stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libblocksruntime-0.4.1/Block_private.h
Examining data/libblocksruntime-0.4.1/config2.h
Examining data/libblocksruntime-0.4.1/test/main.c
Examining data/libblocksruntime-0.4.1/Block.h
Examining data/libblocksruntime-0.4.1/runtime.c
Examining data/libblocksruntime-0.4.1/data.c

FINAL RESULTS:

data/libblocksruntime-0.4.1/runtime.c:456:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buffer[512];
data/libblocksruntime-0.4.1/runtime.c:459:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(cp, "NULL passed to _Block_dump\n");
data/libblocksruntime-0.4.1/runtime.c:466:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    cp += sprintf(cp, "^%p (new layout) =\n", (void *)closure);
data/libblocksruntime-0.4.1/runtime.c:467:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    cp += sprintf(cp, "flags:");
data/libblocksruntime-0.4.1/runtime.c:469:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        cp += sprintf(cp, " HASDESCRIPTOR");
data/libblocksruntime-0.4.1/runtime.c:472:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        cp += sprintf(cp, " FREEME");
data/libblocksruntime-0.4.1/runtime.c:475:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        cp += sprintf(cp, " ISGC");
data/libblocksruntime-0.4.1/runtime.c:478:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        cp += sprintf(cp, " HASHELP");
data/libblocksruntime-0.4.1/runtime.c:481:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        cp += sprintf(cp, " HASCTOR");
data/libblocksruntime-0.4.1/runtime.c:483:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    cp += sprintf(cp, "\nrefcount: %u\n", closure->flags & BLOCK_REFCOUNT_MASK);
data/libblocksruntime-0.4.1/runtime.c:484:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    cp += sprintf(cp, "invoke: %p\n", (void *)(uintptr_t)closure->invoke);
data/libblocksruntime-0.4.1/runtime.c:487:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        cp += sprintf(cp, "descriptor: %p\n", (void *)dp);
data/libblocksruntime-0.4.1/runtime.c:488:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        cp += sprintf(cp, "descriptor->reserved: %lu\n", dp->reserved);
data/libblocksruntime-0.4.1/runtime.c:489:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        cp += sprintf(cp, "descriptor->size: %lu\n", dp->size);
data/libblocksruntime-0.4.1/runtime.c:492:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            cp += sprintf(cp, "descriptor->copy helper: %p\n", (void *)(uintptr_t)dp->copy);
data/libblocksruntime-0.4.1/runtime.c:493:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            cp += sprintf(cp, "descriptor->dispose helper: %p\n", (void *)(uintptr_t)dp->dispose);
data/libblocksruntime-0.4.1/runtime.c:501:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buffer[256];
data/libblocksruntime-0.4.1/runtime.c:503:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    cp += sprintf(cp, "byref data block %p contents:\n", (void *)src);
data/libblocksruntime-0.4.1/runtime.c:504:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    cp += sprintf(cp, "  forwarding: %p\n", (void *)src->forwarding);
data/libblocksruntime-0.4.1/runtime.c:505:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    cp += sprintf(cp, "  flags: 0x%x\n", src->flags);
data/libblocksruntime-0.4.1/runtime.c:506:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    cp += sprintf(cp, "  size: %d\n", src->size);
data/libblocksruntime-0.4.1/runtime.c:508:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        cp += sprintf(cp, "  copy helper: %p\n", (void *)(uintptr_t)src->byref_keep);
data/libblocksruntime-0.4.1/runtime.c:509:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        cp += sprintf(cp, "  dispose helper: %p\n", (void *)(uintptr_t)src->byref_destroy);

ANALYSIS SUMMARY:

Hits = 23
Lines analyzed = 888 in approximately 0.08 seconds (11386 lines/second)
Physical Source Lines of Code (SLOC) = 450
Hits@level = [0]   4 [1]   0 [2]  23 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  27 [1+]  23 [2+]  23 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+]  60 [1+] 51.1111 [2+] 51.1111 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.