Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libpinyin-2.3.0/src/include/memory_chunk.h
Examining data/libpinyin-2.3.0/src/include/stl_lite.h
Examining data/libpinyin-2.3.0/src/include/novel_types.h
Examining data/libpinyin-2.3.0/src/pinyin.h
Examining data/libpinyin-2.3.0/src/pinyin_internal.h
Examining data/libpinyin-2.3.0/src/zhuyin.cpp
Examining data/libpinyin-2.3.0/src/pinyin_internal.cpp
Examining data/libpinyin-2.3.0/src/pinyin.cpp
Examining data/libpinyin-2.3.0/src/lookup/phonetic_lookup.cpp
Examining data/libpinyin-2.3.0/src/lookup/lookup.cpp
Examining data/libpinyin-2.3.0/src/lookup/phonetic_lookup.h
Examining data/libpinyin-2.3.0/src/lookup/pinyin_lookup2.cpp
Examining data/libpinyin-2.3.0/src/lookup/phrase_lookup.h
Examining data/libpinyin-2.3.0/src/lookup/pinyin_lookup2.h
Examining data/libpinyin-2.3.0/src/lookup/phonetic_lookup_linear.h
Examining data/libpinyin-2.3.0/src/lookup/phonetic_lookup_heap.h
Examining data/libpinyin-2.3.0/src/lookup/lookup.h
Examining data/libpinyin-2.3.0/src/lookup/phrase_lookup.cpp
Examining data/libpinyin-2.3.0/src/storage/chewing_large_table.cpp
Examining data/libpinyin-2.3.0/src/storage/table_info.cpp
Examining data/libpinyin-2.3.0/src/storage/flexible_ngram_bdb.h
Examining data/libpinyin-2.3.0/src/storage/phrase_large_table2.h
Examining data/libpinyin-2.3.0/src/storage/chewing_key.h
Examining data/libpinyin-2.3.0/src/storage/ngram_kyotodb.cpp
Examining data/libpinyin-2.3.0/src/storage/ngram.h
Examining data/libpinyin-2.3.0/src/storage/table_info.h
Examining data/libpinyin-2.3.0/src/storage/chewing_large_table2_kyotodb.h
Examining data/libpinyin-2.3.0/src/storage/pinyin_parser_table.h
Examining data/libpinyin-2.3.0/src/storage/chewing_large_table2.h
Examining data/libpinyin-2.3.0/src/storage/zhuyin_parser2.cpp
Examining data/libpinyin-2.3.0/src/storage/phrase_large_table3_bdb.h
Examining data/libpinyin-2.3.0/src/storage/flexible_single_gram.h
Examining data/libpinyin-2.3.0/src/storage/flexible_ngram.h
Examining data/libpinyin-2.3.0/src/storage/special_table.h
Examining data/libpinyin-2.3.0/src/storage/chewing_key.cpp
Examining data/libpinyin-2.3.0/src/storage/phrase_large_table3_kyotodb.h
Examining data/libpinyin-2.3.0/src/storage/chewing_large_table2_bdb.cpp
Examining data/libpinyin-2.3.0/src/storage/phrase_large_table3.cpp
Examining data/libpinyin-2.3.0/src/storage/facade_phrase_table3.h
Examining data/libpinyin-2.3.0/src/storage/phrase_large_table3_bdb.cpp
Examining data/libpinyin-2.3.0/src/storage/phrase_index.h
Examining data/libpinyin-2.3.0/src/storage/zhuyin_custom2.h
Examining data/libpinyin-2.3.0/src/storage/pinyin_parser2.cpp
Examining data/libpinyin-2.3.0/src/storage/chewing_enum.h
Examining data/libpinyin-2.3.0/src/storage/ngram_bdb.h
Examining data/libpinyin-2.3.0/src/storage/pinyin_phrase3.h
Examining data/libpinyin-2.3.0/src/storage/facade_chewing_table2.h
Examining data/libpinyin-2.3.0/src/storage/facade_phrase_table2.h
Examining data/libpinyin-2.3.0/src/storage/pinyin_parser2.h
Examining data/libpinyin-2.3.0/src/storage/zhuyin_table.h
Examining data/libpinyin-2.3.0/src/storage/ngram_bdb.cpp
Examining data/libpinyin-2.3.0/src/storage/chewing_large_table.h
Examining data/libpinyin-2.3.0/src/storage/pinyin_phrase2.h
Examining data/libpinyin-2.3.0/src/storage/phrase_large_table3_kyotodb.cpp
Examining data/libpinyin-2.3.0/src/storage/phrase_index_logger.h
Examining data/libpinyin-2.3.0/src/storage/bdb_utils.h
Examining data/libpinyin-2.3.0/src/storage/kyotodb_utils.h
Examining data/libpinyin-2.3.0/src/storage/facade_chewing_table.h
Examining data/libpinyin-2.3.0/src/storage/tag_utility.h
Examining data/libpinyin-2.3.0/src/storage/double_pinyin_table.h
Examining data/libpinyin-2.3.0/src/storage/tag_utility.cpp
Examining data/libpinyin-2.3.0/src/storage/chewing_large_table2_kyotodb.cpp
Examining data/libpinyin-2.3.0/src/storage/phrase_index.cpp
Examining data/libpinyin-2.3.0/src/storage/ngram_kyotodb.h
Examining data/libpinyin-2.3.0/src/storage/phonetic_key_matrix.cpp
Examining data/libpinyin-2.3.0/src/storage/flexible_ngram_kyotodb.h
Examining data/libpinyin-2.3.0/src/storage/pinyin_custom2.h
Examining data/libpinyin-2.3.0/src/storage/phrase_large_table2.cpp
Examining data/libpinyin-2.3.0/src/storage/phrase_large_table3.h
Examining data/libpinyin-2.3.0/src/storage/phonetic_key_matrix.h
Examining data/libpinyin-2.3.0/src/storage/chewing_large_table2_bdb.h
Examining data/libpinyin-2.3.0/src/storage/chewing_large_table2.cpp
Examining data/libpinyin-2.3.0/src/storage/ngram.cpp
Examining data/libpinyin-2.3.0/src/storage/zhuyin_parser2.h
Examining data/libpinyin-2.3.0/src/zhuyin.h
Examining data/libpinyin-2.3.0/tests/include/test_memory_chunk.cpp
Examining data/libpinyin-2.3.0/tests/timer.h
Examining data/libpinyin-2.3.0/tests/tests_helper.h
Examining data/libpinyin-2.3.0/tests/test_phrase.cpp
Examining data/libpinyin-2.3.0/tests/test_chewing.cpp
Examining data/libpinyin-2.3.0/tests/lookup/test_phrase_lookup.cpp
Examining data/libpinyin-2.3.0/tests/lookup/test_pinyin_lookup.cpp
Examining data/libpinyin-2.3.0/tests/test_pinyin.cpp
Examining data/libpinyin-2.3.0/tests/test_zhuyin.cpp
Examining data/libpinyin-2.3.0/tests/storage/test_parser2.cpp
Examining data/libpinyin-2.3.0/tests/storage/test_ngram.cpp
Examining data/libpinyin-2.3.0/tests/storage/test_table_info.cpp
Examining data/libpinyin-2.3.0/tests/storage/test_phrase_index.cpp
Examining data/libpinyin-2.3.0/tests/storage/test_flexible_ngram.cpp
Examining data/libpinyin-2.3.0/tests/storage/test_phrase_table.cpp
Examining data/libpinyin-2.3.0/tests/storage/test_matrix.cpp
Examining data/libpinyin-2.3.0/tests/storage/test_chewing_table.cpp
Examining data/libpinyin-2.3.0/tests/storage/test_phrase_index_logger.cpp
Examining data/libpinyin-2.3.0/utils/training/validate_k_mixture_model.cpp
Examining data/libpinyin-2.3.0/utils/training/k_mixture_model.h
Examining data/libpinyin-2.3.0/utils/training/gen_unigram.cpp
Examining data/libpinyin-2.3.0/utils/training/export_k_mixture_model.cpp
Examining data/libpinyin-2.3.0/utils/training/estimate_k_mixture_model.cpp
Examining data/libpinyin-2.3.0/utils/training/prune_k_mixture_model.cpp
Examining data/libpinyin-2.3.0/utils/training/gen_deleted_ngram.cpp
Examining data/libpinyin-2.3.0/utils/training/gen_k_mixture_model.cpp
Examining data/libpinyin-2.3.0/utils/training/import_k_mixture_model.cpp
Examining data/libpinyin-2.3.0/utils/training/merge_k_mixture_model.cpp
Examining data/libpinyin-2.3.0/utils/training/k_mixture_model_to_interpolation.cpp
Examining data/libpinyin-2.3.0/utils/training/estimate_interpolation.cpp
Examining data/libpinyin-2.3.0/utils/training/gen_ngram.cpp
Examining data/libpinyin-2.3.0/utils/training/eval_correction_rate.cpp
Examining data/libpinyin-2.3.0/utils/utils_helper.h
Examining data/libpinyin-2.3.0/utils/segment/mergeseq.cpp
Examining data/libpinyin-2.3.0/utils/segment/spseg.cpp
Examining data/libpinyin-2.3.0/utils/segment/ngseg.cpp
Examining data/libpinyin-2.3.0/utils/storage/export_interpolation.cpp
Examining data/libpinyin-2.3.0/utils/storage/gen_zhuyin_table.cpp
Examining data/libpinyin-2.3.0/utils/storage/gen_binary_files.cpp
Examining data/libpinyin-2.3.0/utils/storage/import_interpolation.cpp
Examining data/libpinyin-2.3.0/utils/storage/gen_pinyin_table.cpp
FINAL RESULTS:
data/libpinyin-2.3.0/src/lookup/phonetic_lookup.h:594:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
m_system_bigram->load(index_token, system);
data/libpinyin-2.3.0/src/lookup/phonetic_lookup.h:597:60: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( !merge_single_gram(&m_merged_single_gram, system, user) )
data/libpinyin-2.3.0/src/lookup/phonetic_lookup.h:632:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system)
data/libpinyin-2.3.0/src/lookup/phonetic_lookup.h:633:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
delete system;
data/libpinyin-2.3.0/src/lookup/phrase_lookup.cpp:191:22: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
SingleGram * system, * user;
data/libpinyin-2.3.0/src/lookup/phrase_lookup.cpp:192:44: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
m_system_bigram->load(index_token, system);
data/libpinyin-2.3.0/src/lookup/phrase_lookup.cpp:195:56: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( !merge_single_gram(&m_merged_single_gram, system, user) )
data/libpinyin-2.3.0/src/lookup/phrase_lookup.cpp:206:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system)
data/libpinyin-2.3.0/src/lookup/phrase_lookup.cpp:207:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
delete system;
data/libpinyin-2.3.0/src/lookup/phrase_lookup.cpp:269:44: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
m_system_bigram->load(index_token, system);
data/libpinyin-2.3.0/src/lookup/phrase_lookup.cpp:273:37: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
(&m_merged_single_gram, system, user))
data/libpinyin-2.3.0/src/lookup/phrase_lookup.cpp:298:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system)
data/libpinyin-2.3.0/src/lookup/phrase_lookup.cpp:299:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
delete system;
data/libpinyin-2.3.0/src/lookup/pinyin_lookup2.cpp:367:44: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
m_system_bigram->load(index_token, system);
data/libpinyin-2.3.0/src/lookup/pinyin_lookup2.cpp:370:56: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if ( !merge_single_gram(&m_merged_single_gram, system, user) )
data/libpinyin-2.3.0/src/lookup/pinyin_lookup2.cpp:404:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system)
data/libpinyin-2.3.0/src/lookup/pinyin_lookup2.cpp:405:20: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
delete system;
data/libpinyin-2.3.0/src/storage/ngram.cpp:279:64: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
bool merge_single_gram(SingleGram * merged, const SingleGram * system,
data/libpinyin-2.3.0/src/storage/ngram.cpp:281:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (NULL == system && NULL == user)
data/libpinyin-2.3.0/src/storage/ngram.cpp:286:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (NULL == system) {
data/libpinyin-2.3.0/src/storage/ngram.h:57:54: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const SingleGram * system,
data/libpinyin-2.3.0/src/storage/ngram.h:207:64: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
bool merge_single_gram(SingleGram * merged, const SingleGram * system,
data/libpinyin-2.3.0/src/include/memory_chunk.h:355:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( buffer, m_data_begin + offset, length);
data/libpinyin-2.3.0/src/include/memory_chunk.h:385:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_RDONLY);
data/libpinyin-2.3.0/src/include/memory_chunk.h:444:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_RDONLY);
data/libpinyin-2.3.0/src/include/memory_chunk.h:502:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(filename, O_CREAT|O_WRONLY|O_TRUNC, 0644);
data/libpinyin-2.3.0/src/storage/chewing_large_table.cpp:666:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pinyin[256];
data/libpinyin-2.3.0/src/storage/chewing_large_table.cpp:667:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phrase[256];
data/libpinyin-2.3.0/src/storage/chewing_large_table2.cpp:112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pinyin[256];
data/libpinyin-2.3.0/src/storage/chewing_large_table2.cpp:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phrase[256];
data/libpinyin-2.3.0/src/storage/chewing_large_table2_bdb.cpp:33:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = m_db->open(m_db, NULL, NULL, NULL,
data/libpinyin-2.3.0/src/storage/chewing_large_table2_bdb.cpp:65:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = m_db->open(m_db, NULL, dbfile, NULL,
data/libpinyin-2.3.0/src/storage/chewing_large_table2_bdb.cpp:83:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = m_db->open(m_db, NULL, NULL, NULL,
data/libpinyin-2.3.0/src/storage/chewing_large_table2_bdb.cpp:96:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = tmp_db->open(tmp_db, NULL, filename, NULL,
data/libpinyin-2.3.0/src/storage/chewing_large_table2_bdb.cpp:123:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = tmp_db->open(tmp_db, NULL, new_filename, NULL,
data/libpinyin-2.3.0/src/storage/chewing_large_table2_kyotodb.cpp:33:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert(m_db->open("-", BasicDB::OREADER|BasicDB::OWRITER|BasicDB::OCREATE));
data/libpinyin-2.3.0/src/storage/chewing_large_table2_kyotodb.cpp:63:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return m_db->open(dbfile, mode);
data/libpinyin-2.3.0/src/storage/chewing_large_table2_kyotodb.cpp:76:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!m_db->open("-", BasicDB::OREADER|BasicDB::OWRITER|BasicDB::OCREATE))
data/libpinyin-2.3.0/src/storage/chewing_large_table2_kyotodb.cpp:81:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tmp_db->open(filename, BasicDB::OREADER))
data/libpinyin-2.3.0/src/storage/chewing_large_table2_kyotodb.cpp:99:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tmp_db->open(new_filename, BasicDB::OWRITER|BasicDB::OCREATE))
data/libpinyin-2.3.0/src/storage/flexible_ngram_bdb.h:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_magic_number[4];
data/libpinyin-2.3.0/src/storage/flexible_ngram_bdb.h:110:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = m_db->open(m_db, NULL, dbfile, NULL, DB_HASH, db_flags, 0644);
data/libpinyin-2.3.0/src/storage/flexible_ngram_bdb.h:114:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = m_db->open(m_db, NULL, dbfile, NULL, DB_HASH, db_flags, 0644);
data/libpinyin-2.3.0/src/storage/flexible_ngram_bdb.h:322:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&header, db_data.data, sizeof(MagicHeader));
data/libpinyin-2.3.0/src/storage/flexible_ngram_bdb.h:385:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&header, db_data.data, sizeof(ArrayHeader));
data/libpinyin-2.3.0/src/storage/flexible_ngram_kyotodb.h:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_magic_number[4];
data/libpinyin-2.3.0/src/storage/flexible_ngram_kyotodb.h:145:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!m_db->open(dbfile, mode)) {
data/libpinyin-2.3.0/src/storage/flexible_ngram_kyotodb.h:154:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!m_db->open(dbfile, mode))
data/libpinyin-2.3.0/src/storage/flexible_ngram_kyotodb.h:307:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&header, vbuf + sizeof(m_magic_number), sizeof(MagicHeader));
data/libpinyin-2.3.0/src/storage/flexible_ngram_kyotodb.h:372:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&header, vbuf, sizeof(ArrayHeader));
data/libpinyin-2.3.0/src/storage/flexible_single_gram.h:213:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&item, &(cur_item->m_item), sizeof(ArrayItem));
data/libpinyin-2.3.0/src/storage/flexible_single_gram.h:252:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&item, &(cur_item->m_item), sizeof(ArrayItem));
data/libpinyin-2.3.0/src/storage/flexible_single_gram.h:285:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(cur_item->m_item), &item, sizeof(ArrayItem));
data/libpinyin-2.3.0/src/storage/flexible_single_gram.h:304:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&header, buf_begin, sizeof(ArrayHeader));
data/libpinyin-2.3.0/src/storage/flexible_single_gram.h:318:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf_begin, &header, sizeof(ArrayHeader));
data/libpinyin-2.3.0/src/storage/ngram_bdb.cpp:54:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = m_db->open(m_db, NULL, NULL, NULL,
data/libpinyin-2.3.0/src/storage/ngram_bdb.cpp:67:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = tmp_db->open(tmp_db, NULL, dbfile, NULL,
data/libpinyin-2.3.0/src/storage/ngram_bdb.cpp:94:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = tmp_db->open(tmp_db, NULL, dbfile, NULL,
data/libpinyin-2.3.0/src/storage/ngram_bdb.cpp:119:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = m_db->open(m_db, NULL, dbfile, NULL,
data/libpinyin-2.3.0/src/storage/ngram_kyotodb.cpp:60:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !m_db->open("-", BasicDB::OREADER|BasicDB::OWRITER|BasicDB::OCREATE) )
data/libpinyin-2.3.0/src/storage/ngram_kyotodb.cpp:65:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tmp_db->open(dbfile, BasicDB::OREADER))
data/libpinyin-2.3.0/src/storage/ngram_kyotodb.cpp:85:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( !tmp_db->open(dbfile, BasicDB::OWRITER|BasicDB::OCREATE) )
data/libpinyin-2.3.0/src/storage/ngram_kyotodb.cpp:107:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return m_db->open(dbfile, mode);
data/libpinyin-2.3.0/src/storage/phrase_index.cpp:521:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pinyin[256];
data/libpinyin-2.3.0/src/storage/phrase_index.cpp:522:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phrase[256];
data/libpinyin-2.3.0/src/storage/phrase_large_table2.cpp:469:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pinyin[256];
data/libpinyin-2.3.0/src/storage/phrase_large_table2.cpp:470:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phrase[256];
data/libpinyin-2.3.0/src/storage/phrase_large_table3.cpp:125:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pinyin[256];
data/libpinyin-2.3.0/src/storage/phrase_large_table3.cpp:126:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phrase[256];
data/libpinyin-2.3.0/src/storage/phrase_large_table3_bdb.cpp:33:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = m_db->open(m_db, NULL, NULL, NULL,
data/libpinyin-2.3.0/src/storage/phrase_large_table3_bdb.cpp:67:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = m_db->open(m_db, NULL, dbfile, NULL,
data/libpinyin-2.3.0/src/storage/phrase_large_table3_bdb.cpp:85:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = m_db->open(m_db, NULL, NULL, NULL,
data/libpinyin-2.3.0/src/storage/phrase_large_table3_bdb.cpp:98:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = tmp_db->open(tmp_db, NULL, filename, NULL,
data/libpinyin-2.3.0/src/storage/phrase_large_table3_bdb.cpp:125:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = tmp_db->open(tmp_db, NULL, new_filename, NULL,
data/libpinyin-2.3.0/src/storage/phrase_large_table3_kyotodb.cpp:34:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert(m_db->open("-", BasicDB::OREADER|BasicDB::OWRITER|BasicDB::OCREATE));
data/libpinyin-2.3.0/src/storage/phrase_large_table3_kyotodb.cpp:67:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return m_db->open(dbfile, mode);
data/libpinyin-2.3.0/src/storage/phrase_large_table3_kyotodb.cpp:80:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!m_db->open("-", BasicDB::OREADER|BasicDB::OWRITER|BasicDB::OCREATE))
data/libpinyin-2.3.0/src/storage/phrase_large_table3_kyotodb.cpp:85:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tmp_db->open(filename, BasicDB::OREADER))
data/libpinyin-2.3.0/src/storage/phrase_large_table3_kyotodb.cpp:103:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!tmp_db->open(new_filename, BasicDB::OWRITER|BasicDB::OCREATE))
data/libpinyin-2.3.0/src/storage/pinyin_parser2.h:57:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * m_new_keys[2];
data/libpinyin-2.3.0/src/storage/pinyin_parser2.h:63:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * m_orig_keys[2];
data/libpinyin-2.3.0/src/storage/pinyin_parser2.h:66:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * m_new_keys[2];
data/libpinyin-2.3.0/src/storage/pinyin_parser2.h:76:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * m_yunmus[2];
data/libpinyin-2.3.0/src/storage/table_info.cpp:144:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(str);
data/libpinyin-2.3.0/src/storage/table_info.cpp:170:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * input = fopen(filename, "r");
data/libpinyin-2.3.0/src/storage/table_info.cpp:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[256];
data/libpinyin-2.3.0/src/storage/table_info.cpp:216:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tableinfo[256], dictstr[256];
data/libpinyin-2.3.0/src/storage/table_info.cpp:217:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tablefile[256], sysfile[256], userfile[256], filetype[256];
data/libpinyin-2.3.0/src/storage/table_info.cpp:292:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * input = fopen(filename, "r");
data/libpinyin-2.3.0/src/storage/table_info.cpp:329:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * output = fopen(filename, "w");
data/libpinyin-2.3.0/src/storage/zhuyin_table.h:12593:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * chewing_tone_table[CHEWING_NUMBER_OF_TONES] = {
data/libpinyin-2.3.0/tests/tests_helper.h:66:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * tablefile = fopen(filename, "r");
data/libpinyin-2.3.0/utils/segment/mergeseq.cpp:214:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen(outputfile, "w");
data/libpinyin-2.3.0/utils/segment/mergeseq.cpp:227:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[1], "r");
data/libpinyin-2.3.0/utils/segment/ngseg.cpp:120:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen(outputfile, "w");
data/libpinyin-2.3.0/utils/segment/ngseg.cpp:133:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[1], "r");
data/libpinyin-2.3.0/utils/segment/spseg.cpp:215:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen(outputfile, "w");
data/libpinyin-2.3.0/utils/segment/spseg.cpp:228:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input = fopen(argv[1], "r");
data/libpinyin-2.3.0/utils/storage/gen_binary_files.cpp:59:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * tablefile = fopen(filename, "r");
data/libpinyin-2.3.0/utils/storage/gen_pinyin_table.cpp:135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char phrase[1024], pinyin[1024];
data/libpinyin-2.3.0/utils/storage/gen_pinyin_table.cpp:138:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * infile = fopen(filename, "r");
data/libpinyin-2.3.0/utils/storage/gen_pinyin_table.cpp:261:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * outfile = fopen(outputfile, "w");
data/libpinyin-2.3.0/utils/storage/gen_zhuyin_table.cpp:139:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * infile = fopen(filename, "r");
data/libpinyin-2.3.0/utils/storage/gen_zhuyin_table.cpp:155:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
guint32 freq = atoi(strs[1]);
data/libpinyin-2.3.0/utils/storage/gen_zhuyin_table.cpp:274:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * outfile = fopen(outputfile, "w");
data/libpinyin-2.3.0/utils/storage/import_interpolation.cpp:146:47: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TAGLIB_GET_TAGVALUE(glong, count, atol);
data/libpinyin-2.3.0/utils/storage/import_interpolation.cpp:188:47: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TAGLIB_GET_TAGVALUE(glong, count, atol);
data/libpinyin-2.3.0/utils/training/eval_correction_rate.cpp:164:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * evals_file = fopen(evals_text, "r");
data/libpinyin-2.3.0/utils/training/gen_k_mixture_model.cpp:359:27: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * document = fopen(filename, "r");
data/libpinyin-2.3.0/utils/training/import_k_mixture_model.cpp:96:39: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TAGLIB_GET_TAGVALUE(glong, count, atol);
data/libpinyin-2.3.0/utils/training/import_k_mixture_model.cpp:97:35: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TAGLIB_GET_TAGVALUE(glong, N, atol);
data/libpinyin-2.3.0/utils/training/import_k_mixture_model.cpp:98:44: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TAGLIB_GET_TAGVALUE(glong, total_freq, atol);
data/libpinyin-2.3.0/utils/training/import_k_mixture_model.cpp:159:47: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TAGLIB_GET_TAGVALUE(glong, count, atol);
data/libpinyin-2.3.0/utils/training/import_k_mixture_model.cpp:160:46: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TAGLIB_GET_TAGVALUE(glong, freq, atol);
data/libpinyin-2.3.0/utils/training/import_k_mixture_model.cpp:208:47: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TAGLIB_GET_TAGVALUE(glong, count, atol);
data/libpinyin-2.3.0/utils/training/import_k_mixture_model.cpp:209:43: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TAGLIB_GET_TAGVALUE(glong, T, atol);
data/libpinyin-2.3.0/utils/training/import_k_mixture_model.cpp:211:47: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TAGLIB_GET_TAGVALUE(glong, N_n_0, atol);
data/libpinyin-2.3.0/utils/training/import_k_mixture_model.cpp:212:45: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TAGLIB_GET_TAGVALUE(glong, n_1, atol);
data/libpinyin-2.3.0/utils/training/import_k_mixture_model.cpp:213:44: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TAGLIB_GET_TAGVALUE(glong, Mr, atol);
data/libpinyin-2.3.0/utils/training/k_mixture_model_to_interpolation.cpp:134:46: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TAGLIB_GET_TAGVALUE(glong, freq, atol);
data/libpinyin-2.3.0/utils/training/k_mixture_model_to_interpolation.cpp:173:47: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TAGLIB_GET_TAGVALUE(glong, count, atol);
data/libpinyin-2.3.0/utils/utils_helper.h:31:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
var = atoi(string); \
data/libpinyin-2.3.0/utils/utils_helper.h:60:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
phrase_token_t _token = atoi(strs[0]); \
data/libpinyin-2.3.0/src/include/memory_chunk.h:398:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t ret_len = read(fd, &length, sizeof(guint32));
data/libpinyin-2.3.0/src/include/memory_chunk.h:402:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret_len = read(fd, &checksum, sizeof(guint32));
data/libpinyin-2.3.0/src/include/memory_chunk.h:417:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data_len = read(fd, data, data_len);
data/libpinyin-2.3.0/src/include/memory_chunk.h:457:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t ret_len = read(fd, &length, sizeof(guint32));
data/libpinyin-2.3.0/src/include/memory_chunk.h:461:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret_len = read(fd, &checksum, sizeof(guint32));
data/libpinyin-2.3.0/src/pinyin.cpp:598:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser.parse(options, keys, key_rests, pinyin, strlen(pinyin));
data/libpinyin-2.3.0/src/pinyin.cpp:1211:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pinyin_len = strlen(onepinyin);
data/libpinyin-2.3.0/src/pinyin.cpp:1229:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_rests, pinyins, strlen(pinyins));
data/libpinyin-2.3.0/src/pinyin.cpp:1252:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pinyin_len = strlen(onepinyin);
data/libpinyin-2.3.0/src/pinyin.cpp:1270:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_rests, pinyins, strlen(pinyins));
data/libpinyin-2.3.0/src/pinyin.cpp:1292:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int chewing_len = strlen(onechewing);
data/libpinyin-2.3.0/src/pinyin.cpp:1313:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_rests, chewings, strlen(chewings));
data/libpinyin-2.3.0/src/storage/chewing_large_table.cpp:672:19: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
int num = fscanf(infile, "%255s %255s %u %ld",
data/libpinyin-2.3.0/src/storage/chewing_large_table.cpp:693:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser.parse(options, keys, key_rests, pinyin, strlen(pinyin));
data/libpinyin-2.3.0/src/storage/chewing_large_table.cpp:700:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser.parse(options, keys, key_rests, pinyin, strlen(pinyin));
data/libpinyin-2.3.0/src/storage/chewing_large_table2.cpp:118:19: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
int num = fscanf(infile, "%255s %255s %u %ld",
data/libpinyin-2.3.0/src/storage/chewing_large_table2.cpp:139:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser.parse(options, keys, key_rests, pinyin, strlen(pinyin));
data/libpinyin-2.3.0/src/storage/chewing_large_table2.cpp:146:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser.parse(options, keys, key_rests, pinyin, strlen(pinyin));
data/libpinyin-2.3.0/src/storage/phonetic_key_matrix.cpp:145:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t newindex = index + strlen(item->m_new_keys[0]);
data/libpinyin-2.3.0/src/storage/phonetic_key_matrix.cpp:206:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t newindex = index + strlen(item->m_new_keys[0]);
data/libpinyin-2.3.0/src/storage/phrase_index.cpp:530:19: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
int num = fscanf(infile, "%255s %255s %u %ld",
data/libpinyin-2.3.0/src/storage/phrase_index.cpp:566:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser.parse(options, keys, key_rests, pinyin, strlen(pinyin));
data/libpinyin-2.3.0/src/storage/phrase_index.cpp:573:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser.parse(options, keys, key_rests, pinyin, strlen(pinyin));
data/libpinyin-2.3.0/src/storage/phrase_large_table2.cpp:475:19: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
int num = fscanf(infile, "%255s %255s %u %ld",
data/libpinyin-2.3.0/src/storage/phrase_large_table3.cpp:131:19: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
int num = fscanf(infile, "%255s %255s %u %ld",
data/libpinyin-2.3.0/src/storage/table_info.cpp:199:11: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
num = fscanf(input, "source table format:%255s", str);
data/libpinyin-2.3.0/src/storage/table_info.cpp:219:15: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
num = fscanf(input, "%255s %255s %255s %255s %255s %255s\n",
data/libpinyin-2.3.0/src/storage/zhuyin_parser2.cpp:670:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 != strlen(final))
data/libpinyin-2.3.0/src/storage/zhuyin_parser2.cpp:879:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len -= strlen(buffer);
data/libpinyin-2.3.0/src/zhuyin.cpp:523:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser.parse(options, keys, key_rests, pinyin, strlen(pinyin));
data/libpinyin-2.3.0/src/zhuyin.cpp:1010:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pinyin_len = strlen(onepinyin);
data/libpinyin-2.3.0/src/zhuyin.cpp:1031:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_rests, pinyins, strlen(pinyins));
data/libpinyin-2.3.0/src/zhuyin.cpp:1050:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int chewing_len = strlen(onechewing);
data/libpinyin-2.3.0/src/zhuyin.cpp:1068:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_rests, chewings, strlen(chewings));
data/libpinyin-2.3.0/tests/lookup/test_phrase_lookup.cpp:94:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read;
data/libpinyin-2.3.0/tests/lookup/test_phrase_lookup.cpp:96:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == linebuf[strlen(linebuf) - 1] ) {
data/libpinyin-2.3.0/tests/lookup/test_phrase_lookup.cpp:97:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/tests/lookup/test_pinyin_lookup.cpp:73:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char* linebuf = NULL; size_t size = 0; ssize_t read;
data/libpinyin-2.3.0/tests/lookup/test_pinyin_lookup.cpp:75:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == linebuf[strlen(linebuf) - 1] ) {
data/libpinyin-2.3.0/tests/lookup/test_pinyin_lookup.cpp:76:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/tests/lookup/test_pinyin_lookup.cpp:87:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf, strlen(linebuf));
data/libpinyin-2.3.0/tests/storage/test_chewing_table.cpp:59:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char* linebuf = NULL; size_t size = 0; ssize_t read;
data/libpinyin-2.3.0/tests/storage/test_chewing_table.cpp:61:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == linebuf[strlen(linebuf) - 1] ) {
data/libpinyin-2.3.0/tests/storage/test_chewing_table.cpp:62:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/tests/storage/test_chewing_table.cpp:73:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser.parse(options, keys, key_rests, linebuf, strlen(linebuf));
data/libpinyin-2.3.0/tests/storage/test_matrix.cpp:113:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char* linebuf = NULL; size_t size = 0; ssize_t read;
data/libpinyin-2.3.0/tests/storage/test_matrix.cpp:115:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == linebuf[strlen(linebuf) - 1] ) {
data/libpinyin-2.3.0/tests/storage/test_matrix.cpp:116:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/tests/storage/test_matrix.cpp:128:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf, strlen(linebuf));
data/libpinyin-2.3.0/tests/storage/test_parser2.cpp:96:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char* linebuf = NULL; size_t size = 0; ssize_t read;
data/libpinyin-2.3.0/tests/storage/test_parser2.cpp:98:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == linebuf[strlen(linebuf) - 1] ) {
data/libpinyin-2.3.0/tests/storage/test_parser2.cpp:99:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/tests/storage/test_parser2.cpp:108:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf, strlen(linebuf));
data/libpinyin-2.3.0/tests/storage/test_parser2.cpp:121:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf, strlen(linebuf));
data/libpinyin-2.3.0/tests/storage/test_phrase_table.cpp:38:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char* linebuf = NULL; size_t size = 0; ssize_t read;
data/libpinyin-2.3.0/tests/storage/test_phrase_table.cpp:40:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == linebuf[strlen(linebuf) - 1] ) {
data/libpinyin-2.3.0/tests/storage/test_phrase_table.cpp:41:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/tests/test_chewing.cpp:39:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read;
data/libpinyin-2.3.0/tests/test_chewing.cpp:41:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == linebuf[strlen(linebuf) - 1] ) {
data/libpinyin-2.3.0/tests/test_chewing.cpp:42:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/tests/test_phrase.cpp:39:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read;
data/libpinyin-2.3.0/tests/test_phrase.cpp:41:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == linebuf[strlen(linebuf) - 1] ) {
data/libpinyin-2.3.0/tests/test_phrase.cpp:42:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/tests/test_pinyin.cpp:44:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read;
data/libpinyin-2.3.0/tests/test_pinyin.cpp:53:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == prefixbuf[strlen(prefixbuf) - 1] ) {
data/libpinyin-2.3.0/tests/test_pinyin.cpp:54:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefixbuf[strlen(prefixbuf) - 1] = '\0';
data/libpinyin-2.3.0/tests/test_pinyin.cpp:63:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == linebuf[strlen(linebuf) - 1] ) {
data/libpinyin-2.3.0/tests/test_pinyin.cpp:64:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/tests/test_zhuyin.cpp:39:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read;
data/libpinyin-2.3.0/tests/test_zhuyin.cpp:41:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == linebuf[strlen(linebuf) - 1] ) {
data/libpinyin-2.3.0/tests/test_zhuyin.cpp:42:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/utils/segment/mergeseq.cpp:136:61: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gchar * utf8_str = g_ucs4_to_utf8(ucs4_str, token_len, &read, NULL, NULL);
data/libpinyin-2.3.0/utils/segment/mergeseq.cpp:258:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char * linebuf = NULL; size_t size = 0; ssize_t read;
data/libpinyin-2.3.0/utils/segment/mergeseq.cpp:260:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == linebuf[strlen(linebuf) - 1] ) {
data/libpinyin-2.3.0/utils/segment/mergeseq.cpp:261:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/utils/segment/mergeseq.cpp:264:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strlen(linebuf))
data/libpinyin-2.3.0/utils/segment/ngseg.cpp:182:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char * linebuf = NULL; size_t size = 0; ssize_t read;
data/libpinyin-2.3.0/utils/segment/ngseg.cpp:184:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == linebuf[strlen(linebuf) - 1] ) {
data/libpinyin-2.3.0/utils/segment/ngseg.cpp:185:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/utils/segment/spseg.cpp:263:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char * linebuf = NULL; size_t size = 0; ssize_t read;
data/libpinyin-2.3.0/utils/segment/spseg.cpp:265:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == linebuf[strlen(linebuf) - 1] ) {
data/libpinyin-2.3.0/utils/segment/spseg.cpp:266:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/utils/storage/gen_pinyin_table.cpp:145:19: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
int num = fscanf(infile, "%1023s %1023s %u",
data/libpinyin-2.3.0/utils/storage/gen_pinyin_table.cpp:182:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser.parse(options, keys, key_rests, pinyin, strlen(pinyin));
data/libpinyin-2.3.0/utils/storage/gen_zhuyin_table.cpp:145:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char * linebuf = NULL; size_t size = 0; ssize_t read;
data/libpinyin-2.3.0/utils/storage/gen_zhuyin_table.cpp:147:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == linebuf[strlen(linebuf) - 1] ) {
data/libpinyin-2.3.0/utils/storage/gen_zhuyin_table.cpp:148:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/utils/storage/gen_zhuyin_table.cpp:195:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
parser.parse(options, keys, key_rests, pinyin, strlen(pinyin));
data/libpinyin-2.3.0/utils/storage/import_interpolation.cpp:71:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == linebuf[strlen(linebuf) - 1] ) {
data/libpinyin-2.3.0/utils/storage/import_interpolation.cpp:72:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/utils/training/eval_correction_rate.cpp:179:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == linebuf[strlen(linebuf) - 1] ) {
data/libpinyin-2.3.0/utils/training/eval_correction_rate.cpp:180:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/utils/training/gen_deleted_ngram.cpp:82:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == linebuf[strlen(linebuf) - 1] ) {
data/libpinyin-2.3.0/utils/training/gen_deleted_ngram.cpp:83:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/utils/training/gen_k_mixture_model.cpp:76:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == linebuf[strlen(linebuf) - 1] ) {
data/libpinyin-2.3.0/utils/training/gen_k_mixture_model.cpp:77:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/utils/training/gen_ngram.cpp:83:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == linebuf[strlen(linebuf) - 1] ) {
data/libpinyin-2.3.0/utils/training/gen_ngram.cpp:84:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/utils/training/import_k_mixture_model.cpp:72:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( '\n' == linebuf[strlen(linebuf) - 1] ) {
data/libpinyin-2.3.0/utils/training/import_k_mixture_model.cpp:73:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/utils/training/k_mixture_model_to_interpolation.cpp:55:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linebuf[strlen(linebuf) - 1] = '\0';
data/libpinyin-2.3.0/utils/utils_helper.h:53:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strlen(line)) \
ANALYSIS SUMMARY:
Hits = 225
Lines analyzed = 52674 in approximately 1.35 seconds (39144 lines/second)
Physical Source Lines of Code (SLOC) = 38304
Hits@level = [0] 298 [1] 102 [2] 101 [3] 0 [4] 22 [5] 0
Hits@level+ = [0+] 523 [1+] 225 [2+] 123 [3+] 22 [4+] 22 [5+] 0
Hits/KSLOC@level+ = [0+] 13.6539 [1+] 5.87406 [2+] 3.21115 [3+] 0.574353 [4+] 0.574353 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.