Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/r-bioc-xvector-0.30.0/inst/include/XVector_defines.h Examining data/r-bioc-xvector-0.30.0/inst/include/XVector_interface.h Examining data/r-bioc-xvector-0.30.0/inst/include/_XVector_stubs.c Examining data/r-bioc-xvector-0.30.0/src/IRanges_stubs.c Examining data/r-bioc-xvector-0.30.0/src/Ocopy_byteblocks.c Examining data/r-bioc-xvector-0.30.0/src/RDS_random_access.c Examining data/r-bioc-xvector-0.30.0/src/R_init_XVector.c Examining data/r-bioc-xvector-0.30.0/src/S4Vectors_stubs.c Examining data/r-bioc-xvector-0.30.0/src/SharedDouble_class.c Examining data/r-bioc-xvector-0.30.0/src/SharedInteger_class.c Examining data/r-bioc-xvector-0.30.0/src/SharedRaw_class.c Examining data/r-bioc-xvector-0.30.0/src/SharedVector_class.c Examining data/r-bioc-xvector-0.30.0/src/XDouble_class.c Examining data/r-bioc-xvector-0.30.0/src/XInteger_class.c Examining data/r-bioc-xvector-0.30.0/src/XRawList_comparison.c Examining data/r-bioc-xvector-0.30.0/src/XRaw_class.c Examining data/r-bioc-xvector-0.30.0/src/XVector.h Examining data/r-bioc-xvector-0.30.0/src/XVectorList_class.c Examining data/r-bioc-xvector-0.30.0/src/XVector_class.c Examining data/r-bioc-xvector-0.30.0/src/io_utils.c Examining data/r-bioc-xvector-0.30.0/src/slice_methods.c Examining data/r-bioc-xvector-0.30.0/src/vector_copy.c Examining data/r-bioc-xvector-0.30.0/src/view_summarization_methods.c FINAL RESULTS: data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:80:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(msg); \ data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:88:3: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(format, value); \ data/r-bioc-xvector-0.30.0/src/Ocopy_byteblocks.c:38:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, b, dest_size); data/r-bioc-xvector-0.30.0/src/Ocopy_byteblocks.c:45:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, b, q * blocksize); data/r-bioc-xvector-0.30.0/src/Ocopy_byteblocks.c:122:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, src, src_size); data/r-bioc-xvector-0.30.0/src/Ocopy_byteblocks.c:129:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, src, q * blocksize); data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:103:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char errmsg_buf[40]; data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:211:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char LONG_LENGTH_bytes[4] = {0xff, 0xff, 0xff, 0xff}; data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:212:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[8]; data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:271:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char NA_STRING_bytes[4] = {0xff, 0xff, 0xff, 0xff}; data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:272:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:400:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char EOA_bytes[4] = {0x00, 0x00, 0x00, 0xfe}, data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:402:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:420:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char NEW_SYMBOL_bytes[4] = {0x00, 0x00, 0x00, 0x01}; data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:421:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:489:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char obj_header[4]; data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:548:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char RDS_header[14] = {0x58, 0x0a, data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:552:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char file_header[sizeof(RDS_header)]; data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:612:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char obj_header[4]; data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:632:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char errmsg_buf[80]; data/r-bioc-xvector-0.30.0/src/RDS_random_access.c:708:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char errmsg_buf[40]; data/r-bioc-xvector-0.30.0/src/SharedDouble_class.c:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; /* should be enough... */ data/r-bioc-xvector-0.30.0/src/SharedInteger_class.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; /* should be enough... */ data/r-bioc-xvector-0.30.0/src/SharedRaw_class.c:57:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (const char *) RAW(x_tag), LENGTH(x_tag), data/r-bioc-xvector-0.30.0/src/SharedRaw_class.c:82:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (const char *) RAW(x_tag), LENGTH(x_tag), data/r-bioc-xvector-0.30.0/src/SharedVector_class.c:20:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[40]; /* should be enough, even for 128-bit addresses */ data/r-bioc-xvector-0.30.0/src/SharedVector_class.c:223:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; /* should be enough... */ data/r-bioc-xvector-0.30.0/src/SharedVector_class.c:440:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char classname_buf[80]; data/r-bioc-xvector-0.30.0/src/io_utils.c:284:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(expath, mode); data/r-bioc-xvector-0.30.0/src/io_utils.c:400:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[7]; data/r-bioc-xvector-0.30.0/src/io_utils.c:405:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(expath, "rb")) == NULL) data/r-bioc-xvector-0.30.0/src/io_utils.c:636:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf_len = strlen(buf); ANALYSIS SUMMARY: Hits = 32 Lines analyzed = 6820 in approximately 0.18 seconds (37922 lines/second) Physical Source Lines of Code (SLOC) = 4970 Hits@level = [0] 13 [1] 1 [2] 29 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 45 [1+] 32 [2+] 31 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 9.05433 [1+] 6.43863 [2+] 6.23742 [3+] 0.402414 [4+] 0.402414 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.