stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c

FINAL RESULTS:

data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:682:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(r,name);
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:633:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static const char hex[17] = "0123456789abcdef";
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:795:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(newstr, cstr, len+1);
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:1778:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:1789:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char result[SWIG_BUFFER_SIZE];
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:1919:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(pack, ptr, size);
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:1937:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, sobj->pack, size);
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:2481:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mesg[256];
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:2739:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    *cptr = (char *)memcpy(malloc((len + 1)*sizeof(char)), cstr, sizeof(char)*(len + 1));
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:5365:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(gv->name, name, size);
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:5446:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(buff, methods[i].ml_doc, ldoc);
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:5448:15:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
              memcpy(buff, "swig_ptr: ", 10);
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:397:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const char* te = tb + strlen(tb);
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:681:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(name) + 1 > (bsz - (r - buff))) return 0;
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:702:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t lname = (name ? strlen(name) : 0);
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:707:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(r,name,lname+1);
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:2758:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if (psize) *psize = vptr ? (strlen((char *)vptr) + 1) : 0;
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:3001:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return SWIG_FromCharPtrAndSize(cptr, (cptr ? strlen(cptr) : 0));
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:3021:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(val);
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:3039:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(val);
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:5362:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t size = strlen(name)+1;
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:5431:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              strlen(const_table[j].name)) == 0) {
data/python-pygraphviz-1.6/pygraphviz/graphviz_wrap.c:5442:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t lptr = strlen(ty->name)+2*sizeof(void*)+2;

ANALYSIS SUMMARY:

Hits = 23
Lines analyzed = 5687 in approximately 0.17 seconds (34316 lines/second)
Physical Source Lines of Code (SLOC) = 4671
Hits@level = [0]  15 [1]  11 [2]  11 [3]   0 [4]   1 [5]   0
Hits@level+ = [0+]  38 [1+]  23 [2+]  12 [3+]   1 [4+]   1 [5+]   0
Hits/KSLOC@level+ = [0+] 8.1353 [1+] 4.924 [2+] 2.56904 [3+] 0.214087 [4+] 0.214087 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.