Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gluegen2-2.3.2/test/junit/com/jogamp/gluegen/struct.h
Examining data/gluegen2-2.3.2/test/native/cross-android-armv7-tst1/arm-gcc-test.c
Examining data/gluegen2-2.3.2/test/native/cross-android-armv7-tst1/hello-java.c
Examining data/gluegen2-2.3.2/test/native/cross-android-armv7-tst1/hello-fp.c
Examining data/gluegen2-2.3.2/test/native/sizeof_dump.c
Examining data/gluegen2-2.3.2/test/native/alignment_test.c
Examining data/gluegen2-2.3.2/test/native/cross-ubuntu-armv7-tst1/arm-gcc-test.c
Examining data/gluegen2-2.3.2/test/issue7.h
Examining data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/pcpptest.h
Examining data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.c
Examining data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1-gluegen.c
Examining data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.h
Examining data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/structgen/TestStruct02.h
Examining data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/structgen/TestStruct01.h
Examining data/gluegen2-2.3.2/src/native/windows/WindowsDynamicLinkerImpl_JNI.c
Examining data/gluegen2-2.3.2/src/native/common/JVMUtil.c
Examining data/gluegen2-2.3.2/src/native/common/JarUtil.c
Examining data/gluegen2-2.3.2/src/native/common/PointerBuffer.c
Examining data/gluegen2-2.3.2/src/native/common/MachineDataInfoRuntime.c
Examining data/gluegen2-2.3.2/src/native/common/Platforms.c
Examining data/gluegen2-2.3.2/src/native/unix/UnixDynamicLinkerImpl_JNI.c
Examining data/gluegen2-2.3.2/src/native/tinype/tiny.c
Examining data/gluegen2-2.3.2/src/native/tinype/tiny2.c
Examining data/gluegen2-2.3.2/doc/manual/example4/function.c
Examining data/gluegen2-2.3.2/doc/manual/example4/function.h
Examining data/gluegen2-2.3.2/doc/manual/example5/function.c
Examining data/gluegen2-2.3.2/doc/manual/example5/function.h
Examining data/gluegen2-2.3.2/doc/manual/example3/function.h
Examining data/gluegen2-2.3.2/doc/manual/example2/function.c
Examining data/gluegen2-2.3.2/doc/manual/example2/function.h
Examining data/gluegen2-2.3.2/doc/manual/example6/function.h
Examining data/gluegen2-2.3.2/doc/manual/example7/function.h
Examining data/gluegen2-2.3.2/doc/manual/example1/function.c
Examining data/gluegen2-2.3.2/doc/manual/example1/function.h
Examining data/gluegen2-2.3.2/make/stub_includes/platform/gluegen_types.h
Examining data/gluegen2-2.3.2/make/stub_includes/platform/gluegen_inttypes.h
Examining data/gluegen2-2.3.2/make/stub_includes/platform/gluegen_stdint.h
Examining data/gluegen2-2.3.2/make/stub_includes/platform/gluegen_stddef.h
Examining data/gluegen2-2.3.2/make/stub_includes/platform/glibc-compat-symbols.h
Examining data/gluegen2-2.3.2/make/stub_includes/gluegen/stdarg.h
Examining data/gluegen2-2.3.2/make/stub_includes/gluegen/inttypes.h
Examining data/gluegen2-2.3.2/make/stub_includes/gluegen/stdio.h
Examining data/gluegen2-2.3.2/make/stub_includes/gluegen/gluegen_types.h
Examining data/gluegen2-2.3.2/make/stub_includes/gluegen/gluegen_inttypes.h
Examining data/gluegen2-2.3.2/make/stub_includes/gluegen/stddef.h
Examining data/gluegen2-2.3.2/make/stub_includes/gluegen/stdint.h
Examining data/gluegen2-2.3.2/make/stub_includes/gluegen/gluegen_stdint.h
Examining data/gluegen2-2.3.2/make/stub_includes/gluegen/gluegen_stddef.h
Examining data/gluegen2-2.3.2/make/stub_includes/os/elf_header.h
Examining data/gluegen2-2.3.2/make/stub_includes/os/elf_sh_const.h
Examining data/gluegen2-2.3.2/make/stub_includes/os/elf_eh_const.h
Examining data/gluegen2-2.3.2/make/stub_includes/jni/jni.h
Examining data/gluegen2-2.3.2/make/stub_includes/jni/macosx/jni_md.h
Examining data/gluegen2-2.3.2/make/stub_includes/jni/macosx/jawt_md.h
Examining data/gluegen2-2.3.2/make/stub_includes/jni/x11/jni_md.h
Examining data/gluegen2-2.3.2/make/stub_includes/jni/x11/jawt_md.h
Examining data/gluegen2-2.3.2/make/stub_includes/jni/win32/jni_md.h
Examining data/gluegen2-2.3.2/make/stub_includes/jni/win32/jawt_md.h
Examining data/gluegen2-2.3.2/make/stub_includes/jni/jawt.h
Examining data/gluegen2-2.3.2/jcpp/src/test/resources/once.c
Examining data/gluegen2-2.3.2/jcpp/src/test/resources/trigraph.c
Examining data/gluegen2-2.3.2/jcpp/src/test/resources/varargs.c
Examining data/gluegen2-2.3.2/jcpp/src/test/resources/test0.c
Examining data/gluegen2-2.3.2/jcpp/src/test/resources/test1.c
Examining data/gluegen2-2.3.2/jcpp/src/test/resources/absolute.h
Examining data/gluegen2-2.3.2/jcpp/src/test/resources/test0.h
Examining data/gluegen2-2.3.2/jcpp/src/test/resources/once.h
Examining data/gluegen2-2.3.2/jcpp/src/test/resources/test1.h
FINAL RESULTS:
data/gluegen2-2.3.2/src/native/unix/UnixDynamicLinkerImpl_JNI.c:30:33: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DBG_PRINT(...) fprintf(stderr, __VA_ARGS__); fflush(stderr)
data/gluegen2-2.3.2/make/stub_includes/os/elf_header.h:14:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e_ident[16];
data/gluegen2-2.3.2/make/stub_includes/platform/glibc-compat-symbols.h:20:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
GLIBC_COMPAT_SYMBOL(memcpy)
data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.c:275:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(str);
data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.c:279:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char singleton[200];
data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.c:620:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MYAPI int MYAPIENTRY rgbaToInt(const char rgba[4]) {
data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.c:626:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MYAPI void MYAPIENTRY intToRgba(int irgba, char rgbaSink[4]) {
data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.c:635:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MYAPI void MYAPIENTRY addByte(const char summands[2], char result[1]) {
data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.c:635:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MYAPI void MYAPIENTRY addByte(const char summands[2], char result[1]) {
data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.h:429:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef int (MYAPIENTRY* PFNRGBATOINTPROC)(const char rgba[4]);
data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.h:430:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef void (MYAPIENTRY* PFNINTTORGBAPROC)(int irgba, char rgbaSink[4]);
data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.h:431:49: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef void (MYAPIENTRY* PFNADDBYTEPROC)(const char summands[2], char result[1]);
data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.h:431:67: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef void (MYAPIENTRY* PFNADDBYTEPROC)(const char summands[2], char result[1]);
data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.h:435:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MYAPI int MYAPIENTRY rgbaToInt(const char rgba[4]);
data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.h:436:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MYAPI void MYAPIENTRY intToRgba(int irgba, char rgbaSink[4]);
data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.h:438:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MYAPI void MYAPIENTRY addByte(const char summands[2], char result[1]);
data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.h:438:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
MYAPI void MYAPIENTRY addByte(const char summands[2], char result[1]);
data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.h:465:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char modelNameArrayFixedLen[12]; /* 'Hello Array' len=11+1 */
data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.h:497:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char modelNameArrayFixedLen[12]; /* 'Hello Array' len=11+1 */
data/gluegen2-2.3.2/doc/manual/example3/function.h:4:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t strlen(const char* str);
data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.c:289:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l+=strlen(strings[i]);
data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.c:715:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(s->modelNameArrayFixedLen, "Hello Array", sizeof(s->modelNameArrayFixedLen));
data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.c:718:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(s->modelNamePointerCString, "Hello CString", 13+1);
data/gluegen2-2.3.2/src/junit/com/jogamp/gluegen/test/junit/generation/test1.c:721:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(s->modelNamePointerCustomLen, "Hello Pointer", 13+1);
ANALYSIS SUMMARY:
Hits = 24
Lines analyzed = 5787 in approximately 0.28 seconds (20773 lines/second)
Physical Source Lines of Code (SLOC) = 4469
Hits@level = [0] 132 [1] 5 [2] 18 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 156 [1+] 24 [2+] 19 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 34.9071 [1+] 5.37033 [2+] 4.25151 [3+] 0.223764 [4+] 0.223764 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.