stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/onnx-1.7.0+dfsg/onnx/checker.cc
Examining data/onnx-1.7.0+dfsg/onnx/onnx-operators_pb.h
Examining data/onnx-1.7.0+dfsg/onnx/onnxifi_wrapper.c
Examining data/onnx-1.7.0+dfsg/onnx/onnxifi_utils.h
Examining data/onnx-1.7.0+dfsg/onnx/onnxifi_ext.h
Examining data/onnx-1.7.0+dfsg/onnx/onnxifi_loader.h
Examining data/onnx-1.7.0+dfsg/onnx/onnxifi_utils.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/function.h
Examining data/onnx-1.7.0+dfsg/onnx/defs/operator_sets_training.h
Examining data/onnx-1.7.0+dfsg/onnx/defs/reduction/defs.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/reduction/old.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/object_detection/old.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/object_detection/defs.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/attr_proto_util.h
Examining data/onnx-1.7.0+dfsg/onnx/defs/tensor/utils.h
Examining data/onnx-1.7.0+dfsg/onnx/defs/tensor/old.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/tensor/defs.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/tensor/utils.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/operator_sets_ml.h
Examining data/onnx-1.7.0+dfsg/onnx/defs/schema.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/data_type_utils.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/traditionalml/old.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/traditionalml/defs.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/training/defs.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/attr_proto_util.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/schema.h
Examining data/onnx-1.7.0+dfsg/onnx/defs/tensor_proto_util.h
Examining data/onnx-1.7.0+dfsg/onnx/defs/shape_inference.h
Examining data/onnx-1.7.0+dfsg/onnx/defs/math/old.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/math/defs.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/data_type_utils.h
Examining data/onnx-1.7.0+dfsg/onnx/defs/generator/defs.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/generator/old.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/nn/old.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/nn/defs.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/quantization/defs.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/operator_sets_preview.h
Examining data/onnx-1.7.0+dfsg/onnx/defs/tensor_util.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/operator_sets.h
Examining data/onnx-1.7.0+dfsg/onnx/defs/rnn/old.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/rnn/defs.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/tensor_proto_util.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/function.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/tensor_util.h
Examining data/onnx-1.7.0+dfsg/onnx/defs/logical/defs.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/logical/old.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/controlflow/old.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/controlflow/defs.cc
Examining data/onnx-1.7.0+dfsg/onnx/defs/sequence/defs.cc
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/pass_registry.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/optimize.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/fuse_add_bias_into_conv.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/fuse_bn_into_conv.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/lift_lexical_references.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/fuse_matmul_add_bias_into_gemm.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/eliminate_identity.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/eliminate_nop_monotone_argmax.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/fuse_consecutive_transposes.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/extract_constant_to_initializer.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/eliminate_nop_pad.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/fuse_consecutive_reduce_unsqueeze.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/nop.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/eliminate_deadend.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/fuse_consecutive_log_softmax.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/eliminate_unused_initializer.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/fuse_consecutive_concats.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/split.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/fuse_consecutive_squeezes.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/eliminate_nop_dropout.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/fuse_pad_into_conv.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/fuse_transpose_into_gemm.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/passes/eliminate_nop_transpose.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/pass_registry.cc
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/pass.cc
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/pass_manager.cc
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/pass_manager.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/pass.h
Examining data/onnx-1.7.0+dfsg/onnx/optimizer/optimize.cc
Examining data/onnx-1.7.0+dfsg/onnx/py_utils.h
Examining data/onnx-1.7.0+dfsg/onnx/onnx_pb.h
Examining data/onnx-1.7.0+dfsg/onnx/onnxifi_loader.c
Examining data/onnx-1.7.0+dfsg/onnx/shape_inference/implementation.cc
Examining data/onnx-1.7.0+dfsg/onnx/shape_inference/implementation.h
Examining data/onnx-1.7.0+dfsg/onnx/onnxifi.h
Examining data/onnx-1.7.0+dfsg/onnx/common/ir_pb_converter.h
Examining data/onnx-1.7.0+dfsg/onnx/common/ir.h
Examining data/onnx-1.7.0+dfsg/onnx/common/stl_backports.h
Examining data/onnx-1.7.0+dfsg/onnx/common/model_helpers.h
Examining data/onnx-1.7.0+dfsg/onnx/common/status.cc
Examining data/onnx-1.7.0+dfsg/onnx/common/tensor.h
Examining data/onnx-1.7.0+dfsg/onnx/common/graph_node_list.h
Examining data/onnx-1.7.0+dfsg/onnx/common/interned_strings.cc
Examining data/onnx-1.7.0+dfsg/onnx/common/assertions.h
Examining data/onnx-1.7.0+dfsg/onnx/common/status.h
Examining data/onnx-1.7.0+dfsg/onnx/common/ir_pb_converter.cc
Examining data/onnx-1.7.0+dfsg/onnx/common/assertions.cc
Examining data/onnx-1.7.0+dfsg/onnx/common/platform_helpers.h
Examining data/onnx-1.7.0+dfsg/onnx/common/model_helpers.cc
Examining data/onnx-1.7.0+dfsg/onnx/common/array_ref.h
Examining data/onnx-1.7.0+dfsg/onnx/common/common.h
Examining data/onnx-1.7.0+dfsg/onnx/common/constants.h
Examining data/onnx-1.7.0+dfsg/onnx/common/interned_strings.h
Examining data/onnx-1.7.0+dfsg/onnx/checker.h
Examining data/onnx-1.7.0+dfsg/onnx/test/cpp/test_main.cc
Examining data/onnx-1.7.0+dfsg/onnx/test/cpp/function_verify_test.cc
Examining data/onnx-1.7.0+dfsg/onnx/test/cpp/shape_inference_test.cc
Examining data/onnx-1.7.0+dfsg/onnx/test/cpp/onnxifi_backend_test.cc
Examining data/onnx-1.7.0+dfsg/onnx/test/cpp/function_get_test.cc
Examining data/onnx-1.7.0+dfsg/onnx/test/cpp/op_reg_test.cc
Examining data/onnx-1.7.0+dfsg/onnx/onnxifi_dummy.c
Examining data/onnx-1.7.0+dfsg/onnx/proto_utils.h
Examining data/onnx-1.7.0+dfsg/onnx/cpp2py_export.cc
Examining data/onnx-1.7.0+dfsg/onnx/string_utils.h
Examining data/onnx-1.7.0+dfsg/onnx/backend/test/cpp/driver/test_driver.h
Examining data/onnx-1.7.0+dfsg/onnx/backend/test/cpp/driver/test_driver.cc
Examining data/onnx-1.7.0+dfsg/onnx/backend/test/cpp/gtest_utils.cc
Examining data/onnx-1.7.0+dfsg/onnx/backend/test/cpp/gtest_utils.h
Examining data/onnx-1.7.0+dfsg/onnx/backend/test/cpp/test_main.cc
Examining data/onnx-1.7.0+dfsg/onnx/backend/test/cpp/driver_test.cc
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/convert.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/helper.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/helper.cc
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/convert.cc
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/BaseConverter.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/reshape_5_4.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/batch_normalization_8_9.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/maxpool_8_7.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/compatible.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/type_restriction.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/reshape_4_5.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/adapter.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/gemm_6_7.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/scan_8_9.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/batch_normalization_6_5.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/concat_3_4.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/dropout_6_7.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/upsample_8_9.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/remove_consumed_inputs.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/cast_9_8.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/set_is_test.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/averagepool_7_6.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/broadcast_backward_compatibility.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/upsample_9_8.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/no_previous_version.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/extend_supported_types.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/gemm_7_6.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/batch_normalization_6_7.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/scan_9_8.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/broadcast_forward_compatibility.h
Examining data/onnx-1.7.0+dfsg/onnx/version_converter/adapters/sum_8_7.h
Examining data/onnx-1.7.0+dfsg/tools/protobuf-bench.cc

FINAL RESULTS:

data/onnx-1.7.0+dfsg/onnx/common/assertions.cc:16:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  vsnprintf(msg, 2048, fmt, args);
data/onnx-1.7.0+dfsg/onnx/backend/test/cpp/driver/test_driver.cc:177:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen(filename.c_str(), "r")) != NULL) {
data/onnx-1.7.0+dfsg/onnx/backend/test/cpp/driver/test_driver.cc:180:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buff[1024] = {0};
data/onnx-1.7.0+dfsg/onnx/backend/test/cpp/driver_test.cc:371:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char infovalue[max_info_size];
data/onnx-1.7.0+dfsg/onnx/common/assertions.cc:12:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char msg[2048];
data/onnx-1.7.0+dfsg/onnx/onnxifi_wrapper.c:110:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(onnxifi_library_wildcard + system_directory_path_length,
data/onnx-1.7.0+dfsg/onnx/onnxifi_wrapper.c:146:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&libraries[num_libraries], &library, sizeof(library));
data/onnx-1.7.0+dfsg/onnx/onnxifi_wrapper.c:262:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&libraries[num_libraries], &library, sizeof(library));
data/onnx-1.7.0+dfsg/onnx/onnxifi_wrapper.c:410:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(backendIDs, backend_ids, num_wrapped_ids * sizeof(onnxBackendID));
data/onnx-1.7.0+dfsg/onnx/test/cpp/onnxifi_backend_test.cc:38:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char infoValue[11] = "abc";
data/onnx-1.7.0+dfsg/onnx/common/array_ref.h:124:19:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
      return std::equal(begin(), end(), RHS.begin());
data/onnx-1.7.0+dfsg/onnx/common/interned_strings.h:108:5:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  _(equal)                        \
data/onnx-1.7.0+dfsg/onnx/defs/data_type_utils.cc:269:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    : data_(p_data), size_(strlen(p_data)), start_(data_), end_(data_) {
data/onnx-1.7.0+dfsg/onnx/defs/schema.cc:976:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  std::string::size_type lenFrom = std::strlen(from);
data/onnx-1.7.0+dfsg/onnx/defs/schema.cc:977:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  std::string::size_type lenTo = std::strlen(to);
data/onnx-1.7.0+dfsg/onnx/defs/tensor/defs.cc:2469:88:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
2) The first `b` dimensions of the shape of `indices` tensor and `data` tensor must be equal.
data/onnx-1.7.0+dfsg/onnx/onnxifi_loader.c:156:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    function_name += strlen(function_name);
data/onnx-1.7.0+dfsg/onnx/onnxifi_wrapper.c:191:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const size_t filename_length = strlen(filename);
data/onnx-1.7.0+dfsg/onnx/onnxifi_wrapper.c:201:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strlen(ONNXIFI_FILENAME_PREFIX)) != 0)
data/onnx-1.7.0+dfsg/onnx/onnxifi_wrapper.c:207:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const char* suffix = filename_end - strlen(ONNXIFI_FILENAME_SUFFIX);
data/onnx-1.7.0+dfsg/onnx/onnxifi_wrapper.c:210:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      strlen(ONNXIFI_FILENAME_SUFFIX)) != 0)

ANALYSIS SUMMARY:

Hits = 21
Lines analyzed = 41225 in approximately 1.64 seconds (25099 lines/second)
Physical Source Lines of Code (SLOC) = 29804
Hits@level = [0]  19 [1]  11 [2]   9 [3]   0 [4]   1 [5]   0
Hits@level+ = [0+]  40 [1+]  21 [2+]  10 [3+]   1 [4+]   1 [5+]   0
Hits/KSLOC@level+ = [0+] 1.3421 [1+] 0.704603 [2+] 0.335525 [3+] 0.0335525 [4+] 0.0335525 [5+]   0
Dot directories skipped = 5 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.