Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/alternate_format.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/alternate_format.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/asyoutypeformatter.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/asyoutypeformatter.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/base/basictypes.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/base/logging.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/base/memory/scoped_ptr.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/base/memory/singleton.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/base/memory/singleton_posix.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/base/strings/string_piece.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/base/strings/string_piece.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/base/synchronization/lock.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/base/synchronization/lock_posix.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/base/template_util.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/base/thread_checker.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/callback.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/default_logger.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/default_logger.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/encoding_utils.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/geocoding/area_code_map.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/geocoding/area_code_map.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/geocoding/default_map_storage.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/geocoding/default_map_storage.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/geocoding/geocoding_data.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/geocoding/mapping_file_provider.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/geocoding/mapping_file_provider.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/geocoding/phonenumber_offline_geocoder.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/geocoding/phonenumber_offline_geocoder.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/lite_metadata.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/logger.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/logger.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/matcher_api.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/metadata.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/metadata.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/normalize_utf8.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumber.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumber.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumbermatch.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumbermatch.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumbermatcher.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumbermatcher.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/regex_based_matcher.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/regex_based_matcher.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/regexp_adapter.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/regexp_adapter_icu.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/regexp_adapter_icu.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/regexp_adapter_re2.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/regexp_adapter_re2.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/regexp_cache.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/regexp_cache.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/regexp_factory.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/region_code.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/short_metadata.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/short_metadata.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/shortnumberinfo.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/shortnumberinfo.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/stl_util.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/string_byte_sink.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/string_byte_sink.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/test_metadata.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/unicodestring.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/unicodestring.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/utf/rune.c
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/utf/stringpiece.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/utf/stringprintf.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/utf/unicodetext.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/utf/unicodetext.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/utf/unilib.cc
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/utf/unilib.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/utf/utf.h
Examining data/libphonenumber-7.1.0/cpp/src/phonenumbers/utf/utfdef.h
Examining data/libphonenumber-7.1.0/cpp/test/phonenumbers/asyoutypeformatter_test.cc
Examining data/libphonenumber-7.1.0/cpp/test/phonenumbers/geocoding/area_code_map_test.cc
Examining data/libphonenumber-7.1.0/cpp/test/phonenumbers/geocoding/geocoding_data_test.cc
Examining data/libphonenumber-7.1.0/cpp/test/phonenumbers/geocoding/geocoding_test_data.h
Examining data/libphonenumber-7.1.0/cpp/test/phonenumbers/geocoding/geocoding_test_program.cc
Examining data/libphonenumber-7.1.0/cpp/test/phonenumbers/geocoding/mapping_file_provider_test.cc
Examining data/libphonenumber-7.1.0/cpp/test/phonenumbers/geocoding/phonenumber_offline_geocoder_test.cc
Examining data/libphonenumber-7.1.0/cpp/test/phonenumbers/logger_test.cc
Examining data/libphonenumber-7.1.0/cpp/test/phonenumbers/phonenumbermatch_test.cc
Examining data/libphonenumber-7.1.0/cpp/test/phonenumbers/phonenumbermatcher_test.cc
Examining data/libphonenumber-7.1.0/cpp/test/phonenumbers/phonenumberutil_test.cc
Examining data/libphonenumber-7.1.0/cpp/test/phonenumbers/regexp_adapter_test.cc
Examining data/libphonenumber-7.1.0/cpp/test/phonenumbers/regexp_cache_test.cc
Examining data/libphonenumber-7.1.0/cpp/test/phonenumbers/run_tests.cc
Examining data/libphonenumber-7.1.0/cpp/test/phonenumbers/shortnumberinfo_test.cc
Examining data/libphonenumber-7.1.0/cpp/test/phonenumbers/stringutil_test.cc
Examining data/libphonenumber-7.1.0/cpp/test/phonenumbers/test_util.cc
Examining data/libphonenumber-7.1.0/cpp/test/phonenumbers/test_util.h
Examining data/libphonenumber-7.1.0/cpp/test/phonenumbers/unicodestring_test.cc
Examining data/libphonenumber-7.1.0/cpp/test/phonenumbers/utf/unicodetext_test.cc
Examining data/libphonenumber-7.1.0/tools/cpp/src/base/basictypes.h
Examining data/libphonenumber-7.1.0/tools/cpp/src/cpp-build/generate_geocoding_data.h
Examining data/libphonenumber-7.1.0/tools/cpp/src/cpp-build/generate_geocoding_data_main.cc
Examining data/libphonenumber-7.1.0/tools/cpp/src/cpp-build/generate_geocoding_data.cc
Examining data/libphonenumber-7.1.0/tools/cpp/test/cpp-build/generate_geocoding_data_test.cc
Examining data/libphonenumber-7.1.0/tools/cpp/test/cpp-build/run_tests.cc
FINAL RESULTS:
data/libphonenumber-7.1.0/cpp/src/phonenumbers/asyoutypeformatter.cc:110:17: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
new_pattern = StrCat("(", new_pattern, ")");
data/libphonenumber-7.1.0/cpp/src/phonenumbers/asyoutypeformatter.cc:559:9: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(prefix_before_national_number_, national_number));
data/libphonenumber-7.1.0/cpp/src/phonenumbers/asyoutypeformatter.cc:664:7: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat("\\", string(&kPlusSign, 1), "|",
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumbermatch.cc:74:10: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
return StrCat("PhoneNumberMatch [", start(), ",", end(), ") ",
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumbermatcher.cc:72:10: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
return StrCat("{", lower, ",", upper, "}");
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumbermatcher.cc:272:21: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
non_parens_(StrCat("[^", opening_parens_, closing_parens_, "]")),
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumbermatcher.cc:274:40: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
leading_maybe_matched_bracket_(StrCat(
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumbermatcher.cc:277:24: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
bracket_pairs_(StrCat(
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumbermatcher.cc:285:22: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
punctuation_(StrCat("[", PhoneNumberUtil::kValidPunctuation, "]",
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumbermatcher.cc:287:25: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
digit_sequence_(StrCat("\\p{Nd}", Limit(1, digit_block_limit_))),
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumbermatcher.cc:288:27: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
lead_class_chars_(StrCat(opening_parens_, PhoneNumberUtil::kPlusChars)),
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumbermatcher.cc:289:21: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
lead_class_(StrCat("[", lead_class_chars_, "]")),
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumbermatcher.cc:290:30: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
opening_punctuation_(StrCat("(?:", lead_class_, punctuation_, ")")),
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumbermatcher.cc:291:32: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
optional_extn_pattern_(StrCat(
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumbermatcher.cc:310:13: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(leading_maybe_matched_bracket_, non_parens_, "+",
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumbermatcher.cc:320:13: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat("(", opening_punctuation_, lead_limit_,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:162:35: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
formatted_number->insert(0, StrCat(kPlusSign, country_calling_code));
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:165:35: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
formatted_number->insert(0, StrCat(kPlusSign, country_calling_code, " "));
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:168:35: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
formatted_number->insert(0, StrCat(kRfc3966Prefix, kPlusSign,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:205:47: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
static const string capturing_extn_digits = StrCat("([", kDigits, "]{1,7})");
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:217:11: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
return (StrCat(
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:513:36: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
: punctuation_and_star_sign_(StrCat(PhoneNumberUtil::kValidPunctuation,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:516:13: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(kDigits, "{", PhoneNumberUtil::kMinLengthForNsn, "}")),
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:518:13: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(min_length_phone_number_pattern_, "|[",
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:525:31: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
CreateExtnPattern(StrCat(",", kSingleExtnSymbolsForMatching))),
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:537:43: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
regexp_factory_->CreateRegExp(StrCat("[", kDigits, "]*"))),
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:539:43: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
regexp_factory_->CreateRegExp(StrCat("([", kDigits, "])"))),
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:543:13: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat("[", PhoneNumberUtil::kPlusChars, kDigits, "]"))),
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:551:17: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat("[", PhoneNumberUtil::kValidPunctuation, "]+"))),
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:555:13: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat("(?i)(?:", extn_patterns_for_parsing_, ")$"))),
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:557:13: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat("(?i)", valid_phone_number_,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:560:13: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat("(?i)(?:.*?[", kValidAlpha, "]){3}"))),
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:571:17: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat("[", PhoneNumberUtil::kPlusChars, "]+"))) {
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:720:7: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat("[", kValidPunctuation, "]*", "(\\$\\d", "[",
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:1003:11: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat(hu_national_prefix, " ", *formatted_number));
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:1082:35: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
formatted_number->insert(0, StrCat(country_code, " "));
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:1126:12: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
0, StrCat(international_prefix_for_formatting, " ", country_code, " "));
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:1683:33: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
ErrorType success = Parse(StrCat(kPlusSign,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:1987:7: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat("(", metadata->general_desc().possible_number_pattern(), ")"));
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:2259:7: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat("[^", kDigits, "]"));
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:2607:15: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat("(", general_num_desc.possible_number_pattern(), ")"));
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:2773:43: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
reg_exps_->regexp_cache_->GetRegExp(StrCat("(",
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.cc:218:8: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string StrCat(const StringHolder& s1, const StringHolder& s2) {
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.cc:228:8: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string StrCat(const StringHolder& s1, const StringHolder& s2,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.cc:240:8: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string StrCat(const StringHolder& s1, const StringHolder& s2,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.cc:253:8: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string StrCat(const StringHolder& s1, const StringHolder& s2,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.cc:268:8: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string StrCat(const StringHolder& s1, const StringHolder& s2,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.cc:284:8: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string StrCat(const StringHolder& s1, const StringHolder& s2,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.cc:302:8: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string StrCat(const StringHolder& s1, const StringHolder& s2,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.cc:321:8: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string StrCat(const StringHolder& s1, const StringHolder& s2,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.cc:343:8: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string StrCat(const StringHolder& s1, const StringHolder& s2,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.cc:368:8: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string StrCat(const StringHolder& s1, const StringHolder& s2,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.h:113:8: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string StrCat(const StringHolder& s1, const StringHolder& s2);
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.h:115:8: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string StrCat(const StringHolder& s1, const StringHolder& s2,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.h:118:8: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string StrCat(const StringHolder& s1, const StringHolder& s2,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.h:121:8: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string StrCat(const StringHolder& s1, const StringHolder& s2,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.h:125:8: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string StrCat(const StringHolder& s1, const StringHolder& s2,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.h:129:8: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string StrCat(const StringHolder& s1, const StringHolder& s2,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.h:134:8: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string StrCat(const StringHolder& s1, const StringHolder& s2,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.h:139:8: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string StrCat(const StringHolder& s1, const StringHolder& s2,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.h:145:8: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string StrCat(const StringHolder& s1, const StringHolder& s2,
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.h:152:8: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string StrCat(const StringHolder& s1, const StringHolder& s2,
data/libphonenumber-7.1.0/cpp/test/phonenumbers/phonenumbermatcher_test.cc:61:12: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
return StrCat(raw_string_, " (", region_, ")");
data/libphonenumber-7.1.0/cpp/test/phonenumbers/phonenumbermatcher_test.cc:194:23: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string text = StrCat(it->leading_text_, number, it->trailing_text_);
data/libphonenumber-7.1.0/cpp/test/phonenumbers/phonenumbermatcher_test.cc:204:23: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string text = StrCat(it->leading_text_, number, it->trailing_text_);
data/libphonenumber-7.1.0/cpp/test/phonenumbers/phonenumbermatcher_test.cc:288:21: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string text = StrCat(prefix, number, it->trailing_text_);
data/libphonenumber-7.1.0/cpp/test/phonenumbers/phonenumbermatcher_test.cc:561:17: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string text = StrCat(number1, " - ", number2, " - ", number3, " - ", number4);
data/libphonenumber-7.1.0/cpp/test/phonenumbers/phonenumbermatcher_test.cc:586:17: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
string text = StrCat(number1, " ", number2);
data/libphonenumber-7.1.0/cpp/test/phonenumbers/phonenumbermatcher_test.cc:603:7: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat("My address is CA 34215 - ", number, " is my number.");
data/libphonenumber-7.1.0/cpp/test/phonenumbers/phonenumbermatcher_test.cc:621:7: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
StrCat("My number is ", number, ". 34215 is my zip-code.");
data/libphonenumber-7.1.0/cpp/test/phonenumbers/regexp_adapter_test.cc:78:12: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
return StrCat("Test failed with ", context.name, " implementation.");
data/libphonenumber-7.1.0/cpp/test/phonenumbers/stringutil_test.cc:236:22: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
TEST(StringUtilTest, StrCat) {
data/libphonenumber-7.1.0/cpp/test/phonenumbers/stringutil_test.cc:240:7: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
s = StrCat("a", "b");
data/libphonenumber-7.1.0/cpp/test/phonenumbers/stringutil_test.cc:244:7: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
s = StrCat("a", "b", "c");
data/libphonenumber-7.1.0/cpp/test/phonenumbers/stringutil_test.cc:248:7: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
s = StrCat("a", "b", "c", "d");
data/libphonenumber-7.1.0/cpp/test/phonenumbers/stringutil_test.cc:252:7: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
s = StrCat("a", "b", "c", "d", "e");
data/libphonenumber-7.1.0/cpp/test/phonenumbers/stringutil_test.cc:256:7: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
s = StrCat("a", "b", "c", "d", "e", "f");
data/libphonenumber-7.1.0/cpp/test/phonenumbers/stringutil_test.cc:260:7: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
s = StrCat("a", "b", "c", "d", "e", "f", "g");
data/libphonenumber-7.1.0/cpp/test/phonenumbers/stringutil_test.cc:264:7: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
s = StrCat("a", "b", "c", "d", "e", "f", "g", "h");
data/libphonenumber-7.1.0/cpp/test/phonenumbers/stringutil_test.cc:268:7: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
s = StrCat("a", "b", "c", "d", "e", "f", "g", "h", "i");
data/libphonenumber-7.1.0/cpp/test/phonenumbers/stringutil_test.cc:272:7: [4] (buffer) StrCat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
s = StrCat("a", "b", "c", "d", "e", "f", "g", "h", "i", "j", "k");
data/libphonenumber-7.1.0/cpp/src/phonenumbers/base/strings/string_piece.cc:39:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, ptr_ + pos, ret);
data/libphonenumber-7.1.0/cpp/src/phonenumbers/normalize_utf8.h:38:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8[4];
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unicode_char[5];
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:696:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_char[5];
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:1920:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_char[5];
data/libphonenumber-7.1.0/cpp/src/phonenumbers/utf/rune.c:316:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[10];
data/libphonenumber-7.1.0/cpp/src/phonenumbers/utf/unicodetext.cc:118:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_data, data_, size_);
data/libphonenumber-7.1.0/cpp/src/phonenumbers/utf/unicodetext.cc:149:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_, data, size);
data/libphonenumber-7.1.0/cpp/src/phonenumbers/utf/unicodetext.cc:171:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data_ + size_, bytes, byte_length);
data/libphonenumber-7.1.0/cpp/src/phonenumbers/utf/unicodetext.cc:364:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[UTFmax];
data/libphonenumber-7.1.0/cpp/src/phonenumbers/utf/unilib.h:49:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char kUTF8LenTbl[256] = {
data/libphonenumber-7.1.0/tools/cpp/src/cpp-build/generate_geocoding_data.cc:161:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* input = fopen(path.c_str(), "r");
data/libphonenumber-7.1.0/tools/cpp/src/cpp-build/generate_geocoding_data.cc:641:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* source_fp = fopen(source_path.c_str(), "w");
data/libphonenumber-7.1.0/cpp/src/phonenumbers/base/strings/string_piece.h:51:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: ptr_(str), length_((str == NULL) ? 0 : strlen(str)) { }
data/libphonenumber-7.1.0/cpp/src/phonenumbers/base/strings/string_piece.h:76:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length_ = str ? strlen(str) : 0;
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:1741:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
index_of_phone_context + strlen(kRfc3966PhoneContext);
data/libphonenumber-7.1.0/cpp/src/phonenumbers/phonenumberutil.cc:1765:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
index_of_rfc_prefix + strlen(kRfc3966Prefix) : 0;
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.cc:27:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
using std::equal;
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.cc:65:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
equal(s.begin(), s.begin() + prefix.size(), prefix.begin());
data/libphonenumber-7.1.0/cpp/src/phonenumbers/stringutil.cc:191:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len_(std::strlen(s))
data/libphonenumber-7.1.0/cpp/src/phonenumbers/unicodestring.cc:24:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
using std::equal;
data/libphonenumber-7.1.0/cpp/src/phonenumbers/unicodestring.cc:38:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal(text_.begin(), text_.end(), rhs.text_.begin());
data/libphonenumber-7.1.0/cpp/src/phonenumbers/unicodestring.h:37:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: text_(UTF8ToUnicodeText(utf8, std::strlen(utf8))),
data/libphonenumber-7.1.0/tools/cpp/src/cpp-build/generate_geocoding_data.cc:129:15: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return std::equal(suffix.rbegin(), suffix.rend(), s.rbegin());
ANALYSIS SUMMARY:
Hits = 105
Lines analyzed = 52800 in approximately 4.62 seconds (11440 lines/second)
Physical Source Lines of Code (SLOC) = 44471
Hits@level = [0] 55 [1] 11 [2] 13 [3] 0 [4] 81 [5] 0
Hits@level+ = [0+] 160 [1+] 105 [2+] 94 [3+] 81 [4+] 81 [5+] 0
Hits/KSLOC@level+ = [0+] 3.59785 [1+] 2.36109 [2+] 2.11374 [3+] 1.82141 [4+] 1.82141 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.