Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libcitygml-2.0.9/osgplugin/CitygmlOsgViewer.cpp
Examining data/libcitygml-2.0.9/osgplugin/ReaderWriterCityGML.cpp
Examining data/libcitygml-2.0.9/sources/include/citygml/address.h
Examining data/libcitygml-2.0.9/sources/include/citygml/appearance.h
Examining data/libcitygml-2.0.9/sources/include/citygml/appearancemanager.h
Examining data/libcitygml-2.0.9/sources/include/citygml/appearancetarget.h
Examining data/libcitygml-2.0.9/sources/include/citygml/appearancetargetdefinition.h
Examining data/libcitygml-2.0.9/sources/include/citygml/attributesmap.h
Examining data/libcitygml-2.0.9/sources/include/citygml/citygml.h
Examining data/libcitygml-2.0.9/sources/include/citygml/citygmlfactory.h
Examining data/libcitygml-2.0.9/sources/include/citygml/citygmllogger.h
Examining data/libcitygml-2.0.9/sources/include/citygml/citymodel.h
Examining data/libcitygml-2.0.9/sources/include/citygml/cityobject.h
Examining data/libcitygml-2.0.9/sources/include/citygml/enum_type_bitmask.h
Examining data/libcitygml-2.0.9/sources/include/citygml/envelope.h
Examining data/libcitygml-2.0.9/sources/include/citygml/featureobject.h
Examining data/libcitygml-2.0.9/sources/include/citygml/geometry.h
Examining data/libcitygml-2.0.9/sources/include/citygml/geometrymanager.h
Examining data/libcitygml-2.0.9/sources/include/citygml/georeferencedtexture.h
Examining data/libcitygml-2.0.9/sources/include/citygml/implictgeometry.h
Examining data/libcitygml-2.0.9/sources/include/citygml/linearring.h
Examining data/libcitygml-2.0.9/sources/include/citygml/linestring.h
Examining data/libcitygml-2.0.9/sources/include/citygml/material.h
Examining data/libcitygml-2.0.9/sources/include/citygml/materialtargetdefinition.h
Examining data/libcitygml-2.0.9/sources/include/citygml/object.h
Examining data/libcitygml-2.0.9/sources/include/citygml/polygon.h
Examining data/libcitygml-2.0.9/sources/include/citygml/polygonmanager.h
Examining data/libcitygml-2.0.9/sources/include/citygml/tesselator.h
Examining data/libcitygml-2.0.9/sources/include/citygml/texture.h
Examining data/libcitygml-2.0.9/sources/include/citygml/texturecoordinates.h
Examining data/libcitygml-2.0.9/sources/include/citygml/texturetargetdefinition.h
Examining data/libcitygml-2.0.9/sources/include/citygml/transformmatrix.h
Examining data/libcitygml-2.0.9/sources/include/citygml/utils.h
Examining data/libcitygml-2.0.9/sources/include/citygml/vecs.hpp
Examining data/libcitygml-2.0.9/sources/include/parser/addressparser.h
Examining data/libcitygml-2.0.9/sources/include/parser/appearanceelementparser.h
Examining data/libcitygml-2.0.9/sources/include/parser/attributes.h
Examining data/libcitygml-2.0.9/sources/include/parser/citygmldocumentparser.h
Examining data/libcitygml-2.0.9/sources/include/parser/citygmlelementparser.h
Examining data/libcitygml-2.0.9/sources/include/parser/citymodelelementparser.h
Examining data/libcitygml-2.0.9/sources/include/parser/cityobjectelementparser.h
Examining data/libcitygml-2.0.9/sources/include/parser/delayedchoiceelementparser.h
Examining data/libcitygml-2.0.9/sources/include/parser/documentlocation.h
Examining data/libcitygml-2.0.9/sources/include/parser/elementparser.h
Examining data/libcitygml-2.0.9/sources/include/parser/geocoordinatetransformer.h
Examining data/libcitygml-2.0.9/sources/include/parser/geometryelementparser.h
Examining data/libcitygml-2.0.9/sources/include/parser/georeferencedtextureelementparser.h
Examining data/libcitygml-2.0.9/sources/include/parser/gmlfeaturecollectionparser.h
Examining data/libcitygml-2.0.9/sources/include/parser/gmlobjectparser.h
Examining data/libcitygml-2.0.9/sources/include/parser/implicitgeometryelementparser.h
Examining data/libcitygml-2.0.9/sources/include/parser/linearringelementparser.h
Examining data/libcitygml-2.0.9/sources/include/parser/linestringelementparser.h
Examining data/libcitygml-2.0.9/sources/include/parser/materialelementparser.h
Examining data/libcitygml-2.0.9/sources/include/parser/nodetypes.h
Examining data/libcitygml-2.0.9/sources/include/parser/parserutils.hpp
Examining data/libcitygml-2.0.9/sources/include/parser/polygonelementparser.h
Examining data/libcitygml-2.0.9/sources/include/parser/sequenceparser.h
Examining data/libcitygml-2.0.9/sources/include/parser/skipelementparser.h
Examining data/libcitygml-2.0.9/sources/include/parser/textureelementparser.h
Examining data/libcitygml-2.0.9/sources/src/citygml/address.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/appearance.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/appearancemanager.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/appearancetarget.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/attributesmap.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/citygmlfactory.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/citymodel.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/cityobject.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/envelope.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/featureobject.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/geometry.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/geometrymanager.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/georeferencedtexture.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/implictgeometry.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/linearring.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/linestring.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/material.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/materialtargetdefinition.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/object.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/polygon.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/polygonmanager.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/tesselator.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/texture.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/texturecoordinates.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/texturetargetdefinition.cpp
Examining data/libcitygml-2.0.9/sources/src/citygml/transformmatrix.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/addressparser.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/appearanceelementparser.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/attributes.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/citygmldocumentparser.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/citygmlelementparser.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/citymodelelementparser.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/cityobjectelementparser.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/delayedchoiceelementparser.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/elementparser.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/geocoordinatetransformer.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/geometryelementparser.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/georeferencedtextureelementparser.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/gmlfeaturecollectionparser.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/gmlobjectparser.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/implicitgeometryelementparser.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/linearringelementparser.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/linestringelementparser.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/materialelementparser.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/nodetypes.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/parserxercesc.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/polygonelementparser.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/sequenceparser.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/skipelementparser.cpp
Examining data/libcitygml-2.0.9/sources/src/parser/textureelementparser.cpp
Examining data/libcitygml-2.0.9/test/citygmltest.cpp
FINAL RESULTS:
data/libcitygml-2.0.9/sources/include/citygml/vecs.hpp:165:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( xyz, vec, 3 * sizeof(T) );
data/libcitygml-2.0.9/sources/include/citygml/vecs.hpp:321:41: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
TVec4( const T vec[], const T w ) { memcpy( xyzw, vec, 4 * sizeof(T) ); this->w = w; }
data/libcitygml-2.0.9/sources/include/citygml/vecs.hpp:323:30: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
TVec4( const T vec[] ) { memcpy( xyzw, vec, 4 * sizeof(T) ); }
data/libcitygml-2.0.9/test/citygmltest.cpp:76:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file.open( argv[fargc], std::ifstream::in );
data/libcitygml-2.0.9/sources/src/parser/parserxercesc.cpp:173:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_stream.read( reinterpret_cast<char*>(buf), maxToRead );
ANALYSIS SUMMARY:
Hits = 5
Lines analyzed = 11092 in approximately 0.27 seconds (40449 lines/second)
Physical Source Lines of Code (SLOC) = 8106
Hits@level = [0] 0 [1] 1 [2] 4 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 5 [1+] 5 [2+] 4 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.616827 [1+] 0.616827 [2+] 0.493462 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.