Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c
FINAL RESULTS:
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:676:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(r,name);
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:816:25: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define PyOS_snprintf _snprintf
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:818:25: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define PyOS_snprintf snprintf
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:835:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
res = vsnprintf(buf, sizeof(buf), fmt, ap);
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:627:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char hex[17] = "0123456789abcdef";
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:788:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newstr, cstr, len+1);
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:832:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SWIG_PYBUFFER_SIZE * 2];
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:2022:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:2036:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:2047:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[SWIG_BUFFER_SIZE];
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:2189:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pack, ptr, size);
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:2207:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, sobj->pack, size);
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:2844:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mesg[256];
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:3745:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
*cptr = (char *)memcpy(malloc((len + 1)*sizeof(char)), cstr, sizeof(char)*(len + 1));
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:3783:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
*cptr = (char *)memcpy(malloc((len + 1)*sizeof(char)), cstr, sizeof(char)*(len + 1));
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:5686:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp4[4096+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:5737:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp5[4096+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:6165:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp2[H4_MAX_NC_NAME+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:6391:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp2[4096+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:6591:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp3[4096+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:6849:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp2[128+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:6850:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp3[128+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:6851:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp4[128+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:6852:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp5[128+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:6899:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp2[128+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:6900:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp3[128+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:6901:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp4[128+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:8078:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp2[4096+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:8105:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp2[4096+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:8154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp2[4096+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:8223:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp4[4096+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:8226:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp6[4096+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:8939:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp4[4096+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:9113:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp2[4096+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:9174:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp2[4096+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:9930:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp3[4096+1] ;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:391:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char* te = tb + strlen(tb);
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:675:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:696:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lname = (name ? strlen(name) : 0);
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:701:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r,name,lname+1);
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:865:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define PyString_AsStringAndSize(obj, s, len) {*s = PyString_AsString(obj); *len = *s ? strlen(*s) : 0;}
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:3801:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:3846:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:10753:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(name)+1;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:10756:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(gv->name,name,size);
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:10820:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(const_table[j].name)) == 0) {
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:10831:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lptr = strlen(ty->name)+2*sizeof(void*)+2;
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:10835:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buff, methods[i].ml_doc, ldoc);
data/python-hdf4-0.10.2/pyhdf/hdfext_wrap.c:10837:15: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buff, "swig_ptr: ", 10);
ANALYSIS SUMMARY:
Hits = 49
Lines analyzed = 11045 in approximately 0.31 seconds (36175 lines/second)
Physical Source Lines of Code (SLOC) = 9543
Hits@level = [0] 17 [1] 13 [2] 32 [3] 0 [4] 4 [5] 0
Hits@level+ = [0+] 66 [1+] 49 [2+] 36 [3+] 4 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 6.91606 [1+] 5.13465 [2+] 3.7724 [3+] 0.419155 [4+] 0.419155 [5+] 0
Dot directories skipped = 3 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.