Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/log4cxx-0.11.0/src/test/cpp/util/absolutedateandtimefilter.h
Examining data/log4cxx-0.11.0/src/test/cpp/util/filenamefilter.h
Examining data/log4cxx-0.11.0/src/test/cpp/util/compare.h
Examining data/log4cxx-0.11.0/src/test/cpp/util/transformer.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/util/linenumberfilter.h
Examining data/log4cxx-0.11.0/src/test/cpp/util/controlfilter.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/util/xmltimestampfilter.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/util/transformer.h
Examining data/log4cxx-0.11.0/src/test/cpp/util/absolutedateandtimefilter.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/util/controlfilter.h
Examining data/log4cxx-0.11.0/src/test/cpp/util/xmlthreadfilter.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/util/binarycompare.h
Examining data/log4cxx-0.11.0/src/test/cpp/util/threadfilter.h
Examining data/log4cxx-0.11.0/src/test/cpp/util/relativetimefilter.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/util/filenamefilter.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/util/relativetimefilter.h
Examining data/log4cxx-0.11.0/src/test/cpp/util/serializationtesthelper.h
Examining data/log4cxx-0.11.0/src/test/cpp/util/linenumberfilter.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/util/filter.h
Examining data/log4cxx-0.11.0/src/test/cpp/util/xmltimestampfilter.h
Examining data/log4cxx-0.11.0/src/test/cpp/util/serializationtesthelper.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/util/iso8601filter.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/util/xmlfilenamefilter.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/util/absolutetimefilter.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/util/absolutetimefilter.h
Examining data/log4cxx-0.11.0/src/test/cpp/util/xmlthreadfilter.h
Examining data/log4cxx-0.11.0/src/test/cpp/util/xmllineattributefilter.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/util/utilfilter.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/util/compare.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/util/iso8601filter.h
Examining data/log4cxx-0.11.0/src/test/cpp/util/xmllineattributefilter.h
Examining data/log4cxx-0.11.0/src/test/cpp/util/binarycompare.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/util/threadfilter.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/util/xmlfilenamefilter.h
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/stringhelpertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/propertiestestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/transcodertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/messagebuffertest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/syslogwritertest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/cacheddateformattestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/charsetdecodertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/timezonetestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/localechanger.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/absolutetimedateformattestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/inetaddresstestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/localechanger.h
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/charsetencodertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/stringtokenizertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/cyclicbuffertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/filewatchdogtest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/threadtestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/datetimedateformattestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/relativetimedateformattestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/optionconvertertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/helpers/iso8601dateformattestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/nt/nteventlogappendertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/spi/loggingeventtest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/customlogger/xlogger.h
Examining data/log4cxx-0.11.0/src/test/cpp/customlogger/xlogger.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/customlogger/xloggertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/defaultinit/testcase3.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/defaultinit/testcase2.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/defaultinit/testcase4.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/defaultinit/testcase1.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/net/socketappendertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/net/telnetappendertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/net/socketservertestcase.h
Examining data/log4cxx-0.11.0/src/test/cpp/net/socketservertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/net/smtpappendertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/net/xmlsocketappendertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/net/socketserverstarter.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/net/syslogappendertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/net/sockethubappendertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/filter/loggermatchfiltertest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/filter/levelrangefiltertest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/filter/levelmatchfiltertest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/filter/mapfiltertest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/filter/stringmatchfiltertest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/filter/denyallfiltertest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/filter/andfiltertest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/db/odbcappendertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/xml/xmllayouttest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/xml/xlevel.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/xml/xmllayouttestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/xml/customleveltestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/xml/xlevel.h
Examining data/log4cxx-0.11.0/src/test/cpp/xml/domtestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/rolling/filterbasedrollingtest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/rolling/obsoletedailyrollingfileappendertest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/rolling/manualrollingtest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/rolling/timebasedrollingtest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/rolling/filenamepatterntestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/rolling/obsoleterollingfileappendertest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/rolling/sizebasedrollingtest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/varia/levelmatchfiltertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/varia/errorhandlertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/varia/levelrangefiltertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/pattern/num343patternconverter.h
Examining data/log4cxx-0.11.0/src/test/cpp/pattern/patternparsertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/pattern/num343patternconverter.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/mdctestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/hierarchytest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/abts.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/leveltestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/insertwide.h
Examining data/log4cxx-0.11.0/src/test/cpp/testutil.h
Examining data/log4cxx-0.11.0/src/test/cpp/encodingtest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/consoleappendertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/l7dtestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/logunit.h
Examining data/log4cxx-0.11.0/src/test/cpp/fileappendertestcase.h
Examining data/log4cxx-0.11.0/src/test/cpp/ndctestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/appenderskeletontestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/logunit.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/patternlayouttest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/vectorappender.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/fileappendertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/appenderskeletontestcase.h
Examining data/log4cxx-0.11.0/src/test/cpp/propertyconfiguratortest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/streamtestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/minimumtestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/testchar.h
Examining data/log4cxx-0.11.0/src/test/cpp/jsonlayouttest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/writerappendertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/rollingfileappendertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/filetestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/asyncappendertestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/abts_tests.h
Examining data/log4cxx-0.11.0/src/test/cpp/fileappendertest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/vectorappender.h
Examining data/log4cxx-0.11.0/src/test/cpp/writerappendertestcase.h
Examining data/log4cxx-0.11.0/src/test/cpp/decodingtest.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/abts.h
Examining data/log4cxx-0.11.0/src/test/cpp/hierarchythresholdtestcase.cpp
Examining data/log4cxx-0.11.0/src/test/cpp/loggertestcase.cpp
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/timezone.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/stringtokenizer.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/objectoutputstream.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/propertyresourcebundle.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/messagebuffer.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/xml.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/fileoutputstream.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/datagramsocket.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/bytearrayoutputstream.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/datetimedateformat.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/classregistration.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/strftimedateformat.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/mutex.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/systemerrwriter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/properties.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/strictmath.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/outputstreamwriter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/writer.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/filewatchdog.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/cyclicbuffer.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/resourcebundle.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/system.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/datelayout.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/datagrampacket.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/class.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/condition.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/outputstream.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/simpledateformat.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/exception.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/bytearrayinputstream.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/aprinitializer.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/onlyonceerrorhandler.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/threadspecificdata.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/object.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/bufferedwriter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/serversocket.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/fileinputstream.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/bytebuffer.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/charsetdecoder.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/absolutetimedateformat.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/transcoder.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/locale.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/relativetimedateformat.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/loader.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/socketoutputstream.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/inputstream.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/objectimpl.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/inetaddress.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/integer.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/dateformat.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/tchar.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/iso8601dateformat.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/cacheddateformat.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/bufferedoutputstream.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/systemoutwriter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/charsetencoder.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/socket.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/reader.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/objectptr.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/inputstreamreader.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/optionconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/transform.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/stringhelper.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/thread.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/date.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/syslogwriter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/loglog.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/synchronized.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/pool.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/threadlocal.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/appenderattachableimpl.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/nt/nteventlogappender.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/nt/outputdebugstringappender.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/location/locationinfo.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/loggingevent.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/configurator.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/defaultrepositoryselector.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/repositoryselector.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/hierarchyeventlistener.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/optionhandler.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/rootlogger.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/triggeringeventevaluator.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/appenderattachable.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/loggerrepository.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/filter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/loggerfactory.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/errorhandler.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/net/smtpappender.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/net/socketappender.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/net/sockethubappender.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/net/telnetappender.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/net/syslogappender.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/net/socketappenderskeleton.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/net/xmlsocketappender.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/filter/levelrangefilter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/filter/levelmatchfilter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/filter/locationinfofilter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/filter/loggermatchfilter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/filter/denyallfilter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/filter/andfilter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/filter/stringmatchfilter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/filter/propertyfilter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/filter/mapfilter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/filter/expressionfilter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/db/odbcappender.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/config/propertysetter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/xml/domconfigurator.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/xml/xmllayout.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/filerenameaction.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/zipcompressaction.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/timebasedrollingpolicy.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/rollingfileappenderskeleton.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/manualtriggeringpolicy.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/rollingfileappender.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/action.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/gzcompressaction.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/rollingpolicy.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/rollingpolicybase.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/fixedwindowrollingpolicy.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/filterbasedtriggeringpolicy.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/triggeringpolicy.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/rolloverdescription.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/sizebasedtriggeringpolicy.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/varia/fallbackerrorhandler.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/threadpatternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/linelocationpatternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/propertiespatternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/throwableinformationpatternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/ndcpatternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/datepatternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/lineseparatorpatternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/namepatternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/classnamepatternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/filelocationpatternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/relativetimepatternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/methodlocationpatternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/messagepatternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/literalpatternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/integerpatternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/patternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/loggingeventpatternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/fulllocationpatternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/loggerpatternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/formattinginfo.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/nameabbreviator.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/patternparser.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/filedatepatternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/levelpatternconverter.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/asyncappender.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/writerappender.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/portability.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/ndc.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/file.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/defaultconfigurator.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/ttcclayout.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rollingfileappender.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/appenderskeleton.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/logmanager.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/layout.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/propertyconfigurator.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/provisionnode.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/dailyrollingfileappender.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/htmllayout.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/consoleappender.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/fileappender.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/mdc.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/jsonlayout.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/defaultloggerfactory.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/logger.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/logstring.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/patternlayout.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/appender.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/basicconfigurator.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/level.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/stream.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/simplelayout.h
Examining data/log4cxx-0.11.0/src/main/include/log4cxx/hierarchy.h
Examining data/log4cxx-0.11.0/src/main/cpp/syslogappender.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/consoleappender.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/socketoutputstream.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/rollingfileappender.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/bytearrayoutputstream.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/locationinfo.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/datepatternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/literalpatternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/xmlsocketappender.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/propertyconfigurator.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/filterbasedtriggeringpolicy.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/loggingevent.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/fileoutputstream.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/filewatchdog.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/resourcebundle.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/exception.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/bytearrayinputstream.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/loader.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/loggingeventpatternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/rolloverdescription.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/socket.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/rollingpolicybase.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/dailyrollingfileappender.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/sockethubappender.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/outputstreamwriter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/outputstream.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/obsoleterollingfileappender.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/triggeringpolicy.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/timezone.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/zipcompressaction.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/outputdebugstringappender.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/defaultloggerfactory.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/socketappenderskeleton.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/serversocket.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/defaultconfigurator.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/jsonlayout.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/loglog.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/cyclicbuffer.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/systemerrwriter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/asyncappender.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/loggermatchfilter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/threadcxx.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/nteventlogappender.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/hierarchy.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/threadlocal.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/stringhelper.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/gzcompressaction.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/bufferedwriter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/ndc.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/charsetencoder.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/objectimpl.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/telnetappender.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/messagepatternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/onlyonceerrorhandler.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/threadpatternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/fileappender.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/cacheddateformat.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/filter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/mutex.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/datagramsocket.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/datagrampacket.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/levelpatternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/messagebuffer.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/level.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/appenderskeleton.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/lineseparatorpatternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/patternlayout.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/smtpappender.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/systemoutwriter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/ndcpatternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/objectoutputstream.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/asyncappender_nonblocking.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/pool.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/optionconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/syslogwriter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/threadspecificdata.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/inetaddress.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/patternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/manualtriggeringpolicy.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/patternparser.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/fileinputstream.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/action.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/fulllocationpatternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/condition.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/mapfilter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/filedatepatternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/strftimedateformat.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/objectptr.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/levelrangefilter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/logstream.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/filerenameaction.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/nameabbreviator.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/throwableinformationpatternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/dateformat.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/appenderattachableimpl.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/defaultrepositoryselector.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/integerpatternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/reader.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/htmllayout.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/propertysetter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/simpledateformat.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/aprinitializer.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/levelmatchfilter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/fixedwindowrollingpolicy.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/propertiespatternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/charsetdecoder.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/relativetimedateformat.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/logger.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/transform.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/inputstream.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/stringmatchfilter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/andfilter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/writer.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/class.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/transcoder.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/propertyresourcebundle.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/loggerpatternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/xmllayout.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/integer.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/timebasedrollingpolicy.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/logmanager.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/relativetimepatternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/sizebasedtriggeringpolicy.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/system.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/properties.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/namepatternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/filelocationpatternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/synchronized.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/stringtokenizer.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/formattinginfo.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/rollingpolicy.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/ttcclayout.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/mdc.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/layout.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/classnamepatternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/methodlocationpatternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/configurator.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/odbcappender.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/bytebuffer.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/fallbackerrorhandler.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/rootlogger.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/writerappender.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/datelayout.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/file.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/simplelayout.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/socketappender.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/linelocationpatternconverter.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/classregistration.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/inputstreamreader.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/locale.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/domconfigurator.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/basicconfigurator.cpp
Examining data/log4cxx-0.11.0/src/main/cpp/date.cpp
Examining data/log4cxx-0.11.0/src/examples/cpp/stream.cpp
Examining data/log4cxx-0.11.0/src/examples/cpp/trivial.cpp
Examining data/log4cxx-0.11.0/src/examples/cpp/console.cpp
Examining data/log4cxx-0.11.0/src/examples/cpp/delayedloop.cpp
FINAL RESULTS:
data/log4cxx-0.11.0/src/main/cpp/exception.cpp:64:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msg, src.msg);
data/log4cxx-0.11.0/src/main/cpp/exception.cpp:73:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msg, src.msg);
data/log4cxx-0.11.0/src/test/cpp/abts.cpp:271:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, args);
data/log4cxx-0.11.0/src/main/cpp/bytearrayinputstream.cpp:57:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst.current(), &buf[pos], bytesCopied);
data/log4cxx-0.11.0/src/main/cpp/bytearrayoutputstream.cpp:49:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&array[sz], buf.current(), buf.remaining());
data/log4cxx-0.11.0/src/main/cpp/charsetdecoder.cpp:169:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buf[BUFSIZE];
data/log4cxx-0.11.0/src/main/cpp/charsetencoder.cpp:154:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t buf[BUFSIZE];
data/log4cxx-0.11.0/src/main/cpp/charsetencoder.cpp:168:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,
data/log4cxx-0.11.0/src/main/cpp/charsetencoder.cpp:327:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out.current(),
data/log4cxx-0.11.0/src/main/cpp/domconfigurator.cpp:793:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log4cxx_status_t rv = filename.open(&fd, APR_READ, APR_OS_DEFAULT, p);
data/log4cxx-0.11.0/src/main/cpp/domconfigurator.cpp:810:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[2000];
data/log4cxx-0.11.0/src/main/cpp/domconfigurator.cpp:811:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbufXML[2000];
data/log4cxx-0.11.0/src/main/cpp/exception.cpp:43:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg, m.data(), len);
data/log4cxx-0.11.0/src/main/cpp/file.cpp:162:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log4cxx_status_t File::open(apr_file_t** file, int flags,
data/log4cxx-0.11.0/src/main/cpp/fileinputstream.cpp:36:2: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(filename);
data/log4cxx-0.11.0/src/main/cpp/fileinputstream.cpp:42:2: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(fn);
data/log4cxx-0.11.0/src/main/cpp/fileinputstream.cpp:46:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void FileInputStream::open(const LogString& filename)
data/log4cxx-0.11.0/src/main/cpp/fileinputstream.cpp:50:47: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
apr_status_t stat = File().setPath(filename).open(&fileptr, flags, perm, pool);
data/log4cxx-0.11.0/src/main/cpp/fileinputstream.cpp:63:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
apr_status_t stat = aFile.open(&fileptr, flags, perm, pool);
data/log4cxx-0.11.0/src/main/cpp/fileoutputstream.cpp:35:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool append) : pool(), fileptr(open(filename, append, pool))
data/log4cxx-0.11.0/src/main/cpp/fileoutputstream.cpp:40:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool append) : pool(), fileptr(open(filename, append, pool))
data/log4cxx-0.11.0/src/main/cpp/fileoutputstream.cpp:44:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
apr_file_t* FileOutputStream::open(const LogString& filename,
data/log4cxx-0.11.0/src/main/cpp/fileoutputstream.cpp:62:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
apr_status_t stat = fn.open(&fileptr, flags, perm, pool);
data/log4cxx-0.11.0/src/main/cpp/gzcompressaction.cpp:70:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stat = destination.open(&child_out, flags, APR_OS_DEFAULT, p);
data/log4cxx-0.11.0/src/main/cpp/loggingevent.cpp:226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[20];
data/log4cxx-0.11.0/src/main/cpp/loggingevent.cpp:232:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[sizeof(apr_os_thread_t) * 3 + 10];
data/log4cxx-0.11.0/src/main/cpp/messagebuffer.cpp:51:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
thread_local static char ossBuf[8192];
data/log4cxx-0.11.0/src/main/cpp/messagebuffer.cpp:222:23: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
thread_local static wchar_t ossBuf[8192];
data/log4cxx-0.11.0/src/main/cpp/nteventlogappender.cpp:239:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t modpath[_MAX_PATH];
data/log4cxx-0.11.0/src/main/cpp/objectoutputstream.cpp:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[2];
data/log4cxx-0.11.0/src/main/cpp/objectoutputstream.cpp:120:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[4];
data/log4cxx-0.11.0/src/main/cpp/objectoutputstream.cpp:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[3];
data/log4cxx-0.11.0/src/main/cpp/objectoutputstream.cpp:166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[4];
data/log4cxx-0.11.0/src/main/cpp/objectoutputstream.cpp:179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[8];
data/log4cxx-0.11.0/src/main/cpp/objectoutputstream.cpp:215:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[6];
data/log4cxx-0.11.0/src/main/cpp/optionconverter.cpp:124:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (int) atol(cvalue.c_str());
data/log4cxx-0.11.0/src/main/cpp/outputstreamwriter.cpp:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rawbuf[BUFSIZE];
data/log4cxx-0.11.0/src/main/cpp/rollingfileappender.cpp:211:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szDirName[MAX_FILE_LEN] = {'\0'};
data/log4cxx-0.11.0/src/main/cpp/rollingfileappender.cpp:212:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBaseName[MAX_FILE_LEN] = {'\0'};
data/log4cxx-0.11.0/src/main/cpp/rollingfileappender.cpp:213:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szUid[MAX_FILE_LEN] = {'\0'};
data/log4cxx-0.11.0/src/main/cpp/rollingfileappender.cpp:214:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szDirName, fileName.c_str(), fileName.size() > MAX_FILE_LEN ? MAX_FILE_LEN : fileName.size());
data/log4cxx-0.11.0/src/main/cpp/rollingfileappender.cpp:215:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szBaseName, fileName.c_str(), fileName.size() > MAX_FILE_LEN ? MAX_FILE_LEN : fileName.size());
data/log4cxx-0.11.0/src/main/cpp/simpledateformat.cpp:169:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/log4cxx-0.11.0/src/main/cpp/socketoutputstream.cpp:62:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&array[sz], buf.current(), buf.remaining());
data/log4cxx-0.11.0/src/main/cpp/strftimedateformat.cpp:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[bufSize];
data/log4cxx-0.11.0/src/main/cpp/stringhelper.cpp:124:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(as.c_str());
data/log4cxx-0.11.0/src/main/cpp/timebasedrollingpolicy.cpp:86:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_mmap->mm, std::string(lastFileName).c_str(), std::string(lastFileName).size());
data/log4cxx-0.11.0/src/main/cpp/timebasedrollingpolicy.cpp:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szUid[MAX_FILE_LEN] = {'\0'};
data/log4cxx-0.11.0/src/main/cpp/timebasedrollingpolicy.cpp:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBaseName[MAX_FILE_LEN] = {'\0'};
data/log4cxx-0.11.0/src/main/cpp/timebasedrollingpolicy.cpp:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szDirName[MAX_FILE_LEN] = {'\0'};
data/log4cxx-0.11.0/src/main/cpp/timebasedrollingpolicy.cpp:96:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szDirName, fileName.c_str(), fileName.size() > MAX_FILE_LEN ? MAX_FILE_LEN : fileName.size());
data/log4cxx-0.11.0/src/main/cpp/timebasedrollingpolicy.cpp:97:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szBaseName, fileName.c_str(), fileName.size() > MAX_FILE_LEN ? MAX_FILE_LEN : fileName.size());
data/log4cxx-0.11.0/src/main/cpp/timebasedrollingpolicy.cpp:387:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_mmap->mm, std::string(newFileName).c_str(), std::string(newFileName).size());
data/log4cxx-0.11.0/src/main/cpp/timezone.cpp:127:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tzName[MAX_TZ_LENGTH];
data/log4cxx-0.11.0/src/main/cpp/transcoder.cpp:307:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[8];
data/log4cxx-0.11.0/src/main/cpp/transcoder.cpp:388:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/log4cxx-0.11.0/src/main/cpp/transcoder.cpp:539:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, tmp.data(), tmp.length() * sizeof(wchar_t));
data/log4cxx-0.11.0/src/main/include/log4cxx/file.h:147:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log4cxx_status_t open(apr_file_t** file, int flags,
data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/exception.h:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MSG_SIZE + 1];
data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/fileinputstream.h:88:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const LogString&);
data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/fileoutputstream.h:65:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
static apr_file_t* open(const LogString& fn, bool append,
data/log4cxx-0.11.0/src/test/cpp/abts.cpp:26:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char status[ABTS_STAT_SIZE] = {'|', '/', '-', '|', '\\', '-'};
data/log4cxx-0.11.0/src/test/cpp/abts.cpp:151:34: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
subsuite->name = (const char*) memcpy(calloc(p - suite_name + 1, 1),
data/log4cxx-0.11.0/src/test/cpp/helpers/charsetdecodertestcase.cpp:63:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE + 6];
data/log4cxx-0.11.0/src/test/cpp/helpers/charsetdecodertestcase.cpp:69:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "Hello");
data/log4cxx-0.11.0/src/test/cpp/helpers/charsetencodertestcase.cpp:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/log4cxx-0.11.0/src/test/cpp/helpers/charsetencodertestcase.cpp:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/log4cxx-0.11.0/src/test/cpp/helpers/charsetencodertestcase.cpp:129:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/log4cxx-0.11.0/src/test/cpp/helpers/charsetencodertestcase.cpp:165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/log4cxx-0.11.0/src/test/cpp/helpers/charsetencodertestcase.cpp:277:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/log4cxx-0.11.0/src/test/cpp/helpers/messagebuffertest.cpp:83:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(part1, "Hello");
data/log4cxx-0.11.0/src/test/cpp/helpers/messagebuffertest.cpp:85:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(part2, ", World");
data/log4cxx-0.11.0/src/test/cpp/helpers/messagebuffertest.cpp:153:3: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(part1, L"Hello");
data/log4cxx-0.11.0/src/test/cpp/helpers/messagebuffertest.cpp:155:3: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(part2, L", World");
data/log4cxx-0.11.0/src/test/cpp/helpers/transcodertestcase.cpp:357:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ascii[0x60];
data/log4cxx-0.11.0/src/test/cpp/rolling/filterbasedrollingtest.cpp:117:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[10];
data/log4cxx-0.11.0/src/test/cpp/rolling/filterbasedrollingtest.cpp:121:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg, "Hello---?");
data/log4cxx-0.11.0/src/test/cpp/rolling/obsoletedailyrollingfileappendertest.cpp:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[11];
data/log4cxx-0.11.0/src/test/cpp/rolling/obsoletedailyrollingfileappendertest.cpp:75:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg, "Hello---??");
data/log4cxx-0.11.0/src/test/cpp/rolling/obsoletedailyrollingfileappendertest.cpp:110:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[11];
data/log4cxx-0.11.0/src/test/cpp/rolling/obsoletedailyrollingfileappendertest.cpp:111:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(msg, "Hello---??");
data/log4cxx-0.11.0/src/test/cpp/util/transformer.cpp:81:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
apr_status_t stat = out.open(&child_out, flags, APR_OS_DEFAULT, p);
data/log4cxx-0.11.0/src/test/cpp/util/transformer.cpp:85:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stat = in.open(&in_file, APR_FOPEN_READ, APR_OS_DEFAULT, p);
data/log4cxx-0.11.0/src/test/cpp/util/transformer.cpp:209:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stat = out.open(&child_out, flags, APR_OS_DEFAULT, p);
data/log4cxx-0.11.0/src/test/cpp/xml/xmllayouttest.cpp:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char backing[3000];
data/log4cxx-0.11.0/src/main/cpp/bytearrayinputstream.cpp:48:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ByteArrayInputStream::read(ByteBuffer& dst)
data/log4cxx-0.11.0/src/main/cpp/domconfigurator.cpp:1105:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ByteBuffer buf((char*) attr->value, strlen(attr->value));
data/log4cxx-0.11.0/src/main/cpp/exception.cpp:53:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(msg, m, MSG_SIZE);
data/log4cxx-0.11.0/src/main/cpp/fileinputstream.cpp:96:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int FileInputStream::read(ByteBuffer& buf)
data/log4cxx-0.11.0/src/main/cpp/inputstreamreader.cpp:64:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
LogString InputStreamReader::read(Pool& p)
data/log4cxx-0.11.0/src/main/cpp/inputstreamreader.cpp:71:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (in->read(buf) >= 0)
data/log4cxx-0.11.0/src/main/cpp/nteventlogappender.cpp:246:23: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(LPBYTE) modpath, wcslen(modpath) * sizeof(wchar_t));
data/log4cxx-0.11.0/src/main/cpp/nteventlogappender.cpp:248:23: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(LPBYTE) modpath, wcslen(modpath) * sizeof(wchar_t));
data/log4cxx-0.11.0/src/main/cpp/properties.cpp:435:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
LogString contents = lineReader->read(pool);
data/log4cxx-0.11.0/src/main/cpp/smtpappender.cpp:336:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len = strlen(pThis->current);
data/log4cxx-0.11.0/src/main/cpp/stringhelper.cpp:173:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dst.append(9 - strlen(lower), 0x30 /* '0' */);
data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/bytearrayinputstream.h:76:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual int read(ByteBuffer& buf);
data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/fileinputstream.h:81:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual int read(ByteBuffer& buf);
data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/inputstream.h:55:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual int read(ByteBuffer& dst) = 0;
data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/inputstreamreader.h:77:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual LogString read(Pool& p);
data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/reader.h:60:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual LogString read(Pool& p) = 0;
data/log4cxx-0.11.0/src/test/cpp/decodingtest.cpp:149:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
lsContent.assign(isReader->read(pool));
data/log4cxx-0.11.0/src/test/cpp/filetestcase.cpp:90:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
LogString contents(inputReader->read(pool));
data/log4cxx-0.11.0/src/test/cpp/filetestcase.cpp:157:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
LogString props(propReader->read(pool));
data/log4cxx-0.11.0/src/test/cpp/filetestcase.cpp:184:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
LogString reply = isr->read(pool);
data/log4cxx-0.11.0/src/test/cpp/helpers/charsetdecodertestcase.cpp:47:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ByteBuffer src(buf, strlen(buf));
data/log4cxx-0.11.0/src/test/cpp/helpers/charsetdecodertestcase.cpp:71:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ByteBuffer src(buf, strlen(buf));
data/log4cxx-0.11.0/src/test/cpp/util/compare.cpp:34:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
LogString in1(reader1->read(pool));
data/log4cxx-0.11.0/src/test/cpp/util/compare.cpp:39:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
LogString in2(reader2->read(pool2));
data/log4cxx-0.11.0/src/test/cpp/util/serializationtesthelper.cpp:61:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int bytesRead = is->read(readBuffer);
ANALYSIS SUMMARY:
Hits = 110
Lines analyzed = 72152 in approximately 1.82 seconds (39648 lines/second)
Physical Source Lines of Code (SLOC) = 41839
Hits@level = [0] 30 [1] 25 [2] 82 [3] 0 [4] 3 [5] 0
Hits@level+ = [0+] 140 [1+] 110 [2+] 85 [3+] 3 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 3.34616 [1+] 2.62913 [2+] 2.0316 [3+] 0.0717034 [4+] 0.0717034 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.