stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-bioc-s4vectors-0.28.0/inst/include/S4Vectors_defines.h
Examining data/r-bioc-s4vectors-0.28.0/inst/include/S4Vectors_interface.h
Examining data/r-bioc-s4vectors-0.28.0/inst/include/_S4Vectors_stubs.c
Examining data/r-bioc-s4vectors-0.28.0/src/AEbufs.c
Examining data/r-bioc-s4vectors-0.28.0/src/DataFrame_class.c
Examining data/r-bioc-s4vectors-0.28.0/src/Hits_class.c
Examining data/r-bioc-s4vectors-0.28.0/src/LLint_class.c
Examining data/r-bioc-s4vectors-0.28.0/src/List_class.c
Examining data/r-bioc-s4vectors-0.28.0/src/R_init_S4Vectors.c
Examining data/r-bioc-s4vectors-0.28.0/src/Rle_class.c
Examining data/r-bioc-s4vectors-0.28.0/src/Rle_utils.c
Examining data/r-bioc-s4vectors-0.28.0/src/S4Vectors.h
Examining data/r-bioc-s4vectors-0.28.0/src/SEXP_utils.c
Examining data/r-bioc-s4vectors-0.28.0/src/SimpleList_class.c
Examining data/r-bioc-s4vectors-0.28.0/src/anyMissing.c
Examining data/r-bioc-s4vectors-0.28.0/src/character_utils.c
Examining data/r-bioc-s4vectors-0.28.0/src/eval_utils.c
Examining data/r-bioc-s4vectors-0.28.0/src/hash_utils.c
Examining data/r-bioc-s4vectors-0.28.0/src/integer_utils.c
Examining data/r-bioc-s4vectors-0.28.0/src/logical_utils.c
Examining data/r-bioc-s4vectors-0.28.0/src/map_ranges_to_runs.c
Examining data/r-bioc-s4vectors-0.28.0/src/raw_utils.c
Examining data/r-bioc-s4vectors-0.28.0/src/safe_arithm.c
Examining data/r-bioc-s4vectors-0.28.0/src/sort_utils.c
Examining data/r-bioc-s4vectors-0.28.0/src/subsetting_utils.c
Examining data/r-bioc-s4vectors-0.28.0/src/vector_utils.c

FINAL RESULTS:

data/r-bioc-s4vectors-0.28.0/src/character_utils.c:191:6:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
	n = snprintf(out, out_size, svn_format,
data/r-bioc-s4vectors-0.28.0/src/AEbufs.c:91:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(new_ptr, ptr, old_nmemb * memb_size);
data/r-bioc-s4vectors-0.28.0/src/AEbufs.c:205:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dest, newvals, nnewval * sizeof(int));
data/r-bioc-s4vectors-0.28.0/src/AEbufs.c:313:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(INTEGER(ans), ae->elts, ae_nelt * sizeof(int));
data/r-bioc-s4vectors-0.28.0/src/AEbufs.c:326:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(LOGICAL(ans), ae->elts, ae_nelt * sizeof(int));
data/r-bioc-s4vectors-0.28.0/src/AEbufs.c:617:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[11];
data/r-bioc-s4vectors-0.28.0/src/AEbufs.c:1279:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dest, newvals, nnewval * sizeof(double));
data/r-bioc-s4vectors-0.28.0/src/AEbufs.c:1314:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(REAL(ans), ae->elts, ae_nelt * sizeof(double));
data/r-bioc-s4vectors-0.28.0/src/AEbufs.c:1442:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(ae->elts, string, ae->_buflength);
data/r-bioc-s4vectors-0.28.0/src/AEbufs.c:1457:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dest, string, sizeof(char) * nnewval);
data/r-bioc-s4vectors-0.28.0/src/AEbufs.c:1506:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(RAW(ans), ae->elts, ae_nelt * sizeof(char));
data/r-bioc-s4vectors-0.28.0/src/Hits_class.c:45:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(INTEGER(ans_from), from, n);
data/r-bioc-s4vectors-0.28.0/src/Hits_class.c:46:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(INTEGER(ans_to), to, n);
data/r-bioc-s4vectors-0.28.0/src/Hits_class.c:72:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(from_in, revmap, sizeof(int) * nhit);
data/r-bioc-s4vectors-0.28.0/src/Hits_class.c:110:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(from_in, from_out, sizeof(int) * nLnode);
data/r-bioc-s4vectors-0.28.0/src/Hits_class.c:151:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(from2, from, sizeof(int) * nhit);
data/r-bioc-s4vectors-0.28.0/src/LLint_class.c:346:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char val_buf[21];
data/r-bioc-s4vectors-0.28.0/src/LLint_class.c:358:7:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		if (sprintf(val_buf, "%lld", from_elt) < 0)
data/r-bioc-s4vectors-0.28.0/src/Rle_class.c:83:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char validity_msg[200];
data/r-bioc-s4vectors-0.28.0/src/Rle_class.c:1018:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(INTEGER(ans_lengths),
data/r-bioc-s4vectors-0.28.0/src/Rle_class.c:1088:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(tmp_lengths + tmp_nrun,
data/r-bioc-s4vectors-0.28.0/src/character_utils.c:32:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dest, sep, sep_len);
data/r-bioc-s4vectors-0.28.0/src/character_utils.c:36:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(dest, CHAR(x_elt), LENGTH(x_elt));
data/r-bioc-s4vectors-0.28.0/src/character_utils.c:42:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char errmsg_buf[200];
data/r-bioc-s4vectors-0.28.0/src/character_utils.c:137:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[2] = "X"; /* we only care about having buf[1] == 0 */
data/r-bioc-s4vectors-0.28.0/src/character_utils.c:211:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[45];
data/r-bioc-s4vectors-0.28.0/src/integer_utils.c:55:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char errmsg_buf[200];
data/r-bioc-s4vectors-0.28.0/src/integer_utils.c:809:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ans_ptr, x_ptr, (x_len - x_i) * sizeof(int));
data/r-bioc-s4vectors-0.28.0/src/integer_utils.c:811:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(ans_ptr, y_ptr, (y_len - y_i) * sizeof(int));
data/r-bioc-s4vectors-0.28.0/src/map_ranges_to_runs.c:11:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char errmsg_buf[200];
data/r-bioc-s4vectors-0.28.0/src/map_ranges_to_runs.c:408:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(SEbuf, start, sizeof(int) * nranges);
data/r-bioc-s4vectors-0.28.0/src/raw_utils.c:92:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char dest[1], byte;
data/r-bioc-s4vectors-0.28.0/src/raw_utils.c:144:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(dest + totalchars, src, width_i);
data/r-bioc-s4vectors-0.28.0/src/raw_utils.c:311:44:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	return _extract_bytes_by_positions((const char *) RAW(x), LENGTH(x),
data/r-bioc-s4vectors-0.28.0/src/raw_utils.c:333:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	return _extract_bytes_by_ranges((const char *) RAW(x), LENGTH(x),
data/r-bioc-s4vectors-0.28.0/src/sort_utils.c:321:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static unsigned char bucket2base[MINIRX_NBUCKET];
data/r-bioc-s4vectors-0.28.0/src/sort_utils.c:333:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(out, base,
data/r-bioc-s4vectors-0.28.0/src/sort_utils.c:389:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(base, out,
data/r-bioc-s4vectors-0.28.0/src/sort_utils.c:395:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char		minirx_base_uidx_buf[MINIRX_BASE_MAXLENGTH];
data/r-bioc-s4vectors-0.28.0/src/sort_utils.c:566:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static unsigned char bucket_used_buf[MINIRX_NBUCKET];
data/r-bioc-s4vectors-0.28.0/src/sort_utils.c:895:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(out, base, sizeof(int) * base_len);
data/r-bioc-s4vectors-0.28.0/src/sort_utils.c:934:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(out, base, sizeof(int) * base_len);
data/r-bioc-s4vectors-0.28.0/src/AEbufs.c:1440:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ae = _new_CharAE(strlen(string));
data/r-bioc-s4vectors-0.28.0/src/AEbufs.c:1451:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	nnewval = strlen(string);

ANALYSIS SUMMARY:

Hits = 44
Lines analyzed = 12816 in approximately 0.30 seconds (43122 lines/second)
Physical Source Lines of Code (SLOC) = 9887
Hits@level = [0]  20 [1]   2 [2]  41 [3]   0 [4]   1 [5]   0
Hits@level+ = [0+]  64 [1+]  44 [2+]  42 [3+]   1 [4+]   1 [5+]   0
Hits/KSLOC@level+ = [0+] 6.47315 [1+] 4.45029 [2+] 4.248 [3+] 0.101143 [4+] 0.101143 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.