Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/log4cxx-0.11.0/src/test/cpp/util/absolutedateandtimefilter.h Examining data/log4cxx-0.11.0/src/test/cpp/util/filenamefilter.h Examining data/log4cxx-0.11.0/src/test/cpp/util/compare.h Examining data/log4cxx-0.11.0/src/test/cpp/util/transformer.cpp Examining data/log4cxx-0.11.0/src/test/cpp/util/linenumberfilter.h Examining data/log4cxx-0.11.0/src/test/cpp/util/controlfilter.cpp Examining data/log4cxx-0.11.0/src/test/cpp/util/xmltimestampfilter.cpp Examining data/log4cxx-0.11.0/src/test/cpp/util/transformer.h Examining data/log4cxx-0.11.0/src/test/cpp/util/absolutedateandtimefilter.cpp Examining data/log4cxx-0.11.0/src/test/cpp/util/controlfilter.h Examining data/log4cxx-0.11.0/src/test/cpp/util/xmlthreadfilter.cpp Examining data/log4cxx-0.11.0/src/test/cpp/util/binarycompare.h Examining data/log4cxx-0.11.0/src/test/cpp/util/threadfilter.h Examining data/log4cxx-0.11.0/src/test/cpp/util/relativetimefilter.cpp Examining data/log4cxx-0.11.0/src/test/cpp/util/filenamefilter.cpp Examining data/log4cxx-0.11.0/src/test/cpp/util/relativetimefilter.h Examining data/log4cxx-0.11.0/src/test/cpp/util/serializationtesthelper.h Examining data/log4cxx-0.11.0/src/test/cpp/util/linenumberfilter.cpp Examining data/log4cxx-0.11.0/src/test/cpp/util/filter.h Examining data/log4cxx-0.11.0/src/test/cpp/util/xmltimestampfilter.h Examining data/log4cxx-0.11.0/src/test/cpp/util/serializationtesthelper.cpp Examining data/log4cxx-0.11.0/src/test/cpp/util/iso8601filter.cpp Examining data/log4cxx-0.11.0/src/test/cpp/util/xmlfilenamefilter.cpp Examining data/log4cxx-0.11.0/src/test/cpp/util/absolutetimefilter.cpp Examining data/log4cxx-0.11.0/src/test/cpp/util/absolutetimefilter.h Examining data/log4cxx-0.11.0/src/test/cpp/util/xmlthreadfilter.h Examining data/log4cxx-0.11.0/src/test/cpp/util/xmllineattributefilter.cpp Examining data/log4cxx-0.11.0/src/test/cpp/util/utilfilter.cpp Examining data/log4cxx-0.11.0/src/test/cpp/util/compare.cpp Examining data/log4cxx-0.11.0/src/test/cpp/util/iso8601filter.h Examining data/log4cxx-0.11.0/src/test/cpp/util/xmllineattributefilter.h Examining data/log4cxx-0.11.0/src/test/cpp/util/binarycompare.cpp Examining data/log4cxx-0.11.0/src/test/cpp/util/threadfilter.cpp Examining data/log4cxx-0.11.0/src/test/cpp/util/xmlfilenamefilter.h Examining data/log4cxx-0.11.0/src/test/cpp/helpers/stringhelpertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/helpers/propertiestestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/helpers/transcodertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/helpers/messagebuffertest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/helpers/syslogwritertest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/helpers/cacheddateformattestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/helpers/charsetdecodertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/helpers/timezonetestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/helpers/localechanger.cpp Examining data/log4cxx-0.11.0/src/test/cpp/helpers/absolutetimedateformattestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/helpers/inetaddresstestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/helpers/localechanger.h Examining data/log4cxx-0.11.0/src/test/cpp/helpers/charsetencodertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/helpers/stringtokenizertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/helpers/cyclicbuffertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/helpers/filewatchdogtest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/helpers/threadtestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/helpers/datetimedateformattestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/helpers/relativetimedateformattestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/helpers/optionconvertertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/helpers/iso8601dateformattestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/nt/nteventlogappendertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/spi/loggingeventtest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/customlogger/xlogger.h Examining data/log4cxx-0.11.0/src/test/cpp/customlogger/xlogger.cpp Examining data/log4cxx-0.11.0/src/test/cpp/customlogger/xloggertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/defaultinit/testcase3.cpp Examining data/log4cxx-0.11.0/src/test/cpp/defaultinit/testcase2.cpp Examining data/log4cxx-0.11.0/src/test/cpp/defaultinit/testcase4.cpp Examining data/log4cxx-0.11.0/src/test/cpp/defaultinit/testcase1.cpp Examining data/log4cxx-0.11.0/src/test/cpp/net/socketappendertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/net/telnetappendertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/net/socketservertestcase.h Examining data/log4cxx-0.11.0/src/test/cpp/net/socketservertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/net/smtpappendertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/net/xmlsocketappendertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/net/socketserverstarter.cpp Examining data/log4cxx-0.11.0/src/test/cpp/net/syslogappendertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/net/sockethubappendertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/filter/loggermatchfiltertest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/filter/levelrangefiltertest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/filter/levelmatchfiltertest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/filter/mapfiltertest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/filter/stringmatchfiltertest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/filter/denyallfiltertest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/filter/andfiltertest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/db/odbcappendertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/xml/xmllayouttest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/xml/xlevel.cpp Examining data/log4cxx-0.11.0/src/test/cpp/xml/xmllayouttestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/xml/customleveltestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/xml/xlevel.h Examining data/log4cxx-0.11.0/src/test/cpp/xml/domtestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/rolling/filterbasedrollingtest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/rolling/obsoletedailyrollingfileappendertest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/rolling/manualrollingtest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/rolling/timebasedrollingtest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/rolling/filenamepatterntestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/rolling/obsoleterollingfileappendertest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/rolling/sizebasedrollingtest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/varia/levelmatchfiltertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/varia/errorhandlertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/varia/levelrangefiltertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/pattern/num343patternconverter.h Examining data/log4cxx-0.11.0/src/test/cpp/pattern/patternparsertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/pattern/num343patternconverter.cpp Examining data/log4cxx-0.11.0/src/test/cpp/mdctestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/hierarchytest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/abts.cpp Examining data/log4cxx-0.11.0/src/test/cpp/leveltestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/insertwide.h Examining data/log4cxx-0.11.0/src/test/cpp/testutil.h Examining data/log4cxx-0.11.0/src/test/cpp/encodingtest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/consoleappendertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/l7dtestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/logunit.h Examining data/log4cxx-0.11.0/src/test/cpp/fileappendertestcase.h Examining data/log4cxx-0.11.0/src/test/cpp/ndctestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/appenderskeletontestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/logunit.cpp Examining data/log4cxx-0.11.0/src/test/cpp/patternlayouttest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/vectorappender.cpp Examining data/log4cxx-0.11.0/src/test/cpp/fileappendertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/appenderskeletontestcase.h Examining data/log4cxx-0.11.0/src/test/cpp/propertyconfiguratortest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/streamtestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/minimumtestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/testchar.h Examining data/log4cxx-0.11.0/src/test/cpp/jsonlayouttest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/writerappendertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/rollingfileappendertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/filetestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/asyncappendertestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/abts_tests.h Examining data/log4cxx-0.11.0/src/test/cpp/fileappendertest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/vectorappender.h Examining data/log4cxx-0.11.0/src/test/cpp/writerappendertestcase.h Examining data/log4cxx-0.11.0/src/test/cpp/decodingtest.cpp Examining data/log4cxx-0.11.0/src/test/cpp/abts.h Examining data/log4cxx-0.11.0/src/test/cpp/hierarchythresholdtestcase.cpp Examining data/log4cxx-0.11.0/src/test/cpp/loggertestcase.cpp Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/timezone.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/stringtokenizer.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/objectoutputstream.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/propertyresourcebundle.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/messagebuffer.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/xml.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/fileoutputstream.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/datagramsocket.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/bytearrayoutputstream.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/datetimedateformat.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/classregistration.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/strftimedateformat.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/mutex.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/systemerrwriter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/properties.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/strictmath.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/outputstreamwriter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/writer.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/filewatchdog.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/cyclicbuffer.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/resourcebundle.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/system.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/datelayout.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/datagrampacket.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/class.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/condition.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/outputstream.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/simpledateformat.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/exception.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/bytearrayinputstream.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/aprinitializer.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/onlyonceerrorhandler.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/threadspecificdata.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/object.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/bufferedwriter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/serversocket.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/fileinputstream.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/bytebuffer.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/charsetdecoder.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/absolutetimedateformat.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/transcoder.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/locale.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/relativetimedateformat.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/loader.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/socketoutputstream.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/inputstream.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/objectimpl.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/inetaddress.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/integer.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/dateformat.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/tchar.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/iso8601dateformat.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/cacheddateformat.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/bufferedoutputstream.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/systemoutwriter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/charsetencoder.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/socket.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/reader.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/objectptr.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/inputstreamreader.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/optionconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/transform.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/stringhelper.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/thread.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/date.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/syslogwriter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/loglog.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/synchronized.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/pool.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/threadlocal.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/appenderattachableimpl.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/nt/nteventlogappender.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/nt/outputdebugstringappender.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/location/locationinfo.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/loggingevent.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/configurator.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/defaultrepositoryselector.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/repositoryselector.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/hierarchyeventlistener.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/optionhandler.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/rootlogger.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/triggeringeventevaluator.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/appenderattachable.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/loggerrepository.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/filter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/loggerfactory.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/spi/errorhandler.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/net/smtpappender.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/net/socketappender.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/net/sockethubappender.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/net/telnetappender.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/net/syslogappender.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/net/socketappenderskeleton.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/net/xmlsocketappender.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/filter/levelrangefilter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/filter/levelmatchfilter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/filter/locationinfofilter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/filter/loggermatchfilter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/filter/denyallfilter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/filter/andfilter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/filter/stringmatchfilter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/filter/propertyfilter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/filter/mapfilter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/filter/expressionfilter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/db/odbcappender.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/config/propertysetter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/xml/domconfigurator.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/xml/xmllayout.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/filerenameaction.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/zipcompressaction.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/timebasedrollingpolicy.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/rollingfileappenderskeleton.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/manualtriggeringpolicy.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/rollingfileappender.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/action.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/gzcompressaction.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/rollingpolicy.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/rollingpolicybase.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/fixedwindowrollingpolicy.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/filterbasedtriggeringpolicy.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/triggeringpolicy.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/rolloverdescription.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rolling/sizebasedtriggeringpolicy.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/varia/fallbackerrorhandler.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/threadpatternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/linelocationpatternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/propertiespatternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/throwableinformationpatternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/ndcpatternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/datepatternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/lineseparatorpatternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/namepatternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/classnamepatternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/filelocationpatternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/relativetimepatternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/methodlocationpatternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/messagepatternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/literalpatternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/integerpatternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/patternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/loggingeventpatternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/fulllocationpatternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/loggerpatternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/formattinginfo.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/nameabbreviator.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/patternparser.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/filedatepatternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/pattern/levelpatternconverter.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/asyncappender.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/writerappender.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/portability.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/ndc.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/file.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/defaultconfigurator.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/ttcclayout.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/rollingfileappender.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/appenderskeleton.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/logmanager.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/layout.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/propertyconfigurator.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/provisionnode.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/dailyrollingfileappender.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/htmllayout.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/consoleappender.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/fileappender.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/mdc.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/jsonlayout.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/defaultloggerfactory.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/logger.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/logstring.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/patternlayout.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/appender.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/basicconfigurator.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/level.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/stream.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/simplelayout.h Examining data/log4cxx-0.11.0/src/main/include/log4cxx/hierarchy.h Examining data/log4cxx-0.11.0/src/main/cpp/syslogappender.cpp Examining data/log4cxx-0.11.0/src/main/cpp/consoleappender.cpp Examining data/log4cxx-0.11.0/src/main/cpp/socketoutputstream.cpp Examining data/log4cxx-0.11.0/src/main/cpp/rollingfileappender.cpp Examining data/log4cxx-0.11.0/src/main/cpp/bytearrayoutputstream.cpp Examining data/log4cxx-0.11.0/src/main/cpp/locationinfo.cpp Examining data/log4cxx-0.11.0/src/main/cpp/datepatternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/literalpatternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/xmlsocketappender.cpp Examining data/log4cxx-0.11.0/src/main/cpp/propertyconfigurator.cpp Examining data/log4cxx-0.11.0/src/main/cpp/filterbasedtriggeringpolicy.cpp Examining data/log4cxx-0.11.0/src/main/cpp/loggingevent.cpp Examining data/log4cxx-0.11.0/src/main/cpp/fileoutputstream.cpp Examining data/log4cxx-0.11.0/src/main/cpp/filewatchdog.cpp Examining data/log4cxx-0.11.0/src/main/cpp/resourcebundle.cpp Examining data/log4cxx-0.11.0/src/main/cpp/exception.cpp Examining data/log4cxx-0.11.0/src/main/cpp/bytearrayinputstream.cpp Examining data/log4cxx-0.11.0/src/main/cpp/loader.cpp Examining data/log4cxx-0.11.0/src/main/cpp/loggingeventpatternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/rolloverdescription.cpp Examining data/log4cxx-0.11.0/src/main/cpp/socket.cpp Examining data/log4cxx-0.11.0/src/main/cpp/rollingpolicybase.cpp Examining data/log4cxx-0.11.0/src/main/cpp/dailyrollingfileappender.cpp Examining data/log4cxx-0.11.0/src/main/cpp/sockethubappender.cpp Examining data/log4cxx-0.11.0/src/main/cpp/outputstreamwriter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/outputstream.cpp Examining data/log4cxx-0.11.0/src/main/cpp/obsoleterollingfileappender.cpp Examining data/log4cxx-0.11.0/src/main/cpp/triggeringpolicy.cpp Examining data/log4cxx-0.11.0/src/main/cpp/timezone.cpp Examining data/log4cxx-0.11.0/src/main/cpp/zipcompressaction.cpp Examining data/log4cxx-0.11.0/src/main/cpp/outputdebugstringappender.cpp Examining data/log4cxx-0.11.0/src/main/cpp/defaultloggerfactory.cpp Examining data/log4cxx-0.11.0/src/main/cpp/socketappenderskeleton.cpp Examining data/log4cxx-0.11.0/src/main/cpp/serversocket.cpp Examining data/log4cxx-0.11.0/src/main/cpp/defaultconfigurator.cpp Examining data/log4cxx-0.11.0/src/main/cpp/jsonlayout.cpp Examining data/log4cxx-0.11.0/src/main/cpp/loglog.cpp Examining data/log4cxx-0.11.0/src/main/cpp/cyclicbuffer.cpp Examining data/log4cxx-0.11.0/src/main/cpp/systemerrwriter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/asyncappender.cpp Examining data/log4cxx-0.11.0/src/main/cpp/loggermatchfilter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/threadcxx.cpp Examining data/log4cxx-0.11.0/src/main/cpp/nteventlogappender.cpp Examining data/log4cxx-0.11.0/src/main/cpp/hierarchy.cpp Examining data/log4cxx-0.11.0/src/main/cpp/threadlocal.cpp Examining data/log4cxx-0.11.0/src/main/cpp/stringhelper.cpp Examining data/log4cxx-0.11.0/src/main/cpp/gzcompressaction.cpp Examining data/log4cxx-0.11.0/src/main/cpp/bufferedwriter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/ndc.cpp Examining data/log4cxx-0.11.0/src/main/cpp/charsetencoder.cpp Examining data/log4cxx-0.11.0/src/main/cpp/objectimpl.cpp Examining data/log4cxx-0.11.0/src/main/cpp/telnetappender.cpp Examining data/log4cxx-0.11.0/src/main/cpp/messagepatternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/onlyonceerrorhandler.cpp Examining data/log4cxx-0.11.0/src/main/cpp/threadpatternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/fileappender.cpp Examining data/log4cxx-0.11.0/src/main/cpp/cacheddateformat.cpp Examining data/log4cxx-0.11.0/src/main/cpp/filter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/mutex.cpp Examining data/log4cxx-0.11.0/src/main/cpp/datagramsocket.cpp Examining data/log4cxx-0.11.0/src/main/cpp/datagrampacket.cpp Examining data/log4cxx-0.11.0/src/main/cpp/levelpatternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/messagebuffer.cpp Examining data/log4cxx-0.11.0/src/main/cpp/level.cpp Examining data/log4cxx-0.11.0/src/main/cpp/appenderskeleton.cpp Examining data/log4cxx-0.11.0/src/main/cpp/lineseparatorpatternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/patternlayout.cpp Examining data/log4cxx-0.11.0/src/main/cpp/smtpappender.cpp Examining data/log4cxx-0.11.0/src/main/cpp/systemoutwriter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/ndcpatternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/objectoutputstream.cpp Examining data/log4cxx-0.11.0/src/main/cpp/asyncappender_nonblocking.cpp Examining data/log4cxx-0.11.0/src/main/cpp/pool.cpp Examining data/log4cxx-0.11.0/src/main/cpp/optionconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/syslogwriter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/threadspecificdata.cpp Examining data/log4cxx-0.11.0/src/main/cpp/inetaddress.cpp Examining data/log4cxx-0.11.0/src/main/cpp/patternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/manualtriggeringpolicy.cpp Examining data/log4cxx-0.11.0/src/main/cpp/patternparser.cpp Examining data/log4cxx-0.11.0/src/main/cpp/fileinputstream.cpp Examining data/log4cxx-0.11.0/src/main/cpp/action.cpp Examining data/log4cxx-0.11.0/src/main/cpp/fulllocationpatternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/condition.cpp Examining data/log4cxx-0.11.0/src/main/cpp/mapfilter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/filedatepatternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/strftimedateformat.cpp Examining data/log4cxx-0.11.0/src/main/cpp/objectptr.cpp Examining data/log4cxx-0.11.0/src/main/cpp/levelrangefilter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/logstream.cpp Examining data/log4cxx-0.11.0/src/main/cpp/filerenameaction.cpp Examining data/log4cxx-0.11.0/src/main/cpp/nameabbreviator.cpp Examining data/log4cxx-0.11.0/src/main/cpp/throwableinformationpatternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/dateformat.cpp Examining data/log4cxx-0.11.0/src/main/cpp/appenderattachableimpl.cpp Examining data/log4cxx-0.11.0/src/main/cpp/defaultrepositoryselector.cpp Examining data/log4cxx-0.11.0/src/main/cpp/integerpatternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/reader.cpp Examining data/log4cxx-0.11.0/src/main/cpp/htmllayout.cpp Examining data/log4cxx-0.11.0/src/main/cpp/propertysetter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/simpledateformat.cpp Examining data/log4cxx-0.11.0/src/main/cpp/aprinitializer.cpp Examining data/log4cxx-0.11.0/src/main/cpp/levelmatchfilter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/fixedwindowrollingpolicy.cpp Examining data/log4cxx-0.11.0/src/main/cpp/propertiespatternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/charsetdecoder.cpp Examining data/log4cxx-0.11.0/src/main/cpp/relativetimedateformat.cpp Examining data/log4cxx-0.11.0/src/main/cpp/logger.cpp Examining data/log4cxx-0.11.0/src/main/cpp/transform.cpp Examining data/log4cxx-0.11.0/src/main/cpp/inputstream.cpp Examining data/log4cxx-0.11.0/src/main/cpp/stringmatchfilter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/andfilter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/writer.cpp Examining data/log4cxx-0.11.0/src/main/cpp/class.cpp Examining data/log4cxx-0.11.0/src/main/cpp/transcoder.cpp Examining data/log4cxx-0.11.0/src/main/cpp/propertyresourcebundle.cpp Examining data/log4cxx-0.11.0/src/main/cpp/loggerpatternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/xmllayout.cpp Examining data/log4cxx-0.11.0/src/main/cpp/integer.cpp Examining data/log4cxx-0.11.0/src/main/cpp/timebasedrollingpolicy.cpp Examining data/log4cxx-0.11.0/src/main/cpp/logmanager.cpp Examining data/log4cxx-0.11.0/src/main/cpp/relativetimepatternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/sizebasedtriggeringpolicy.cpp Examining data/log4cxx-0.11.0/src/main/cpp/system.cpp Examining data/log4cxx-0.11.0/src/main/cpp/properties.cpp Examining data/log4cxx-0.11.0/src/main/cpp/namepatternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/filelocationpatternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/synchronized.cpp Examining data/log4cxx-0.11.0/src/main/cpp/stringtokenizer.cpp Examining data/log4cxx-0.11.0/src/main/cpp/formattinginfo.cpp Examining data/log4cxx-0.11.0/src/main/cpp/rollingpolicy.cpp Examining data/log4cxx-0.11.0/src/main/cpp/ttcclayout.cpp Examining data/log4cxx-0.11.0/src/main/cpp/mdc.cpp Examining data/log4cxx-0.11.0/src/main/cpp/layout.cpp Examining data/log4cxx-0.11.0/src/main/cpp/classnamepatternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/methodlocationpatternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/configurator.cpp Examining data/log4cxx-0.11.0/src/main/cpp/odbcappender.cpp Examining data/log4cxx-0.11.0/src/main/cpp/bytebuffer.cpp Examining data/log4cxx-0.11.0/src/main/cpp/fallbackerrorhandler.cpp Examining data/log4cxx-0.11.0/src/main/cpp/rootlogger.cpp Examining data/log4cxx-0.11.0/src/main/cpp/writerappender.cpp Examining data/log4cxx-0.11.0/src/main/cpp/datelayout.cpp Examining data/log4cxx-0.11.0/src/main/cpp/file.cpp Examining data/log4cxx-0.11.0/src/main/cpp/simplelayout.cpp Examining data/log4cxx-0.11.0/src/main/cpp/socketappender.cpp Examining data/log4cxx-0.11.0/src/main/cpp/linelocationpatternconverter.cpp Examining data/log4cxx-0.11.0/src/main/cpp/classregistration.cpp Examining data/log4cxx-0.11.0/src/main/cpp/inputstreamreader.cpp Examining data/log4cxx-0.11.0/src/main/cpp/locale.cpp Examining data/log4cxx-0.11.0/src/main/cpp/domconfigurator.cpp Examining data/log4cxx-0.11.0/src/main/cpp/basicconfigurator.cpp Examining data/log4cxx-0.11.0/src/main/cpp/date.cpp Examining data/log4cxx-0.11.0/src/examples/cpp/stream.cpp Examining data/log4cxx-0.11.0/src/examples/cpp/trivial.cpp Examining data/log4cxx-0.11.0/src/examples/cpp/console.cpp Examining data/log4cxx-0.11.0/src/examples/cpp/delayedloop.cpp FINAL RESULTS: data/log4cxx-0.11.0/src/main/cpp/exception.cpp:64:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(msg, src.msg); data/log4cxx-0.11.0/src/main/cpp/exception.cpp:73:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(msg, src.msg); data/log4cxx-0.11.0/src/test/cpp/abts.cpp:271:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, fmt, args); data/log4cxx-0.11.0/src/main/cpp/bytearrayinputstream.cpp:57:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst.current(), &buf[pos], bytesCopied); data/log4cxx-0.11.0/src/main/cpp/bytearrayoutputstream.cpp:49:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&array[sz], buf.current(), buf.remaining()); data/log4cxx-0.11.0/src/main/cpp/charsetdecoder.cpp:169:4: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t buf[BUFSIZE]; data/log4cxx-0.11.0/src/main/cpp/charsetencoder.cpp:154:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t buf[BUFSIZE]; data/log4cxx-0.11.0/src/main/cpp/charsetencoder.cpp:168:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, data/log4cxx-0.11.0/src/main/cpp/charsetencoder.cpp:327:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out.current(), data/log4cxx-0.11.0/src/main/cpp/domconfigurator.cpp:793:33: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). log4cxx_status_t rv = filename.open(&fd, APR_READ, APR_OS_DEFAULT, p); data/log4cxx-0.11.0/src/main/cpp/domconfigurator.cpp:810:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[2000]; data/log4cxx-0.11.0/src/main/cpp/domconfigurator.cpp:811:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbufXML[2000]; data/log4cxx-0.11.0/src/main/cpp/exception.cpp:43:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg, m.data(), len); data/log4cxx-0.11.0/src/main/cpp/file.cpp:162:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). log4cxx_status_t File::open(apr_file_t** file, int flags, data/log4cxx-0.11.0/src/main/cpp/fileinputstream.cpp:36:2: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(filename); data/log4cxx-0.11.0/src/main/cpp/fileinputstream.cpp:42:2: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(fn); data/log4cxx-0.11.0/src/main/cpp/fileinputstream.cpp:46:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void FileInputStream::open(const LogString& filename) data/log4cxx-0.11.0/src/main/cpp/fileinputstream.cpp:50:47: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). apr_status_t stat = File().setPath(filename).open(&fileptr, flags, perm, pool); data/log4cxx-0.11.0/src/main/cpp/fileinputstream.cpp:63:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). apr_status_t stat = aFile.open(&fileptr, flags, perm, pool); data/log4cxx-0.11.0/src/main/cpp/fileoutputstream.cpp:35:33: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool append) : pool(), fileptr(open(filename, append, pool)) data/log4cxx-0.11.0/src/main/cpp/fileoutputstream.cpp:40:33: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool append) : pool(), fileptr(open(filename, append, pool)) data/log4cxx-0.11.0/src/main/cpp/fileoutputstream.cpp:44:31: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). apr_file_t* FileOutputStream::open(const LogString& filename, data/log4cxx-0.11.0/src/main/cpp/fileoutputstream.cpp:62:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). apr_status_t stat = fn.open(&fileptr, flags, perm, pool); data/log4cxx-0.11.0/src/main/cpp/gzcompressaction.cpp:70:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stat = destination.open(&child_out, flags, APR_OS_DEFAULT, p); data/log4cxx-0.11.0/src/main/cpp/loggingevent.cpp:226:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[20]; data/log4cxx-0.11.0/src/main/cpp/loggingevent.cpp:232:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[sizeof(apr_os_thread_t) * 3 + 10]; data/log4cxx-0.11.0/src/main/cpp/messagebuffer.cpp:51:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. thread_local static char ossBuf[8192]; data/log4cxx-0.11.0/src/main/cpp/messagebuffer.cpp:222:23: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. thread_local static wchar_t ossBuf[8192]; data/log4cxx-0.11.0/src/main/cpp/nteventlogappender.cpp:239:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t modpath[_MAX_PATH]; data/log4cxx-0.11.0/src/main/cpp/objectoutputstream.cpp:74:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bytes[2]; data/log4cxx-0.11.0/src/main/cpp/objectoutputstream.cpp:120:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char size[4]; data/log4cxx-0.11.0/src/main/cpp/objectoutputstream.cpp:144:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bytes[3]; data/log4cxx-0.11.0/src/main/cpp/objectoutputstream.cpp:166:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bytes[4]; data/log4cxx-0.11.0/src/main/cpp/objectoutputstream.cpp:179:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bytes[8]; data/log4cxx-0.11.0/src/main/cpp/objectoutputstream.cpp:215:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bytes[6]; data/log4cxx-0.11.0/src/main/cpp/optionconverter.cpp:124:15: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return (int) atol(cvalue.c_str()); data/log4cxx-0.11.0/src/main/cpp/outputstreamwriter.cpp:78:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rawbuf[BUFSIZE]; data/log4cxx-0.11.0/src/main/cpp/rollingfileappender.cpp:211:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szDirName[MAX_FILE_LEN] = {'\0'}; data/log4cxx-0.11.0/src/main/cpp/rollingfileappender.cpp:212:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szBaseName[MAX_FILE_LEN] = {'\0'}; data/log4cxx-0.11.0/src/main/cpp/rollingfileappender.cpp:213:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szUid[MAX_FILE_LEN] = {'\0'}; data/log4cxx-0.11.0/src/main/cpp/rollingfileappender.cpp:214:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(szDirName, fileName.c_str(), fileName.size() > MAX_FILE_LEN ? MAX_FILE_LEN : fileName.size()); data/log4cxx-0.11.0/src/main/cpp/rollingfileappender.cpp:215:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(szBaseName, fileName.c_str(), fileName.size() > MAX_FILE_LEN ? MAX_FILE_LEN : fileName.size()); data/log4cxx-0.11.0/src/main/cpp/simpledateformat.cpp:169:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/log4cxx-0.11.0/src/main/cpp/socketoutputstream.cpp:62:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&array[sz], buf.current(), buf.remaining()); data/log4cxx-0.11.0/src/main/cpp/strftimedateformat.cpp:47:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[bufSize]; data/log4cxx-0.11.0/src/main/cpp/stringhelper.cpp:124:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(as.c_str()); data/log4cxx-0.11.0/src/main/cpp/timebasedrollingpolicy.cpp:86:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_mmap->mm, std::string(lastFileName).c_str(), std::string(lastFileName).size()); data/log4cxx-0.11.0/src/main/cpp/timebasedrollingpolicy.cpp:93:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szUid[MAX_FILE_LEN] = {'\0'}; data/log4cxx-0.11.0/src/main/cpp/timebasedrollingpolicy.cpp:94:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szBaseName[MAX_FILE_LEN] = {'\0'}; data/log4cxx-0.11.0/src/main/cpp/timebasedrollingpolicy.cpp:95:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szDirName[MAX_FILE_LEN] = {'\0'}; data/log4cxx-0.11.0/src/main/cpp/timebasedrollingpolicy.cpp:96:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(szDirName, fileName.c_str(), fileName.size() > MAX_FILE_LEN ? MAX_FILE_LEN : fileName.size()); data/log4cxx-0.11.0/src/main/cpp/timebasedrollingpolicy.cpp:97:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(szBaseName, fileName.c_str(), fileName.size() > MAX_FILE_LEN ? MAX_FILE_LEN : fileName.size()); data/log4cxx-0.11.0/src/main/cpp/timebasedrollingpolicy.cpp:387:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_mmap->mm, std::string(newFileName).c_str(), std::string(newFileName).size()); data/log4cxx-0.11.0/src/main/cpp/timezone.cpp:127:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tzName[MAX_TZ_LENGTH]; data/log4cxx-0.11.0/src/main/cpp/transcoder.cpp:307:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[8]; data/log4cxx-0.11.0/src/main/cpp/transcoder.cpp:388:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/log4cxx-0.11.0/src/main/cpp/transcoder.cpp:539:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, tmp.data(), tmp.length() * sizeof(wchar_t)); data/log4cxx-0.11.0/src/main/include/log4cxx/file.h:147:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). log4cxx_status_t open(apr_file_t** file, int flags, data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/exception.h:47:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[MSG_SIZE + 1]; data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/fileinputstream.h:88:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(const LogString&); data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/fileoutputstream.h:65:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). static apr_file_t* open(const LogString& fn, bool append, data/log4cxx-0.11.0/src/test/cpp/abts.cpp:26:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char status[ABTS_STAT_SIZE] = {'|', '/', '-', '|', '\\', '-'}; data/log4cxx-0.11.0/src/test/cpp/abts.cpp:151:34: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. subsuite->name = (const char*) memcpy(calloc(p - suite_name + 1, 1), data/log4cxx-0.11.0/src/test/cpp/helpers/charsetdecodertestcase.cpp:63:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE + 6]; data/log4cxx-0.11.0/src/test/cpp/helpers/charsetdecodertestcase.cpp:69:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "Hello"); data/log4cxx-0.11.0/src/test/cpp/helpers/charsetencodertestcase.cpp:55:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/log4cxx-0.11.0/src/test/cpp/helpers/charsetencodertestcase.cpp:79:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/log4cxx-0.11.0/src/test/cpp/helpers/charsetencodertestcase.cpp:129:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/log4cxx-0.11.0/src/test/cpp/helpers/charsetencodertestcase.cpp:165:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/log4cxx-0.11.0/src/test/cpp/helpers/charsetencodertestcase.cpp:277:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/log4cxx-0.11.0/src/test/cpp/helpers/messagebuffertest.cpp:83:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(part1, "Hello"); data/log4cxx-0.11.0/src/test/cpp/helpers/messagebuffertest.cpp:85:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(part2, ", World"); data/log4cxx-0.11.0/src/test/cpp/helpers/messagebuffertest.cpp:153:3: [2] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. Risk is low because the source is a constant string. wcscpy(part1, L"Hello"); data/log4cxx-0.11.0/src/test/cpp/helpers/messagebuffertest.cpp:155:3: [2] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. Risk is low because the source is a constant string. wcscpy(part2, L", World"); data/log4cxx-0.11.0/src/test/cpp/helpers/transcodertestcase.cpp:357:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii[0x60]; data/log4cxx-0.11.0/src/test/cpp/rolling/filterbasedrollingtest.cpp:117:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[10]; data/log4cxx-0.11.0/src/test/cpp/rolling/filterbasedrollingtest.cpp:121:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "Hello---?"); data/log4cxx-0.11.0/src/test/cpp/rolling/obsoletedailyrollingfileappendertest.cpp:74:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[11]; data/log4cxx-0.11.0/src/test/cpp/rolling/obsoletedailyrollingfileappendertest.cpp:75:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "Hello---??"); data/log4cxx-0.11.0/src/test/cpp/rolling/obsoletedailyrollingfileappendertest.cpp:110:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[11]; data/log4cxx-0.11.0/src/test/cpp/rolling/obsoletedailyrollingfileappendertest.cpp:111:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "Hello---??"); data/log4cxx-0.11.0/src/test/cpp/util/transformer.cpp:81:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). apr_status_t stat = out.open(&child_out, flags, APR_OS_DEFAULT, p); data/log4cxx-0.11.0/src/test/cpp/util/transformer.cpp:85:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stat = in.open(&in_file, APR_FOPEN_READ, APR_OS_DEFAULT, p); data/log4cxx-0.11.0/src/test/cpp/util/transformer.cpp:209:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stat = out.open(&child_out, flags, APR_OS_DEFAULT, p); data/log4cxx-0.11.0/src/test/cpp/xml/xmllayouttest.cpp:142:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backing[3000]; data/log4cxx-0.11.0/src/main/cpp/bytearrayinputstream.cpp:48:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int ByteArrayInputStream::read(ByteBuffer& dst) data/log4cxx-0.11.0/src/main/cpp/domconfigurator.cpp:1105:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ByteBuffer buf((char*) attr->value, strlen(attr->value)); data/log4cxx-0.11.0/src/main/cpp/exception.cpp:53:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(msg, m, MSG_SIZE); data/log4cxx-0.11.0/src/main/cpp/fileinputstream.cpp:96:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int FileInputStream::read(ByteBuffer& buf) data/log4cxx-0.11.0/src/main/cpp/inputstreamreader.cpp:64:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). LogString InputStreamReader::read(Pool& p) data/log4cxx-0.11.0/src/main/cpp/inputstreamreader.cpp:71:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (in->read(buf) >= 0) data/log4cxx-0.11.0/src/main/cpp/nteventlogappender.cpp:246:23: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (LPBYTE) modpath, wcslen(modpath) * sizeof(wchar_t)); data/log4cxx-0.11.0/src/main/cpp/nteventlogappender.cpp:248:23: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (LPBYTE) modpath, wcslen(modpath) * sizeof(wchar_t)); data/log4cxx-0.11.0/src/main/cpp/properties.cpp:435:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). LogString contents = lineReader->read(pool); data/log4cxx-0.11.0/src/main/cpp/smtpappender.cpp:336:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen(pThis->current); data/log4cxx-0.11.0/src/main/cpp/stringhelper.cpp:173:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dst.append(9 - strlen(lower), 0x30 /* '0' */); data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/bytearrayinputstream.h:76:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual int read(ByteBuffer& buf); data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/fileinputstream.h:81:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual int read(ByteBuffer& buf); data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/inputstream.h:55:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual int read(ByteBuffer& dst) = 0; data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/inputstreamreader.h:77:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual LogString read(Pool& p); data/log4cxx-0.11.0/src/main/include/log4cxx/helpers/reader.h:60:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual LogString read(Pool& p) = 0; data/log4cxx-0.11.0/src/test/cpp/decodingtest.cpp:149:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). lsContent.assign(isReader->read(pool)); data/log4cxx-0.11.0/src/test/cpp/filetestcase.cpp:90:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). LogString contents(inputReader->read(pool)); data/log4cxx-0.11.0/src/test/cpp/filetestcase.cpp:157:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). LogString props(propReader->read(pool)); data/log4cxx-0.11.0/src/test/cpp/filetestcase.cpp:184:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). LogString reply = isr->read(pool); data/log4cxx-0.11.0/src/test/cpp/helpers/charsetdecodertestcase.cpp:47:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ByteBuffer src(buf, strlen(buf)); data/log4cxx-0.11.0/src/test/cpp/helpers/charsetdecodertestcase.cpp:71:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ByteBuffer src(buf, strlen(buf)); data/log4cxx-0.11.0/src/test/cpp/util/compare.cpp:34:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). LogString in1(reader1->read(pool)); data/log4cxx-0.11.0/src/test/cpp/util/compare.cpp:39:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). LogString in2(reader2->read(pool2)); data/log4cxx-0.11.0/src/test/cpp/util/serializationtesthelper.cpp:61:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int bytesRead = is->read(readBuffer); ANALYSIS SUMMARY: Hits = 110 Lines analyzed = 72152 in approximately 1.82 seconds (39648 lines/second) Physical Source Lines of Code (SLOC) = 41839 Hits@level = [0] 30 [1] 25 [2] 82 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 140 [1+] 110 [2+] 85 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 3.34616 [1+] 2.62913 [2+] 2.0316 [3+] 0.0717034 [4+] 0.0717034 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.