stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/jsmn-1.1.0/example/jsondump.c
Examining data/jsmn-1.1.0/example/simple.c
Examining data/jsmn-1.1.0/jsmn.h
Examining data/jsmn-1.1.0/test/test.h
Examining data/jsmn-1.1.0/test/tests.c
Examining data/jsmn-1.1.0/test/testutil.h

FINAL RESULTS:

data/jsmn-1.1.0/example/jsondump.c:77:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[BUFSIZ];
data/jsmn-1.1.0/test/tests.c:161:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(toklarge, toksmall, sizeof(toksmall));
data/jsmn-1.1.0/example/jsondump.c:113:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(js + jslen, buf, r);
data/jsmn-1.1.0/example/simple.c:16:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (tok->type == JSMN_STRING && (int)strlen(s) == tok->end - tok->start &&
data/jsmn-1.1.0/example/simple.c:30:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  r = jsmn_parse(&p, JSON_STRING, strlen(JSON_STRING), t,
data/jsmn-1.1.0/test/tests.c:107:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (i = 1; i <= strlen(js); i++) {
data/jsmn-1.1.0/test/tests.c:109:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (i == strlen(js)) {
data/jsmn-1.1.0/test/tests.c:130:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (i = 1; i <= strlen(js); i++) {
data/jsmn-1.1.0/test/tests.c:132:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (i == strlen(js)) {
data/jsmn-1.1.0/test/tests.c:158:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    r = jsmn_parse(&p, js, strlen(js), toksmall, i);
data/jsmn-1.1.0/test/tests.c:163:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    r = jsmn_parse(&p, js, strlen(js), toklarge, 10);
data/jsmn-1.1.0/test/tests.c:182:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  r = jsmn_parse(&p, js, strlen(js), tok, 10);
data/jsmn-1.1.0/test/tests.c:208:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  r = jsmn_parse(&p, js, strlen(js), tokens, 128);
data/jsmn-1.1.0/test/tests.c:242:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  check(jsmn_parse(&p, js, strlen(js), NULL, 0) == 1);
data/jsmn-1.1.0/test/tests.c:246:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  check(jsmn_parse(&p, js, strlen(js), NULL, 0) == 1);
data/jsmn-1.1.0/test/tests.c:250:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  check(jsmn_parse(&p, js, strlen(js), NULL, 0) == 2);
data/jsmn-1.1.0/test/tests.c:254:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  check(jsmn_parse(&p, js, strlen(js), NULL, 0) == 3);
data/jsmn-1.1.0/test/tests.c:258:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  check(jsmn_parse(&p, js, strlen(js), NULL, 0) == 3);
data/jsmn-1.1.0/test/tests.c:262:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  check(jsmn_parse(&p, js, strlen(js), NULL, 0) == 7);
data/jsmn-1.1.0/test/tests.c:266:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  check(jsmn_parse(&p, js, strlen(js), NULL, 0) == 5);
data/jsmn-1.1.0/test/tests.c:270:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  check(jsmn_parse(&p, js, strlen(js), NULL, 0) == 5);
data/jsmn-1.1.0/test/tests.c:274:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  check(jsmn_parse(&p, js, strlen(js), NULL, 0) == 4);
data/jsmn-1.1.0/test/tests.c:278:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  check(jsmn_parse(&p, js, strlen(js), NULL, 0) == 7);
data/jsmn-1.1.0/test/testutil.h:52:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(value) != (unsigned long)(t[i].end - t[i].start) ||
data/jsmn-1.1.0/test/testutil.h:81:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  r = jsmn_parse(&p, s, strlen(s), t, numtok);

ANALYSIS SUMMARY:

Hits = 25
Lines analyzed = 1165 in approximately 0.14 seconds (8527 lines/second)
Physical Source Lines of Code (SLOC) = 929
Hits@level = [0]  31 [1]  23 [2]   2 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  56 [1+]  25 [2+]   2 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 60.2799 [1+] 26.9107 [2+] 2.15285 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.