vfprintf(std::FILE* f, const S& format,
data/fmtlib-6.1.2+ds/include/fmt/printf.h:625:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buffer, to_string_view(format), args);
data/fmtlib-6.1.2+ds/include/fmt/printf.h:643:12: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
inline int fprintf(std::FILE* f, const S& format, const Args&... args) {
data/fmtlib-6.1.2+ds/include/fmt/printf.h:645:10: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
return vfprintf(f, to_string_view(format),
data/fmtlib-6.1.2+ds/include/fmt/printf.h:650:12: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
inline int vprintf(const S& format,
data/fmtlib-6.1.2+ds/include/fmt/printf.h:652:10: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
return vfprintf(stdout, to_string_view(format), args);
data/fmtlib-6.1.2+ds/include/fmt/printf.h:666:12: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
inline int printf(const S& format_str, const Args&... args) {
data/fmtlib-6.1.2+ds/include/fmt/printf.h:668:10: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
return vprintf(to_string_view(format_str),
data/fmtlib-6.1.2+ds/include/fmt/printf.h:673:12: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
inline int vfprintf(std::basic_ostream<Char>& os, const S& format,
data/fmtlib-6.1.2+ds/include/fmt/printf.h:676:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buffer, to_string_view(format), args);
data/fmtlib-6.1.2+ds/include/fmt/printf.h:685:33: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
typename ArgFormatter::iterator vprintf(internal::buffer<Char>& out,
data/fmtlib-6.1.2+ds/include/fmt/printf.h:703:12: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
inline int fprintf(std::basic_ostream<Char>& os, const S& format_str,
data/fmtlib-6.1.2+ds/include/fmt/printf.h:706:10: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
return vfprintf(os, to_string_view(format_str),
data/fmtlib-6.1.2+ds/test/printf-test.cc:41:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return fmt::sprintf(format, args...);
data/fmtlib-6.1.2+ds/test/printf-test.cc:45:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return fmt::sprintf(format, args...);
data/fmtlib-6.1.2+ds/test/printf-test.cc:51:35: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
EXPECT_EQ(expected_output, fmt::sprintf(make_positional(format), arg))
data/fmtlib-6.1.2+ds/test/printf-test.cc:55:27: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
EXPECT_EQ(L"test", fmt::sprintf(L"test"));
data/fmtlib-6.1.2+ds/test/printf-test.cc:64:24: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
EXPECT_EQ(L"%", fmt::sprintf(L"%%"));
data/fmtlib-6.1.2+ds/test/printf-test.cc:65:31: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
EXPECT_EQ(L"before %", fmt::sprintf(L"before %%"));
data/fmtlib-6.1.2+ds/test/printf-test.cc:66:30: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
EXPECT_EQ(L"% after", fmt::sprintf(L"%% after"));
data/fmtlib-6.1.2+ds/test/printf-test.cc:67:37: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
EXPECT_EQ(L"before % after", fmt::sprintf(L"before %% after"));
data/fmtlib-6.1.2+ds/test/printf-test.cc:68:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
EXPECT_EQ(L"%s", fmt::sprintf(L"%%s"));
data/fmtlib-6.1.2+ds/test/printf-test.cc:514:18: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
EXPECT_EQ(fmt::vsprintf("%d", args), "42");
data/fmtlib-6.1.2+ds/test/printf-test.cc:522:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
fmt::sprintf(s, args...);
data/fmtlib-6.1.2+ds/test/printf-test.cc:530:44: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
EXPECT_EQ("1000000000000000000000", fmt::sprintf("%.*f", -13, 1e21));
data/fmtlib-6.1.2+ds/test/printf-test.cc:537:45: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
EXPECT_EQ("[42] something happened", fmt::vsprintf("[%d] %s happened", args));
data/fmtlib-6.1.2+ds/test/printf-test.cc:541:18: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
fmt::vsprintf("[%d] %s happened", args2));
data/fmtlib-6.1.2+ds/test/printf-test.cc:545:18: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
fmt::vsprintf("[%d] %s happened",
data/fmtlib-6.1.2+ds/test/printf-test.cc:555:18: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
fmt::vsprintf(L"[%d] %s happened", args));
data/fmtlib-6.1.2+ds/test/printf-test.cc:559:18: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
fmt::vsprintf(L"[%d] %s happened", args2));
data/fmtlib-6.1.2+ds/test/printf-test.cc:563:18: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
fmt::vsprintf(L"[%d] %s happened",
data/fmtlib-6.1.2+ds/test/printf-test.cc:599:8: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fmt::vprintf<custom_printf_arg_formatter>(buffer, format_str, args);
data/fmtlib-6.1.2+ds/test/util.h:19:25: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define FMT_VSNPRINTF vsnprintf
data/fmtlib-6.1.2+ds/include/fmt/core.h:934:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(val.data, &arg, sizeof(arg));
data/fmtlib-6.1.2+ds/include/fmt/core.h:1354:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
mutable char data[sizeof(basic_format_arg<buffer_context<Char>>)];
data/fmtlib-6.1.2+ds/include/fmt/core.h:1360:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&arg, data, sizeof(basic_format_arg<Context>));
data/fmtlib-6.1.2+ds/include/fmt/format-inl.h:1131:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[max_format_size];
data/fmtlib-6.1.2+ds/include/fmt/format-inl.h:1257:16: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
int length = MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS, s.data(),
data/fmtlib-6.1.2+ds/include/fmt/format-inl.h:1261:12: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
length = MultiByteToWideChar(CP_UTF8, MB_ERR_INVALID_CHARS, s.data(), s_size,
data/fmtlib-6.1.2+ds/include/fmt/format.h:213:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[sizeof(u)];
data/fmtlib-6.1.2+ds/include/fmt/format.h:220:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char value[sizeof(void*)];
data/fmtlib-6.1.2+ds/include/fmt/format.h:723:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char reset_color[5];
data/fmtlib-6.1.2+ds/include/fmt/format.h:724:16: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t wreset_color[5];
data/fmtlib-6.1.2+ds/include/fmt/format.h:918:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[num_bits<UInt>() / BASE_BITS + 1];
data/fmtlib-6.1.2+ds/include/fmt/format.h:1442:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[4];
data/fmtlib-6.1.2+ds/include/fmt/format.h:2812:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
mutable char buffer_[buffer_size];
data/fmtlib-6.1.2+ds/src/format.cc:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[max_format_size];
data/fmtlib-6.1.2+ds/src/posix.cc:77:35: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FMT_RETRY_VAL(file_, FMT_SYSTEM(fopen(filename.c_str(), mode.c_str())),
data/fmtlib-6.1.2+ds/src/posix.cc:106:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FMT_RETRY(fd_, FMT_POSIX_CALL(open(path.c_str(), oflag, mode)));
data/fmtlib-6.1.2+ds/test/compile-test.cc:85:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32] = {0};
data/fmtlib-6.1.2+ds/test/compile-test.cc:89:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wbuffer[32] = {0};
data/fmtlib-6.1.2+ds/test/compile-test.cc:107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/fmtlib-6.1.2+ds/test/core-test.cc:146:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[10];
data/fmtlib-6.1.2+ds/test/core-test.cc:157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[123];
data/fmtlib-6.1.2+ds/test/core-test.cc:185:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[15];
data/fmtlib-6.1.2+ds/test/core-test.cc:200:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[19];
data/fmtlib-6.1.2+ds/test/core-test.cc:376:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[10];
data/fmtlib-6.1.2+ds/test/core-test.cc:407:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[100] = "some string";
data/fmtlib-6.1.2+ds/test/format-impl-test.cc:299:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[10];
data/fmtlib-6.1.2+ds/test/format-impl-test.cc:362:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/fmtlib-6.1.2+ds/test/format-test.cc:98:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buffer[100];
data/fmtlib-6.1.2+ds/test/format-test.cc:99:3: [2] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
swprintf(buffer, L"%Lg", value);
data/fmtlib-6.1.2+ds/test/format-test.cc:158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[10] = "123";
data/fmtlib-6.1.2+ds/test/format-test.cc:759:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_str[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:891:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[16] = {};
data/fmtlib-6.1.2+ds/test/format-test.cc:1074:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_str[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:1102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_str[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:1156:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_str[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:1244:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_str[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:1329:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_str[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:1407:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:1445:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:1483:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:1524:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:1549:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/fmtlib-6.1.2+ds/test/format-test.cc:1585:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:1749:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10] = {};
data/fmtlib-6.1.2+ds/test/format-test.cc:1801:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/format-test.cc:2143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4];
data/fmtlib-6.1.2+ds/test/format-test.cc:2167:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buffer[4];
data/fmtlib-6.1.2+ds/test/fuzzing/fuzzer_common.h:56:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&item, Data, sizeof(Item));
data/fmtlib-6.1.2+ds/test/fuzzing/named_arg.cpp:33:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(argnamebuffer.data(), Data, argsize);
data/fmtlib-6.1.2+ds/test/fuzzing/named_arg.cpp:44:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(fmtstringbuffer.data(), Data, Size);
data/fmtlib-6.1.2+ds/test/fuzzing/one_arg.cpp:29:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(fmtstringbuffer.data(), Data, Size);
data/fmtlib-6.1.2+ds/test/fuzzing/one_arg.cpp:56:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(fmtstringbuffer.data(), Data, Size);
data/fmtlib-6.1.2+ds/test/gtest-extra.cc:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/ostream-test.cc:226:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4];
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:66:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int test::open(const char* path, int oflag, int mode) {
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:67:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EMULATE_EINTR(open, -1);
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:68:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return ::open(path, oflag, mode);
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:73:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EMULATE_EINTR(open, EINTR);
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:161:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* test::fopen(const char* filename, const char* mode) {
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:162:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EMULATE_EINTR(fopen, nullptr);
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:163:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return ::fopen(filename, mode);
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:220:57: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EXPECT_RETRY(f.reset(new file("test", file::RDONLY)), open,
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:287:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[SIZE];
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:304:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[SIZE + 1];
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:390:57: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
EXPECT_RETRY(f.reset(new buffered_file("test", "r")), fopen,
data/fmtlib-6.1.2+ds/test/posix-mock.h:31:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open(const char* path, int oflag, int mode);
data/fmtlib-6.1.2+ds/test/posix-mock.h:62:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fopen(const char* filename, const char* mode);
data/fmtlib-6.1.2+ds/test/printf-test.cc:189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/printf-test.cc:253:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/printf-test.cc:405:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/printf-test.cc:498:55: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
TEST(PrintfTest, WideString) { EXPECT_EQ(L"abc", fmt::sprintf(L"%s", L"abc")); }
data/fmtlib-6.1.2+ds/test/ranges-test.cc:104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/fmtlib-6.1.2+ds/test/util.cc:26:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/fmtlib-6.1.2+ds/test/util.h:47:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return std::fopen(filename, mode);
data/fmtlib-6.1.2+ds/include/fmt/chrono.h:880:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
facet.put(os, os, ' ', &time, format, format + std::strlen(format));
data/fmtlib-6.1.2+ds/include/fmt/color.h:415:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return buffer + std::strlen(buffer);
data/fmtlib-6.1.2+ds/include/fmt/format-inl.h:109:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (message == buffer_ && strlen(buffer_) == buffer_size_ - 1)
data/fmtlib-6.1.2+ds/include/fmt/format-inl.h:123:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return result == 0 && strlen(buffer_) == buffer_size_ - 1 ? ERANGE
data/fmtlib-6.1.2+ds/include/fmt/posix.h:245:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FMT_API std::size_t read(void* buffer, std::size_t count);
data/fmtlib-6.1.2+ds/src/posix.cc:154:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::size_t file::read(void* buffer, std::size_t count) {
data/fmtlib-6.1.2+ds/src/posix.cc:156:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
FMT_RETRY(result, FMT_POSIX_CALL(read(fd_, buffer, convert_rwcount(count))));
data/fmtlib-6.1.2+ds/test/chrono-test.cc:46:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
facet.put(os, os, ' ', &time, spec, spec + std::strlen(spec));
data/fmtlib-6.1.2+ds/test/core-test.cc:62:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return std::copy_n(test, std::strlen(test), ctx.out());
data/fmtlib-6.1.2+ds/test/core-test.cc:408:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EXPECT_EQ(std::strlen(str), string_view(str).size());
data/fmtlib-6.1.2+ds/test/core-test.cc:409:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EXPECT_LT(std::strlen(str), sizeof(str));
data/fmtlib-6.1.2+ds/test/format-impl-test.cc:379:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t message_size = std::strlen(message);
data/fmtlib-6.1.2+ds/test/format-test.cc:1078:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t size = std::strlen(format_str);
data/fmtlib-6.1.2+ds/test/format-test.cc:1106:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t size = std::strlen(format_str);
data/fmtlib-6.1.2+ds/test/format-test.cc:1160:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t size = std::strlen(format_str);
data/fmtlib-6.1.2+ds/test/format-test.cc:1248:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::size_t size = std::strlen(format_str);
data/fmtlib-6.1.2+ds/test/format-test.cc:2462:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
FMT_CONSTEXPR bool equal(const char* s1, const char* s2) {
data/fmtlib-6.1.2+ds/test/format-test.cc:2476:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal(actual_error, expected_error);
data/fmtlib-6.1.2+ds/test/fuzzing/main.cpp:17:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(buf.data(), static_cast<long>(buf.size()));
data/fmtlib-6.1.2+ds/test/gtest-extra.cc:62:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = read_end_.read(buffer, BUFFER_SIZE);
data/fmtlib-6.1.2+ds/test/gtest-extra.cc:69:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::string read(file& f, std::size_t count) {
data/fmtlib-6.1.2+ds/test/gtest-extra.cc:73:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = f.read(&buffer[offset], count - offset);
data/fmtlib-6.1.2+ds/test/gtest-extra.h:140:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::string read(fmt::file& f, std::size_t count);
data/fmtlib-6.1.2+ds/test/gtest-extra.h:143:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
EXPECT_EQ(expected_content, read(file, std::strlen(expected_content)))
data/fmtlib-6.1.2+ds/test/gtest-extra.h:143:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EXPECT_EQ(expected_content, read(file, std::strlen(expected_content)))
data/fmtlib-6.1.2+ds/test/ostream-test.cc:142:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer.append(foo, foo + std::strlen(foo));
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:137:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
test::ssize_t test::read(int fildes, void* buf, test::size_t nbyte) {
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:139:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
EMULATE_EINTR(read, -1);
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:140:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return ::FMT_POSIX(read(fildes, buf, nbyte));
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:224:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->read(&c, 1);
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:289:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
EXPECT_RETRY(count = read_end.read(buffer, SIZE), read,
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:289:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
EXPECT_RETRY(count = read_end.read(buffer, SIZE), read,
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:305:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read_end.read(buffer, SIZE);
data/fmtlib-6.1.2+ds/test/posix-mock-test.cc:320:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
EXPECT_THROW(read_end.read(&c, size), fmt::system_error);
data/fmtlib-6.1.2+ds/test/posix-mock.h:53:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read(int fildes, void* buf, size_t nbyte);
data/fmtlib-6.1.2+ds/test/posix-test.cc:30:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return FMT_POSIX(read(fd, &buffer, 1)) == 1;
data/fmtlib-6.1.2+ds/test/posix-test.cc:36:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
SUPPRESS_ASSERT(result = FMT_POSIX(read(fd, &buffer, 1)));
data/fmtlib-6.1.2+ds/test/posix-test.cc:44:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write_end.write(FILE_CONTENT, std::strlen(FILE_CONTENT));
data/fmtlib-6.1.2+ds/test/posix-test.cc:293:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
EXPECT_SYSTEM_ERROR(f.read(&buf, 1), EBADF, "cannot read from file");
data/fmtlib-6.1.2+ds/test/posix-test.cc:315:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
EXPECT_EQ(FILE_CONTENT, read(copy, std::strlen(FILE_CONTENT)));
data/fmtlib-6.1.2+ds/test/posix-test.cc:315:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EXPECT_EQ(FILE_CONTENT, read(copy, std::strlen(FILE_CONTENT)));
data/fmtlib-6.1.2+ds/test/scan.h:166:15: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
!std::equal(begin, end, make_checked(it, size))) {
data/fmtlib-6.1.2+ds/test/util.cc:12:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (int i = static_cast<int>(std::strlen(s)) - 1; i >= 0; --i) {
data/fmtlib-6.1.2+ds/test/util.cc:39:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write_end.write(FILE_CONTENT, std::strlen(FILE_CONTENT));
ANALYSIS SUMMARY:
Hits = 160
Lines analyzed = 19585 in approximately 0.59 seconds (33430 lines/second)
Physical Source Lines of Code (SLOC) = 15380
Hits@level = [0] 23 [1] 44 [2] 75 [3] 0 [4] 41 [5] 0
Hits@level+ = [0+] 183 [1+] 160 [2+] 116 [3+] 41 [4+] 41 [5+] 0
Hits/KSLOC@level+ = [0+] 11.8986 [1+] 10.4031 [2+] 7.54226 [3+] 2.6658 [4+] 2.6658 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.