Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gr-rds-3.8.0.0.f1c584a/include/rds/api.h
Examining data/gr-rds-3.8.0.0.f1c584a/include/rds/decoder.h
Examining data/gr-rds-3.8.0.0.f1c584a/include/rds/encoder.h
Examining data/gr-rds-3.8.0.0.f1c584a/include/rds/parser.h
Examining data/gr-rds-3.8.0.0.f1c584a/lib/constants.h
Examining data/gr-rds-3.8.0.0.f1c584a/lib/decoder_impl.cc
Examining data/gr-rds-3.8.0.0.f1c584a/lib/decoder_impl.h
Examining data/gr-rds-3.8.0.0.f1c584a/lib/encoder_impl.cc
Examining data/gr-rds-3.8.0.0.f1c584a/lib/encoder_impl.h
Examining data/gr-rds-3.8.0.0.f1c584a/lib/parser_impl.cc
Examining data/gr-rds-3.8.0.0.f1c584a/lib/parser_impl.h
Examining data/gr-rds-3.8.0.0.f1c584a/lib/tmc_locations_italy.h
Examining data/gr-rds-3.8.0.0.f1c584a/lib/tmc_events.h
FINAL RESULTS:
data/gr-rds-3.8.0.0.f1c584a/lib/decoder_impl.cc:86:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[12];
data/gr-rds-3.8.0.0.f1c584a/lib/decoder_impl.h:49:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char offset_chars[4]; // [ABCcDEx] (x=error)
data/gr-rds-3.8.0.0.f1c584a/lib/encoder_impl.cc:268:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(radiotext, text.c_str(), len);
data/gr-rds-3.8.0.0.f1c584a/lib/encoder_impl.cc:276:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(PS, ps.c_str(), len);
data/gr-rds-3.8.0.0.f1c584a/lib/encoder_impl.cc:471:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[13]; // 13*8=104
data/gr-rds-3.8.0.0.f1c584a/lib/encoder_impl.cc:493:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *out = (unsigned char *) output_items[0];
data/gr-rds-3.8.0.0.f1c584a/lib/encoder_impl.h:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char radiotext[64];
data/gr-rds-3.8.0.0.f1c584a/lib/encoder_impl.h:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PS[8];
data/gr-rds-3.8.0.0.f1c584a/lib/parser_impl.cc:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flagstring[8] = "0000000";
data/gr-rds-3.8.0.0.f1c584a/lib/parser_impl.cc:481:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ps_on[8] = {' ',' ',' ',' ',' ',' ',' ',' '};
data/gr-rds-3.8.0.0.f1c584a/lib/parser_impl.h:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char radiotext[65];
data/gr-rds-3.8.0.0.f1c584a/lib/parser_impl.h:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char program_service_name[9];
ANALYSIS SUMMARY:
Hits = 12
Lines analyzed = 19192 in approximately 0.92 seconds (20842 lines/second)
Physical Source Lines of Code (SLOC) = 18613
Hits@level = [0] 2 [1] 0 [2] 12 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 14 [1+] 12 [2+] 12 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.752162 [1+] 0.644711 [2+] 0.644711 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.