Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_deque.c Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_deque.h Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_htable.c Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_htable.h Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_map.c Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_map.h Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_priority_queue.c Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_priority_queue.h Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_queue.c Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_queue.h Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_set.c Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_set.h Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_stack.c Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_stack.h Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_vector.c Examining data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_vector.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_collection_ce.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_collection_ce.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_deque_ce.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_deque_ce.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_hashable_ce.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_hashable_ce.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_map_ce.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_map_ce.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_pair_ce.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_pair_ce.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_priority_queue_ce.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_priority_queue_ce.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_queue_ce.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_queue_ce.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_sequence_ce.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_sequence_ce.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_set_ce.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_set_ce.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_stack_ce.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_stack_ce.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_vector_ce.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/classes/php_vector_ce.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_common_handlers.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_common_handlers.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_deque_handlers.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_deque_handlers.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_map_handlers.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_map_handlers.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_pair_handlers.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_pair_handlers.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_priority_queue_handlers.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_priority_queue_handlers.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_queue_handlers.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_queue_handlers.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_set_handlers.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_set_handlers.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_stack_handlers.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_stack_handlers.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_vector_handlers.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_vector_handlers.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_deque_iterator.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_deque_iterator.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_htable_iterator.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_htable_iterator.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_map_iterator.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_map_iterator.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_priority_queue_iterator.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_priority_queue_iterator.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_queue_iterator.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_queue_iterator.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_set_iterator.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_set_iterator.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_stack_iterator.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_stack_iterator.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_vector_iterator.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/iterators/php_vector_iterator.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_deque.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_deque.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_map.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_map.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_pair.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_pair.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_priority_queue.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_priority_queue.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_queue.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_queue.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_set.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_set.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_stack.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_stack.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_vector.c Examining data/php-ds-1.2.9/ds-1.2.9/src/php/objects/php_vector.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/arginfo.h Examining data/php-ds-1.2.9/ds-1.2.9/src/php/parameters.h Examining data/php-ds-1.2.9/ds-1.2.9/src/common.c Examining data/php-ds-1.2.9/ds-1.2.9/src/common.h Examining data/php-ds-1.2.9/ds-1.2.9/php_ds.c Examining data/php-ds-1.2.9/ds-1.2.9/php_ds.h FINAL RESULTS: data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_deque.c:134:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buffer[0], &deque->buffer[h], r * sizeof(zval)); data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_deque.c:135:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buffer[r], &deque->buffer[0], t * sizeof(zval)); data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_htable.c:149:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_dst->lookup, _src->lookup, _src->capacity * sizeof(uint32_t)); data/php-ds-1.2.9/ds-1.2.9/src/ds/ds_priority_queue.c:248:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, queue->nodes, queue->size * sizeof(ds_priority_queue_node_t)); data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_deque_handlers.c:131:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&php_deque_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers)); data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_map_handlers.c:115:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&php_map_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers)); data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_pair_handlers.c:31:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&php_pair_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers)); data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_priority_queue_handlers.c:61:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&php_priority_queue_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers)); data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_queue_handlers.c:63:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&php_queue_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers)); data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_set_handlers.c:88:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&php_ds_set_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers)); data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_stack_handlers.c:61:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&php_ds_stack_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers)); data/php-ds-1.2.9/ds-1.2.9/src/php/handlers/php_vector_handlers.c:134:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&php_vector_handlers, zend_get_std_object_handlers(), sizeof(zend_object_handlers)); ANALYSIS SUMMARY: Hits = 12 Lines analyzed = 10548 in approximately 0.19 seconds (55741 lines/second) Physical Source Lines of Code (SLOC) = 8013 Hits@level = [0] 0 [1] 0 [2] 12 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 12 [1+] 12 [2+] 12 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 1.49757 [1+] 1.49757 [2+] 1.49757 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.