Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mdds-1.7.0/src/point_quad_tree_test.cpp
Examining data/mdds-1.7.0/src/rtree_test_bulkload.cpp
Examining data/mdds-1.7.0/src/segment_tree_test.cpp
Examining data/mdds-1.7.0/src/multi_type_vector_test_collection.cpp
Examining data/mdds-1.7.0/src/multi_type_vector_test_custom.cpp
Examining data/mdds-1.7.0/src/rtree_test.cpp
Examining data/mdds-1.7.0/src/ref_pair_test.cpp
Examining data/mdds-1.7.0/src/template_test.cpp
Examining data/mdds-1.7.0/src/multi_type_vector_test_event.cpp
Examining data/mdds-1.7.0/src/multi_type_matrix_test.cpp
Examining data/mdds-1.7.0/src/multi_type_matrix_test_walk.cpp
Examining data/mdds-1.7.0/src/test_global_rtree.hpp
Examining data/mdds-1.7.0/src/multi_type_vector_test_default.cpp
Examining data/mdds-1.7.0/src/flat_segment_tree_test.cpp
Examining data/mdds-1.7.0/src/multi_type_vector_test_perf.cpp
Examining data/mdds-1.7.0/src/trie_map_test.cpp
Examining data/mdds-1.7.0/src/rectangle_set_test.cpp
Examining data/mdds-1.7.0/src/stlperf_test.cpp
Examining data/mdds-1.7.0/src/sorted_string_map_test.cpp
Examining data/mdds-1.7.0/src/test_global.hpp
Examining data/mdds-1.7.0/misc/sorted_string_map_perf.cpp
Examining data/mdds-1.7.0/misc/matrix_perf.cpp
Examining data/mdds-1.7.0/include/mdds/rectangle_set.hpp
Examining data/mdds-1.7.0/include/mdds/trie_map.hpp
Examining data/mdds-1.7.0/include/mdds/quad_node.hpp
Examining data/mdds-1.7.0/include/mdds/multi_type_vector_custom_func1.hpp
Examining data/mdds-1.7.0/include/mdds/multi_type_vector_custom_func3.hpp
Examining data/mdds-1.7.0/include/mdds/node.hpp
Examining data/mdds-1.7.0/include/mdds/multi_type_matrix.hpp
Examining data/mdds-1.7.0/include/mdds/multi_type_vector_macro.hpp
Examining data/mdds-1.7.0/include/mdds/trie_map_itr.hpp
Examining data/mdds-1.7.0/include/mdds/multi_type_vector_custom_func2.hpp
Examining data/mdds-1.7.0/include/mdds/multi_type_vector.hpp
Examining data/mdds-1.7.0/include/mdds/multi_type_vector_itr.hpp
Examining data/mdds-1.7.0/include/mdds/sorted_string_map.hpp
Examining data/mdds-1.7.0/include/mdds/segment_tree.hpp
Examining data/mdds-1.7.0/include/mdds/flat_segment_tree.hpp
Examining data/mdds-1.7.0/include/mdds/point_quad_tree.hpp
Examining data/mdds-1.7.0/include/mdds/ref_pair.hpp
Examining data/mdds-1.7.0/include/mdds/multi_type_vector_trait.hpp
Examining data/mdds-1.7.0/include/mdds/multi_type_vector_types.hpp
Examining data/mdds-1.7.0/include/mdds/rtree.hpp
Examining data/mdds-1.7.0/include/mdds/flat_segment_tree_itr.hpp
Examining data/mdds-1.7.0/include/mdds/global.hpp
Examining data/mdds-1.7.0/include/mdds/multi_type_vector/collection.hpp
Examining data/mdds-1.7.0/test/gdb/src/point_quad_tree.cpp
Examining data/mdds-1.7.0/test/gdb/src/test.cpp
Examining data/mdds-1.7.0/test/gdb/src/segment_tree.cpp
Examining data/mdds-1.7.0/test/gdb/src/rtree.cpp
Examining data/mdds-1.7.0/test/gdb/src/trie_map.cpp
Examining data/mdds-1.7.0/test/gdb/src/sorted_string_map.cpp
Examining data/mdds-1.7.0/test/gdb/src/multi_type_matrix.cpp
Examining data/mdds-1.7.0/test/gdb/src/multi_type_vector.cpp
Examining data/mdds-1.7.0/test/gdb/src/flat_segment_tree.cpp
Examining data/mdds-1.7.0/quickcheck/flat_segment_tree.cpp
Examining data/mdds-1.7.0/example/rectangle_set.cpp
Examining data/mdds-1.7.0/example/point_quad_tree.cpp
Examining data/mdds-1.7.0/example/rtree_erase.cpp
Examining data/mdds-1.7.0/example/rtree_medium.cpp
Examining data/mdds-1.7.0/example/rtree_medium_bulkload.cpp
Examining data/mdds-1.7.0/example/segment_tree.cpp
Examining data/mdds-1.7.0/example/packed_trie_map.cpp
Examining data/mdds-1.7.0/example/mtv_collection.cpp
Examining data/mdds-1.7.0/example/multi_type_vector_pos_hint.cpp
Examining data/mdds-1.7.0/example/rtree_simple.cpp
Examining data/mdds-1.7.0/example/trie_map.cpp
Examining data/mdds-1.7.0/example/multi_type_vector_event1.cpp
Examining data/mdds-1.7.0/example/multi_type_matrix.cpp
Examining data/mdds-1.7.0/example/multi_type_vector.cpp
Examining data/mdds-1.7.0/example/flat_segment_tree.cpp
Examining data/mdds-1.7.0/example/packed_trie_state_custom.cpp
Examining data/mdds-1.7.0/example/packed_trie_state_int.cpp
Examining data/mdds-1.7.0/example/flat_segment_tree_itrs.cpp
Examining data/mdds-1.7.0/example/multi_type_vector_element_block1.cpp
FINAL RESULTS:
data/mdds-1.7.0/src/sorted_string_map_test.cpp:121:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, &line[0]);
data/mdds-1.7.0/example/packed_trie_state_custom.cpp:79:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2];
data/mdds-1.7.0/src/trie_map_test.cpp:790:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[8];
data/mdds-1.7.0/example/packed_trie_state_custom.cpp:100:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void read(std::istream& is, size_t n, us_president& v)
data/mdds-1.7.0/example/packed_trie_state_custom.cpp:108:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(buf.buffer, 2);
data/mdds-1.7.0/example/packed_trie_state_custom.cpp:112:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(buf.buffer, 1);
data/mdds-1.7.0/include/mdds/trie_map.hpp:154:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void read(std::istream& is, size_t n, T& v);
data/mdds-1.7.0/include/mdds/trie_map.hpp:165:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void read(std::istream& is, size_t n, T& v);
data/mdds-1.7.0/include/mdds/trie_map.hpp:181:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void read(std::istream& is, size_t n, T& v);
data/mdds-1.7.0/misc/sorted_string_map_perf.cpp:132:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int type = sm.find(input, strlen(input));
data/mdds-1.7.0/misc/sorted_string_map_perf.cpp:139:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int type = sm.find(input, strlen(input));
data/mdds-1.7.0/src/sorted_string_map_test.cpp:68:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bool res = names.find(entries[i].key, strlen(entries[i].key)) == entries[i].value;
data/mdds-1.7.0/src/sorted_string_map_test.cpp:96:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bool res = names.find(entries[i].key, strlen(entries[i].key)) == entries[i].value;
data/mdds-1.7.0/src/trie_map_test.cpp:828:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void read(std::istream& is, size_t n, _custom_variable_value& v)
data/mdds-1.7.0/src/trie_map_test.cpp:832:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(&c, 1);
data/mdds-1.7.0/src/trie_map_test.cpp:856:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(bv.buffer, 4);
data/mdds-1.7.0/src/trie_map_test.cpp:861:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(bv.buffer, 8);
data/mdds-1.7.0/src/trie_map_test.cpp:883:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_custom_fixed_value(const char* p) : value_string(p, std::strlen(p)) {}
data/mdds-1.7.0/src/trie_map_test.cpp:917:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void read(std::istream& is, size_t n, _custom_fixed_value& v)
data/mdds-1.7.0/src/trie_map_test.cpp:921:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(&bv, 1);
ANALYSIS SUMMARY:
Hits = 20
Lines analyzed = 36248 in approximately 0.85 seconds (42410 lines/second)
Physical Source Lines of Code (SLOC) = 25767
Hits@level = [0] 23 [1] 17 [2] 2 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 43 [1+] 20 [2+] 3 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 1.6688 [1+] 0.776187 [2+] 0.116428 [3+] 0.0388093 [4+] 0.0388093 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.