stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/python-apsw-3.32.2-r1/src/vtable.c
Examining data/python-apsw-3.32.2-r1/src/blob.c
Examining data/python-apsw-3.32.2-r1/src/exceptions.c
Examining data/python-apsw-3.32.2-r1/src/cursor.c
Examining data/python-apsw-3.32.2-r1/src/statementcache.c
Examining data/python-apsw-3.32.2-r1/src/util.c
Examining data/python-apsw-3.32.2-r1/src/traceback.c
Examining data/python-apsw-3.32.2-r1/src/vfs.c
Examining data/python-apsw-3.32.2-r1/src/connection.c
Examining data/python-apsw-3.32.2-r1/src/backup.c
Examining data/python-apsw-3.32.2-r1/src/testextension.c
Examining data/python-apsw-3.32.2-r1/src/apsw.c
Examining data/python-apsw-3.32.2-r1/src/pyutil.c
Examining data/python-apsw-3.32.2-r1/src/apswbuffer.c
Examining data/python-apsw-3.32.2-r1/src/apswversion.h

FINAL RESULTS:

data/python-apsw-3.32.2-r1/src/exceptions.c:177:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(buffy, "apsw.%s", apswexceptions[i].name);
data/python-apsw-3.32.2-r1/src/exceptions.c:188:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(buffy, "apsw.%sError", exc_descriptors[i].name);
data/python-apsw-3.32.2-r1/src/exceptions.c:193:7:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
      sprintf(buffy, "%sError", exc_descriptors[i].name);
data/python-apsw-3.32.2-r1/src/util.c:340:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(res, source);
data/python-apsw-3.32.2-r1/src/vfs.c:638:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(filename, PyBytes_AS_STRING(utf8name));
data/python-apsw-3.32.2-r1/src/vfs.c:1924:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(self->filename, PyBytes_AS_STRING(utf8name));
data/python-apsw-3.32.2-r1/src/apsw.c:1061:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(res, PyUnicode_AS_UNICODE(value), PyUnicode_GET_DATA_SIZE(value));
data/python-apsw-3.32.2-r1/src/exceptions.c:144:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffy[100]; /* more than enough for anyone :-) */
data/python-apsw-3.32.2-r1/src/pyutil.c:219:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buffy, ptr, size);
data/python-apsw-3.32.2-r1/src/vfs.c:446:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(zOut, PyBytes_AS_STRING(utf8), PyBytes_GET_SIZE(utf8)+1); /* Python always null terminates hence +1 */
data/python-apsw-3.32.2-r1/src/vfs.c:892:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(zErrMsg, PyBytes_AS_STRING(utf8), len);
data/python-apsw-3.32.2-r1/src/vfs.c:983:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(zOut, buffer, buflen);
data/python-apsw-3.32.2-r1/src/vfs.c:1212:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(zErrMsg, PyBytes_AS_STRING(utf8), len);
data/python-apsw-3.32.2-r1/src/vfs.c:2049:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(bufout, buffer, size);
data/python-apsw-3.32.2-r1/src/vfs.c:2053:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(bufout, buffer, amount);
data/python-apsw-3.32.2-r1/src/apswbuffer.c:207:10:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    goto equal;
data/python-apsw-3.32.2-r1/src/apswbuffer.c:210:10:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    goto equal;
data/python-apsw-3.32.2-r1/src/apswbuffer.c:215:2:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
 equal:
data/python-apsw-3.32.2-r1/src/cursor.c:633:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	  keyo=PyUnicode_DecodeUTF8(key, strlen(key), NULL);
data/python-apsw-3.32.2-r1/src/exceptions.c:59:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  value=PyBytes_FromStringAndSize(msg, strlen(msg));
data/python-apsw-3.32.2-r1/src/pyutil.c:289:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return convertutf8stringsize(str, strlen(str));
data/python-apsw-3.32.2-r1/src/util.c:338:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char *res=PyMem_Malloc(strlen(source)+1);
data/python-apsw-3.32.2-r1/src/vfs.c:632:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len=strlen(PyBytes_AS_STRING(utf8name));
data/python-apsw-3.32.2-r1/src/vfs.c:942:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(strlen(PyBytes_AS_STRING(res))==0)
data/python-apsw-3.32.2-r1/src/vfs.c:958:145:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  AddTraceBackHere(__FILE__, __LINE__, "vfspy.xDlError", "{s: O, s: N}", "self", self, "res", PyBytes_FromStringAndSize(PyBytes_AS_STRING(res), strlen(PyBytes_AS_STRING(res))));
data/python-apsw-3.32.2-r1/src/vfs.c:1643:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if(!strlen(base))
data/python-apsw-3.32.2-r1/src/vfs.c:1918:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len=strlen(PyBytes_AS_STRING(utf8name));
data/python-apsw-3.32.2-r1/src/vfs.c:1931:6:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if(strlen(vfs)==0)

ANALYSIS SUMMARY:

Hits = 28
Lines analyzed = 14969 in approximately 0.38 seconds (39750 lines/second)
Physical Source Lines of Code (SLOC) = 9436
Hits@level = [0]   1 [1]  13 [2]   9 [3]   0 [4]   6 [5]   0
Hits@level+ = [0+]  29 [1+]  28 [2+]  15 [3+]   6 [4+]   6 [5+]   0
Hits/KSLOC@level+ = [0+] 3.07334 [1+] 2.96736 [2+] 1.58966 [3+] 0.635863 [4+] 0.635863 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.