Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/qnnpack-0.0~git20190828.7d2a4e9/bench/add.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/bench/average-pooling.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/bench/channel-shuffle.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/bench/convolution.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/bench/global-average-pooling.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/bench/hgemm.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/bench/max-pooling.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/bench/q8gemm.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/bench/requantization.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/bench/sgemm.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/bench/sigmoid.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/bench/softargmax.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/include/clog.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/test/clog.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/include/qnnpack.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/add.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/average-pooling.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/channel-shuffle.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/clamp.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/convolution.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/deconvolution.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/fully-connected.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/global-average-pooling.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/hgemm/8x8-neonfp16arith.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/indirection.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/init.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/leaky-relu.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/max-pooling.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/operator-delete.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/operator-run.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8avgpool/mp8x9p8q-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8avgpool/mp8x9p8q-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8avgpool/up8x9-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8avgpool/up8x9-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8avgpool/up8xm-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8avgpool/up8xm-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8conv/4x4c2-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8conv/4x8-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8conv/8x8-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8dwconv/mp8x25-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8dwconv/mp8x25-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8dwconv/up8x9-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8dwconv/up8x9-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8gavgpool/mp8x7p7q-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8gavgpool/mp8x7p7q-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8gavgpool/up8x7-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8gavgpool/up8x7-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8gavgpool/up8xm-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8gavgpool/up8xm-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8gemm/2x4c8-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8gemm/4x-sumrows-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8gemm/4x4c2-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8gemm/4x8-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8gemm/4x8c2-xzp-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8gemm/6x4-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8gemm/8x8-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8vadd/neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/q8vadd/sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/AlignedAllocator.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/assembly.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/common.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/hgemm.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/indirection.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/isa-checks.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/log.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/math.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/operator.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/pack.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/params.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/q8avgpool.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/q8conv.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/q8dwconv.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/q8gavgpool.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/q8gemm.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/q8vadd.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/requantization-stubs.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/requantization.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/scalar-utils.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/sconv.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/sdwconv.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/sgemm.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/u8clamp.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/u8lut32norm.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/u8maxpool.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/u8rmax.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/x8lut.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/x8zip.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/fp32-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/fp32-psimd.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/fp32-scalar.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/fp32-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/gemmlowp-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/gemmlowp-scalar.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/gemmlowp-scalar.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/gemmlowp-sse.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/gemmlowp-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/gemmlowp-sse4.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/gemmlowp-ssse3.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/precise-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/precise-psimd.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/precise-scalar.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/precise-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/precise-sse4.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/precise-ssse3.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/q31-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/q31-scalar.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/q31-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/q31-sse4.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/requantization/q31-ssse3.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/sconv/6x8-psimd.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/sdwconv/up4x9-psimd.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/sgemm/5x8-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/sgemm/6x8-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/sgemm/6x8-psimd.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/sigmoid.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/softargmax.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/u8clamp/neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/u8clamp/sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/u8lut32norm/scalar.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/u8maxpool/16x9p8q-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/u8maxpool/16x9p8q-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/u8maxpool/sub16-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/u8maxpool/sub16-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/u8rmax/neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/u8rmax/sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/x8lut/scalar.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/x8zip/x2-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/x8zip/x2-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/x8zip/x3-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/x8zip/x3-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/x8zip/x4-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/x8zip/x4-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/x8zip/xm-neon.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/src/x8zip/xm-sse2.c
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/add-operator-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/add.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/average-pooling-operator-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/average-pooling.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/avgpool-microkernel-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/channel-shuffle-operator-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/channel-shuffle.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/clamp-microkernel-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/clamp-operator-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/clamp.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/convolution-operator-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/convolution.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/deconvolution-operator-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/deconvolution.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/dwconv-microkernel-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/fully-connected-operator-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/fully-connected.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/gavgpool-microkernel-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/gemm-microkernel-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/global-average-pooling-operator-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/global-average-pooling.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/hgemm.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/leaky-relu-operator-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/leaky-relu.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/lut-microkernel-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/lut-norm-microkernel-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/max-pooling-operator-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/max-pooling.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/maxpool-microkernel-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/q8avgpool.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/q8conv.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/q8dwconv.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/q8gavgpool.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/q8gemm.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/q8vadd.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/requantization-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/requantization.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/rmax-microkernel-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/sconv.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/sgemm.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/sigmoid-operator-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/sigmoid.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/softargmax-operator-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/softargmax.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/u8clamp.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/u8lut32norm.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/u8maxpool.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/u8rmax.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/vadd-microkernel-tester.h
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/x8lut.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/x8zip.cc
Examining data/qnnpack-0.0~git20190828.7d2a4e9/test/zip-microkernel-tester.h
FINAL RESULTS:
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:69:19: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
prefix_chars = snprintf(stack_buffer, CLOG_STACK_BUFFER_SIZE, CLOG_FATAL_PREFIX_FORMAT, module);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:82:19: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
format_chars = vsnprintf(NULL, 0, format, args);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:85:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:104:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(heap_buffer, prefix_chars + 1 /* for '\0'-terminator */, CLOG_FATAL_PREFIX_FORMAT, module);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:109:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(heap_buffer + prefix_chars, format_chars + CLOG_SUFFIX_LENGTH, format, args_copy);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:145:19: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
prefix_chars = snprintf(stack_buffer, CLOG_STACK_BUFFER_SIZE, CLOG_ERROR_PREFIX_FORMAT, module);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:158:19: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
format_chars = vsnprintf(NULL, 0, format, args);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:161:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:180:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(heap_buffer, prefix_chars + 1 /* for '\0'-terminator */, CLOG_ERROR_PREFIX_FORMAT, module);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:185:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(heap_buffer + prefix_chars, format_chars + CLOG_SUFFIX_LENGTH, format, args_copy);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:221:19: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
prefix_chars = snprintf(stack_buffer, CLOG_STACK_BUFFER_SIZE, CLOG_WARNING_PREFIX_FORMAT, module);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:234:19: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
format_chars = vsnprintf(NULL, 0, format, args);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:237:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:256:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(heap_buffer, prefix_chars + 1 /* for '\0'-terminator */, CLOG_WARNING_PREFIX_FORMAT, module);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:261:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(heap_buffer + prefix_chars, format_chars + CLOG_SUFFIX_LENGTH, format, args_copy);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:297:19: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
prefix_chars = snprintf(stack_buffer, CLOG_STACK_BUFFER_SIZE, CLOG_INFO_PREFIX_FORMAT, module);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:310:19: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
format_chars = vsnprintf(NULL, 0, format, args);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:313:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:332:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(heap_buffer, prefix_chars + 1 /* for '\0'-terminator */, CLOG_INFO_PREFIX_FORMAT, module);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:337:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(heap_buffer + prefix_chars, format_chars + CLOG_SUFFIX_LENGTH, format, args_copy);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:373:19: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
prefix_chars = snprintf(stack_buffer, CLOG_STACK_BUFFER_SIZE, CLOG_DEBUG_PREFIX_FORMAT, module);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:386:19: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
format_chars = vsnprintf(NULL, 0, format, args);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:389:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:408:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(heap_buffer, prefix_chars + 1 /* for '\0'-terminator */, CLOG_DEBUG_PREFIX_FORMAT, module);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:413:4: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(heap_buffer + prefix_chars, format_chars + CLOG_SUFFIX_LENGTH, format, args_copy);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack_buffer[CLOG_STACK_BUFFER_SIZE];
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:67:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stack_buffer, CLOG_FATAL_PREFIX, CLOG_FATAL_PREFIX_LENGTH);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:107:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(heap_buffer, stack_buffer, prefix_chars);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:133:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack_buffer[CLOG_STACK_BUFFER_SIZE];
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:143:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stack_buffer, CLOG_ERROR_PREFIX, CLOG_ERROR_PREFIX_LENGTH);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:183:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(heap_buffer, stack_buffer, prefix_chars);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:209:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack_buffer[CLOG_STACK_BUFFER_SIZE];
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:219:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stack_buffer, CLOG_WARNING_PREFIX, CLOG_WARNING_PREFIX_LENGTH);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:259:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(heap_buffer, stack_buffer, prefix_chars);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:285:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack_buffer[CLOG_STACK_BUFFER_SIZE];
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:295:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stack_buffer, CLOG_INFO_PREFIX, CLOG_INFO_PREFIX_LENGTH);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:335:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(heap_buffer, stack_buffer, prefix_chars);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:361:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stack_buffer[CLOG_STACK_BUFFER_SIZE];
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:371:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stack_buffer, CLOG_DEBUG_PREFIX, CLOG_DEBUG_PREFIX_LENGTH);
data/qnnpack-0.0~git20190828.7d2a4e9/deps/clog/src/clog.c:411:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(heap_buffer, stack_buffer, prefix_chars);
data/qnnpack-0.0~git20190828.7d2a4e9/src/qnnpack/AlignedAllocator.h:74:20: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
void* memory = memalign(Alignment, n * sizeof(T));
ANALYSIS SUMMARY:
Hits = 41
Lines analyzed = 53709 in approximately 1.35 seconds (39730 lines/second)
Physical Source Lines of Code (SLOC) = 45126
Hits@level = [0] 0 [1] 1 [2] 15 [3] 0 [4] 25 [5] 0
Hits@level+ = [0+] 41 [1+] 41 [2+] 40 [3+] 25 [4+] 25 [5+] 0
Hits/KSLOC@level+ = [0+] 0.908567 [1+] 0.908567 [2+] 0.886407 [3+] 0.554004 [4+] 0.554004 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.