Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libgooglepinyin-0.1.2/include/atomdictbase.h Examining data/libgooglepinyin-0.1.2/include/dictbuilder.h Examining data/libgooglepinyin-0.1.2/include/dictdef.h Examining data/libgooglepinyin-0.1.2/include/dictlist.h Examining data/libgooglepinyin-0.1.2/include/dicttrie.h Examining data/libgooglepinyin-0.1.2/include/lpicache.h Examining data/libgooglepinyin-0.1.2/include/matrixsearch.h Examining data/libgooglepinyin-0.1.2/include/mystdlib.h Examining data/libgooglepinyin-0.1.2/include/ngram.h Examining data/libgooglepinyin-0.1.2/include/pinyinime.h Examining data/libgooglepinyin-0.1.2/include/searchutility.h Examining data/libgooglepinyin-0.1.2/include/spellingtable.h Examining data/libgooglepinyin-0.1.2/include/spellingtrie.h Examining data/libgooglepinyin-0.1.2/include/splparser.h Examining data/libgooglepinyin-0.1.2/include/sync.h Examining data/libgooglepinyin-0.1.2/include/userdict.h Examining data/libgooglepinyin-0.1.2/include/utf16char.h Examining data/libgooglepinyin-0.1.2/include/utf16reader.h Examining data/libgooglepinyin-0.1.2/src/dictbuilder.cpp Examining data/libgooglepinyin-0.1.2/src/dictlist.cpp Examining data/libgooglepinyin-0.1.2/src/dicttrie.cpp Examining data/libgooglepinyin-0.1.2/src/lpicache.cpp Examining data/libgooglepinyin-0.1.2/src/matrixsearch.cpp Examining data/libgooglepinyin-0.1.2/src/mystdlib.cpp Examining data/libgooglepinyin-0.1.2/src/ngram.cpp Examining data/libgooglepinyin-0.1.2/src/pinyinime.cpp Examining data/libgooglepinyin-0.1.2/src/searchutility.cpp Examining data/libgooglepinyin-0.1.2/src/spellingtable.cpp Examining data/libgooglepinyin-0.1.2/src/spellingtrie.cpp Examining data/libgooglepinyin-0.1.2/src/splparser.cpp Examining data/libgooglepinyin-0.1.2/src/sync.cpp Examining data/libgooglepinyin-0.1.2/src/userdict.cpp Examining data/libgooglepinyin-0.1.2/src/utf16char.cpp Examining data/libgooglepinyin-0.1.2/src/utf16reader.cpp Examining data/libgooglepinyin-0.1.2/tools/pinyinime_dictbuilder.cpp FINAL RESULTS: data/libgooglepinyin-0.1.2/include/dictdef.h:150:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pinyin_str[kMaxLemmaSize][kMaxPinyinSize + 1]; data/libgooglepinyin-0.1.2/include/matrixsearch.h:186:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pys_[kMaxRowNum]; data/libgooglepinyin-0.1.2/include/spellingtable.h:30:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[kMaxSpellingSize + 1]; data/libgooglepinyin-0.1.2/include/spellingtable.h:41:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char kNotSupportList[kNotSupportNum][kMaxSpellingSize + 1]; data/libgooglepinyin-0.1.2/include/spellingtrie.h:53:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char kHalfId2Sc_[kFullSplIdStart + 1]; data/libgooglepinyin-0.1.2/include/utf16reader.h:42:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open(const char* filename, size_t buffer_len); data/libgooglepinyin-0.1.2/src/dictbuilder.cpp:226:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(fn_validhzs, "rb"); data/libgooglepinyin-0.1.2/src/dictbuilder.cpp:374:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!utf16_reader.open(fn_raw, kReadBufLen * 10)) data/libgooglepinyin-0.1.2/src/dictbuilder.cpp:609:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dict_trie->root_, lma_nodes_le0_, data/libgooglepinyin-0.1.2/src/dictbuilder.cpp:611:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dict_trie->nodes_ge1_, lma_nodes_ge1_, data/libgooglepinyin-0.1.2/src/dicttrie.cpp:153:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(filename, "wb"); data/libgooglepinyin-0.1.2/src/dicttrie.cpp:249:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(filename, "rb"); data/libgooglepinyin-0.1.2/src/matrixsearch.cpp:441:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pys_ + ch_pos, py + ch_pos, py_len - ch_pos); data/libgooglepinyin-0.1.2/src/matrixsearch.cpp:1220:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c_phrase_.spl_ids, spl_id_, spl_id_num_ * sizeof(uint16)); data/libgooglepinyin-0.1.2/src/matrixsearch.cpp:1221:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c_phrase_.spl_start, spl_start_, (spl_id_num_ + 1) * sizeof(uint16)); data/libgooglepinyin-0.1.2/src/spellingtrie.cpp:290:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(spelling_buf_, spelling_arr, sizeof(char) * item_size * item_num); data/libgooglepinyin-0.1.2/src/spellingtrie.cpp:396:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ym_buf_, ym_buf, sizeof(char) * ym_item_size * ym_num); data/libgooglepinyin-0.1.2/src/userdict.cpp:677:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(npre_items[new_added].pre_hzs, words + hzs_len, cpy_len); data/libgooglepinyin-0.1.2/src/userdict.cpp:1008:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(file, "w+"); data/libgooglepinyin-0.1.2/src/userdict.cpp:1031:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(file, "rb"); data/libgooglepinyin-0.1.2/src/userdict.cpp:1093:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(file, "rb"); data/libgooglepinyin-0.1.2/src/userdict.cpp:1214:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dict_info_, &dict_info, sizeof(dict_info)); data/libgooglepinyin-0.1.2/src/userdict.cpp:1243:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(dict_file_, O_WRONLY); data/libgooglepinyin-0.1.2/src/userdict.cpp:1832:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char score_temp[32], *pscore_temp = score_temp; data/libgooglepinyin-0.1.2/src/userdict.cpp:1905:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str + len, temp, need_len * 2); data/libgooglepinyin-0.1.2/src/utf16char.cpp:86:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char char8[256]; data/libgooglepinyin-0.1.2/src/utf16reader.cpp:41:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool Utf16Reader::open(const char* filename, size_t buffer_len) { data/libgooglepinyin-0.1.2/src/utf16reader.cpp:58:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp_ = fopen(filename, "rb")) == NULL) data/libgooglepinyin-0.1.2/src/dictbuilder.cpp:547:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(lemma_arr_[i].pinyin_str[hz_pos]), data/libgooglepinyin-0.1.2/src/spellingtable.cpp:170:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(raw_spellings_[hash_pos].str, spelling_str, spelling_size_ - 1); data/libgooglepinyin-0.1.2/src/spellingtable.cpp:228:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(spelling_buf_ + pos * spelling_size_, raw_spellings_[pos].str, ANALYSIS SUMMARY: Hits = 31 Lines analyzed = 12549 in approximately 0.35 seconds (36333 lines/second) Physical Source Lines of Code (SLOC) = 8456 Hits@level = [0] 111 [1] 3 [2] 28 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 142 [1+] 31 [2+] 28 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 16.7928 [1+] 3.66604 [2+] 3.31126 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.