Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/r-cran-earth-5.3.0/src/earth.h Examining data/r-cran-earth-5.3.0/src/allowed.c Examining data/r-cran-earth-5.3.0/src/rentries.c Examining data/r-cran-earth-5.3.0/src/earth.c Examining data/r-cran-earth-5.3.0/src/allowed.h Examining data/r-cran-earth-5.3.0/inst/slowtests/test.earthc.c FINAL RESULTS: data/r-cran-earth-5.3.0/inst/slowtests/test.earthc.c:30:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(s, args, p); data/r-cran-earth-5.3.0/inst/slowtests/test.earthc.c:277:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sTestName1, "%s%s%s", data/r-cran-earth-5.3.0/src/earth.c:70:13: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define printf Rprintf data/r-cran-earth-5.3.0/src/earth.c:74:21: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define warning printf data/r-cran-earth-5.3.0/src/earth.c:259:13: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(s, args, va); data/r-cran-earth-5.3.0/src/earth.c:279:13: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(s, args, va); data/r-cran-earth-5.3.0/src/earth.c:361:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(s, Align? "%6.3f GB": "%.3g GB", Size / ((size_t)1 << 30)); data/r-cran-earth-5.3.0/src/earth.c:363:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(s, Align? "%6.0f MB": "%.3g MB", Size / ((size_t)1 << 20)); data/r-cran-earth-5.3.0/src/earth.c:365:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(s, Align? "%6.0f kB": "%.3g kB", Size / ((size_t)1 << 10)); data/r-cran-earth-5.3.0/src/earth.c:367:9: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(s, Align? "%6.0f B": "%g Bytes", Size); data/r-cran-earth-5.3.0/src/earth.c:378:9: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(s, args, va); data/r-cran-earth-5.3.0/src/earth.c:2351:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sx, sFormatMemSize(nCases * nPreds * sizeof(double), false)); data/r-cran-earth-5.3.0/src/earth.c:2353:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sbx, sFormatMemSize(nCases * nMaxTerms * sizeof(double), false)); data/r-cran-earth-5.3.0/src/earth.c:2459:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sUsed, ", %d term%s used", nUsed, nUsed == 1? "": "s"); data/r-cran-earth-5.3.0/src/earth.c:2461:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sTerms, "%d term%s%s", nTerms, nTerms == 1? "": "s", sUsed); data/r-cran-earth-5.3.0/src/earth.c:3470:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. char sPad[500]; sprintf(sPad, "%*s", 28+nDigits+nPredWidth, " "); // comment pad data/r-cran-earth-5.3.0/src/earth.c:3472:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(sFormat, Betas_(0, iResp)); // intercept data/r-cran-earth-5.3.0/src/earth.c:3488:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, " * max(0, %s - %*sx[%s])", data/r-cran-earth-5.3.0/src/earth.c:3490:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(s, Cuts_(iTerm, iPred), iPred); data/r-cran-earth-5.3.0/src/earth.c:3494:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, " * max(0, x[%s]%*s- %s)", data/r-cran-earth-5.3.0/src/earth.c:3496:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(s, iPred, Cuts_(iTerm, iPred)); data/r-cran-earth-5.3.0/src/earth.c:3500:29: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, " * x[%s]%*s ", data/r-cran-earth-5.3.0/src/earth.c:3502:29: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(s, iPred); data/r-cran-earth-5.3.0/src/earth.c:3600:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(s, args, va); data/r-cran-earth-5.3.0/inst/slowtests/test.earthc.c:27:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1000]; data/r-cran-earth-5.3.0/inst/slowtests/test.earthc.c:276:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sTestName1[200]; data/r-cran-earth-5.3.0/src/earth.c:256:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1000]; data/r-cran-earth-5.3.0/src/earth.c:276:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1000]; data/r-cran-earth-5.3.0/src/earth.c:358:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[100]; data/r-cran-earth-5.3.0/src/earth.c:375:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1000]; data/r-cran-earth-5.3.0/src/earth.c:517:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(SortedQ, Q, nQMax * sizeof(tQueue)); data/r-cran-earth-5.3.0/src/earth.c:666:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xUsed + iUsed * nCases, data/r-cran-earth-5.3.0/src/earth.c:1152:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bxOrthCol, y, nCases * sizeof(double)); data/r-cran-earth-5.3.0/src/earth.c:1985:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bxTemp, bxUsed, nCases * nUsedCols * sizeof(double)); data/r-cran-earth-5.3.0/src/earth.c:2350:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sx[100]; data/r-cran-earth-5.3.0/src/earth.c:2352:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sbx[100]; data/r-cran-earth-5.3.0/src/earth.c:2456:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sUsed[100] = ""; data/r-cran-earth-5.3.0/src/earth.c:2460:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sTerms[200]; // May 2018: changed 100 to 200 for specious CRAN warning: '%s' directive writing up to 99 bytes into a region of size between 84 and 94 [-Wformat-overflow=] data/r-cran-earth-5.3.0/src/earth.c:3098:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(PruneTerms + (nUsedCols-1) * nMaxTerms, WorkingSet, data/r-cran-earth-5.3.0/src/earth.c:3255:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(BestSet, PruneTerms + iBestModel * nMaxTerms, nMaxTerms * sizeof(bool)); data/r-cran-earth-5.3.0/src/earth.c:3286:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bx + nUsed * nCases, bx + iTerm * nCases, nCases * sizeof(double)); data/r-cran-earth-5.3.0/src/earth.c:3458:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1000]; data/r-cran-earth-5.3.0/src/earth.c:3460:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sFormat[50]; sprintf(sFormat, "%%-%d.%dg", nDigits+6, nDigits); data/r-cran-earth-5.3.0/src/earth.c:3460:24: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. char sFormat[50]; sprintf(sFormat, "%%-%d.%dg", nDigits+6, nDigits); data/r-cran-earth-5.3.0/src/earth.c:3461:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sFormat1[50]; sprintf(sFormat1, "%%%d.%dg", nDigits+6, nDigits); data/r-cran-earth-5.3.0/src/earth.c:3461:24: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. char sFormat1[50]; sprintf(sFormat1, "%%%d.%dg", nDigits+6, nDigits); data/r-cran-earth-5.3.0/src/earth.c:3469:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sPredFormat[20]; sprintf(sPredFormat, "%%%dd", nPredWidth); data/r-cran-earth-5.3.0/src/earth.c:3469:27: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. char sPredFormat[20]; sprintf(sPredFormat, "%%%dd", nPredWidth); data/r-cran-earth-5.3.0/src/earth.c:3470:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sPad[500]; sprintf(sPad, "%*s", 28+nDigits+nPredWidth, " "); // comment pad data/r-cran-earth-5.3.0/src/earth.c:3597:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1000]; data/r-cran-earth-5.3.0/src/earth.c:3614:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[7]; data/r-cran-earth-5.3.0/src/earth.c:3615:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, srname, 6); ANALYSIS SUMMARY: Hits = 52 Lines analyzed = 4898 in approximately 0.15 seconds (32828 lines/second) Physical Source Lines of Code (SLOC) = 3901 Hits@level = [0] 87 [1] 1 [2] 27 [3] 0 [4] 24 [5] 0 Hits@level+ = [0+] 139 [1+] 52 [2+] 51 [3+] 24 [4+] 24 [5+] 0 Hits/KSLOC@level+ = [0+] 35.6319 [1+] 13.3299 [2+] 13.0736 [3+] 6.15227 [4+] 6.15227 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.