Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-digest-0.6.27/src/pmurhash.c
Examining data/r-cran-digest-0.6.27/src/digest2int.c
Examining data/r-cran-digest-0.6.27/src/zlib.h
Examining data/r-cran-digest-0.6.27/src/xxhash.c
Examining data/r-cran-digest-0.6.27/src/md5.c
Examining data/r-cran-digest-0.6.27/src/sha1.h
Examining data/r-cran-digest-0.6.27/src/aes.c
Examining data/r-cran-digest-0.6.27/src/blake3_portable.c
Examining data/r-cran-digest-0.6.27/src/spooky_serialize.cpp
Examining data/r-cran-digest-0.6.27/src/xxhash.h
Examining data/r-cran-digest-0.6.27/src/sha256.h
Examining data/r-cran-digest-0.6.27/src/init.c
Examining data/r-cran-digest-0.6.27/src/crc32.c
Examining data/r-cran-digest-0.6.27/src/crc32.h
Examining data/r-cran-digest-0.6.27/src/blake3.h
Examining data/r-cran-digest-0.6.27/src/sha1.c
Examining data/r-cran-digest-0.6.27/src/digest.c
Examining data/r-cran-digest-0.6.27/src/sha2.c
Examining data/r-cran-digest-0.6.27/src/zutil.h
Examining data/r-cran-digest-0.6.27/src/sha2.h
Examining data/r-cran-digest-0.6.27/src/blake3_dispatch.c
Examining data/r-cran-digest-0.6.27/src/zconf.h
Examining data/r-cran-digest-0.6.27/src/blake3.c
Examining data/r-cran-digest-0.6.27/src/blake3_impl.h
Examining data/r-cran-digest-0.6.27/src/aes.h
Examining data/r-cran-digest-0.6.27/src/SpookyV2.h
Examining data/r-cran-digest-0.6.27/src/raes.c
Examining data/r-cran-digest-0.6.27/src/SpookyV2.cpp
Examining data/r-cran-digest-0.6.27/src/md5.h
Examining data/r-cran-digest-0.6.27/src/sha256.c
Examining data/r-cran-digest-0.6.27/src/pmurhash.h
Examining data/r-cran-digest-0.6.27/inst/include/pmurhashAPI.h
FINAL RESULTS:
data/r-cran-digest-0.6.27/src/digest.c:207:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, "%016" PRIx64, val);
data/r-cran-digest-0.6.27/src/digest.c:432:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(output, "%016" PRIx64, val);
data/r-cran-digest-0.6.27/src/SpookyV2.cpp:42:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, message, length);
data/r-cran-digest-0.6.27/src/SpookyV2.cpp:160:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((uint8 *)m_data)[m_remainder], message, length);
data/r-cran-digest-0.6.27/src/SpookyV2.cpp:194:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(((uint8 *)m_data)[m_remainder]), message, prefix);
data/r-cran-digest-0.6.27/src/SpookyV2.cpp:221:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_data, u.p8, sc_blockSize);
data/r-cran-digest-0.6.27/src/SpookyV2.cpp:229:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m_data, end, remainder);
data/r-cran-digest-0.6.27/src/aes.c:776:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char AES_enc_test[3][16] =
data/r-cran-digest-0.6.27/src/aes.c:786:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char AES_dec_test[3][16] =
data/r-cran-digest-0.6.27/src/aes.c:800:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/r-cran-digest-0.6.27/src/aes.c:801:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[32];
data/r-cran-digest-0.6.27/src/blake3.c:18:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->cv, key, BLAKE3_KEY_LEN);
data/r-cran-digest-0.6.27/src/blake3.c:28:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->cv, key, BLAKE3_KEY_LEN);
data/r-cran-digest-0.6.27/src/blake3.c:47:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, input, take);
data/r-cran-digest-0.6.27/src/blake3.c:73:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret.input_cv, input_cv, 32);
data/r-cran-digest-0.6.27/src/blake3.c:74:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret.block, block, BLAKE3_BLOCK_LEN);
data/r-cran-digest-0.6.27/src/blake3.c:89:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cv_words, self->input_cv, 32);
data/r-cran-digest-0.6.27/src/blake3.c:92:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cv, cv_words, 32);
data/r-cran-digest-0.6.27/src/blake3.c:110:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, wide_buf + offset_within_block, memcpy_len);
data/r-cran-digest-0.6.27/src/blake3.c:244:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&out[parents_array_len * BLAKE3_OUT_LEN],
data/r-cran-digest-0.6.27/src/blake3.c:319:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, cv_array, 2 * BLAKE3_OUT_LEN);
data/r-cran-digest-0.6.27/src/blake3.c:357:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cv_array, out_array, num_cvs * BLAKE3_OUT_LEN);
data/r-cran-digest-0.6.27/src/blake3.c:359:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, cv_array, 2 * BLAKE3_OUT_LEN);
data/r-cran-digest-0.6.27/src/blake3.c:364:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(self->key, key, BLAKE3_KEY_LEN);
data/r-cran-digest-0.6.27/src/blake3.c:445:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&self->cv_stack[self->cv_stack_len * BLAKE3_OUT_LEN], new_cv,
data/r-cran-digest-0.6.27/src/blake3.c:601:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(parent_block, &self->cv_stack[cvs_remaining * 32], 32);
data/r-cran-digest-0.6.27/src/blake3_portable.c:146:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cv, key, BLAKE3_KEY_LEN);
data/r-cran-digest-0.6.27/src/blake3_portable.c:158:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, cv, 32);
data/r-cran-digest-0.6.27/src/digest.c:55:18: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
size_t len = MultiByteToWideChar(CP_UTF8, 0, txt, -1, NULL, 0);
data/r-cran-digest-0.6.27/src/digest.c:64:5: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, txt, -1, buf, len);
data/r-cran-digest-0.6.27/src/digest.c:67:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(txt, "rb");
data/r-cran-digest-0.6.27/src/digest.c:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[128+1], *outputp = output; /* 33 for md5, 41 for sha1, 65 for sha256, 128 for sha512; plus trailing NULL */
data/r-cran-digest-0.6.27/src/digest.c:118:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5sum[16];
data/r-cran-digest-0.6.27/src/digest.c:123:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, md5sum, 16);
data/r-cran-digest-0.6.27/src/digest.c:127:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output + j * 2, "%02x", md5sum[j]);
data/r-cran-digest-0.6.27/src/digest.c:135:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1sum[20];
data/r-cran-digest-0.6.27/src/digest.c:140:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, sha1sum, 20);
data/r-cran-digest-0.6.27/src/digest.c:144:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output + j * 2, "%02x", sha1sum[j] );
data/r-cran-digest-0.6.27/src/digest.c:155:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output, "%08x", (unsigned int) val);
data/r-cran-digest-0.6.27/src/digest.c:162:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha256sum[32];
data/r-cran-digest-0.6.27/src/digest.c:167:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, sha256sum, 32);
data/r-cran-digest-0.6.27/src/digest.c:171:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output + j * 2, "%02x", sha256sum[j] );
data/r-cran-digest-0.6.27/src/digest.c:186:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, sha512sum, output_length);
data/r-cran-digest-0.6.27/src/digest.c:201:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output, "%08x", val);
data/r-cran-digest-0.6.27/src/digest.c:209:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output, "%016llx", val);
data/r-cran-digest-0.6.27/src/digest.c:215:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output, "%08x", val);
data/r-cran-digest-0.6.27/src/digest.c:226:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, val, BLAKE3_OUT_LEN);
data/r-cran-digest-0.6.27/src/digest.c:229:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output + i * 2, "%02x", val[i]);
data/r-cran-digest-0.6.27/src/digest.c:238:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BUF_SIZE];
data/r-cran-digest-0.6.27/src/digest.c:239:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5sum[16];
data/r-cran-digest-0.6.27/src/digest.c:255:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, md5sum, 16);
data/r-cran-digest-0.6.27/src/digest.c:258:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output + j * 2, "%02x", md5sum[j]);
data/r-cran-digest-0.6.27/src/digest.c:265:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BUF_SIZE];
data/r-cran-digest-0.6.27/src/digest.c:266:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1sum[20];
data/r-cran-digest-0.6.27/src/digest.c:281:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, sha1sum, 20);
data/r-cran-digest-0.6.27/src/digest.c:284:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output + j * 2, "%02x", sha1sum[j] );
data/r-cran-digest-0.6.27/src/digest.c:288:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BUF_SIZE];
data/r-cran-digest-0.6.27/src/digest.c:303:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output, "%08x", (unsigned int) val);
data/r-cran-digest-0.6.27/src/digest.c:310:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BUF_SIZE];
data/r-cran-digest-0.6.27/src/digest.c:311:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha256sum[32];
data/r-cran-digest-0.6.27/src/digest.c:326:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, sha256sum, 32);
data/r-cran-digest-0.6.27/src/digest.c:329:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output + j * 2, "%02x", sha256sum[j] );
data/r-cran-digest-0.6.27/src/digest.c:338:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BUF_SIZE];
data/r-cran-digest-0.6.27/src/digest.c:356:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, sha512sum, output_length);
data/r-cran-digest-0.6.27/src/digest.c:371:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BUF_SIZE];
data/r-cran-digest-0.6.27/src/digest.c:399:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output, "%08x", val);
data/r-cran-digest-0.6.27/src/digest.c:403:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BUF_SIZE];
data/r-cran-digest-0.6.27/src/digest.c:434:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output, "%016llx", val);
data/r-cran-digest-0.6.27/src/digest.c:440:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BUF_SIZE];
data/r-cran-digest-0.6.27/src/digest.c:460:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output, "%08x", val);
data/r-cran-digest-0.6.27/src/digest.c:465:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[BUF_SIZE];
data/r-cran-digest-0.6.27/src/digest.c:483:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, val, BLAKE3_OUT_LEN);
data/r-cran-digest-0.6.27/src/digest.c:486:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(output + i * 2, "%02x", val[i]);
data/r-cran-digest-0.6.27/src/digest.c:502:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RAW(result), output, output_length);
data/r-cran-digest-0.6.27/src/md5.c:178:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left),
data/r-cran-digest-0.6.27/src/md5.c:195:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left),
data/r-cran-digest-0.6.27/src/md5.c:269:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[33];
data/r-cran-digest-0.6.27/src/md5.c:271:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1000];
data/r-cran-digest-0.6.27/src/md5.c:272:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5sum[16];
data/r-cran-digest-0.6.27/src/md5.c:288:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output + j * 2, "%02x", md5sum[j] );
data/r-cran-digest-0.6.27/src/md5.c:304:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ! ( f = fopen( argv[1], "rb" ) ) )
data/r-cran-digest-0.6.27/src/sha1.c:212:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left),
data/r-cran-digest-0.6.27/src/sha1.c:229:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left),
data/r-cran-digest-0.6.27/src/sha1.c:295:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[41];
data/r-cran-digest-0.6.27/src/sha1.c:297:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1000];
data/r-cran-digest-0.6.27/src/sha1.c:298:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1sum[20];
data/r-cran-digest-0.6.27/src/sha1.c:329:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output + j * 2, "%02x", sha1sum[j] );
data/r-cran-digest-0.6.27/src/sha1.c:345:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ! ( f = fopen( argv[1], "rb" ) ) )
data/r-cran-digest-0.6.27/src/sha2.c:178:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define MEMCPY_BCOPY(d,s,l) memcpy((d), (s), (l))
data/r-cran-digest-0.6.27/src/sha2.c:182:29: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define MEMCPY_BCOPY(d,s,l) bcopy((s), (d), (l))
data/r-cran-digest-0.6.27/src/sha2.c:664:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char* SHA256_Data(const sha2_byte* data, size_t len, char digest[SHA256_DIGEST_STRING_LENGTH]) {
data/r-cran-digest-0.6.27/src/sha2.c:996:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char* SHA512_Data(const sha2_byte* data, size_t len, char digest[SHA512_DIGEST_STRING_LENGTH]) {
data/r-cran-digest-0.6.27/src/sha2.c:1072:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char* SHA384_Data(const sha2_byte* data, size_t len, char digest[SHA384_DIGEST_STRING_LENGTH]) {
data/r-cran-digest-0.6.27/src/sha256.c:204:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left),
data/r-cran-digest-0.6.27/src/sha256.c:221:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (void *) (ctx->buffer + left),
data/r-cran-digest-0.6.27/src/sha256.c:293:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output[65];
data/r-cran-digest-0.6.27/src/sha256.c:295:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1000];
data/r-cran-digest-0.6.27/src/sha256.c:296:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha256sum[32];
data/r-cran-digest-0.6.27/src/sha256.c:327:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( output + j * 2, "%02x", sha256sum[j] );
data/r-cran-digest-0.6.27/src/sha256.c:343:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( ! ( f = fopen( argv[1], "rb" ) ) )
data/r-cran-digest-0.6.27/src/xxhash.c:112:76: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void* XXH_memcpy(void* dest, const void* src, size_t size) { return memcpy(dest,src,size); }
data/r-cran-digest-0.6.27/src/xxhash.c:434:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstState, srcState, sizeof(*dstState));
data/r-cran-digest-0.6.27/src/xxhash.c:446:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(statePtr, &state, sizeof(state) - sizeof(state.reserved));
data/r-cran-digest-0.6.27/src/xxhash.c:568:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &hash, sizeof(*dst));
data/r-cran-digest-0.6.27/src/xxhash.c:895:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstState, srcState, sizeof(*dstState));
data/r-cran-digest-0.6.27/src/xxhash.c:907:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(statePtr, &state, sizeof(state) - sizeof(state.reserved));
data/r-cran-digest-0.6.27/src/xxhash.c:1021:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &hash, sizeof(*dst));
data/r-cran-digest-0.6.27/src/xxhash.h:204:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef struct { unsigned char digest[4]; } XXH32_canonical_t;
data/r-cran-digest-0.6.27/src/xxhash.h:239:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef struct { unsigned char digest[8]; } XXH64_canonical_t;
data/r-cran-digest-0.6.27/src/zutil.h:41:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char * const z_errmsg[10]; /* indexed by 2-zlib_error */
data/r-cran-digest-0.6.27/src/blake3.c:381:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
blake3_hasher_update(&context_hasher, context, strlen(context));
data/r-cran-digest-0.6.27/src/digest.c:95:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nChar = strlen(txt);
data/r-cran-digest-0.6.27/src/md5.c:283:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_update( &ctx, (uint8 *) msg[i], strlen( msg[i] ) );
data/r-cran-digest-0.6.27/src/sha1.c:313:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( msg[i] ) );
data/r-cran-digest-0.6.27/src/sha2.c:90:32: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
#error Define BYTE_ORDER to be equal to either LITTLE_ENDIAN or BIG_ENDIAN
data/r-cran-digest-0.6.27/src/sha256.c:311:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen( msg[i] ) );
ANALYSIS SUMMARY:
Hits = 116
Lines analyzed = 9304 in approximately 0.30 seconds (31524 lines/second)
Physical Source Lines of Code (SLOC) = 6375
Hits@level = [0] 49 [1] 6 [2] 108 [3] 0 [4] 2 [5] 0
Hits@level+ = [0+] 165 [1+] 116 [2+] 110 [3+] 2 [4+] 2 [5+] 0
Hits/KSLOC@level+ = [0+] 25.8824 [1+] 18.1961 [2+] 17.2549 [3+] 0.313725 [4+] 0.313725 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.