Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/num_to_char.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/collapse_pretty.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/r-base64.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/base64.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/register.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/integer64_to_na.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/modp_stdint.h
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/parse.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/row_collapse.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/escape_chars.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/modp_numtoa.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/null_to_na.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/collapse_object.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/push_parser.h
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/transpose_list.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/is_datelist.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/push_parser.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/prettify.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/collapse_array.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/modp_numtoa.h
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_version.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_alloc.h
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_lex.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_lex.h
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_encode.h
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_alloc.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_encode.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_buf.h
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_tree.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_parser.h
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_bytestack.h
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_buf.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_gen.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/api/yajl_parse.h
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/api/yajl_common.h
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/api/yajl_tree.h
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/api/yajl_gen.h
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/api/yajl_version.h
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_parser.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/validate.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/is_scalarlist.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/is_recordlist.c
Examining data/r-cran-jsonlite-1.7.1+dfsg/src/base64.h
FINAL RESULTS:
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_parser.c:96:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((char *) str, errorType);
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_parser.c:100:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((char *) str, errorText);
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_parser.c:137:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((char *) newStr, (char *) str);
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_parser.c:138:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((char *) newStr, text);
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_parser.c:139:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat((char *) newStr, arrow);
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_tree.c:35:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf sprintf_s
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_tree.c:61:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf ((ctx)->errbuf, (ctx)->errbuf_size, __VA_ARGS__); \
data/r-cran-jsonlite-1.7.1+dfsg/src/base64.c:11:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char base64_table[64] =
data/r-cran-jsonlite-1.7.1+dfsg/src/base64.c:95:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dtable[256], *out, *pos, in[4], block[4], tmp;
data/r-cran-jsonlite-1.7.1+dfsg/src/collapse_array.c:23:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(++s, translateCharUTF8(STRING_ELT(x, i)), size);
data/r-cran-jsonlite-1.7.1+dfsg/src/collapse_object.c:31:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(++s, translateCharUTF8(STRING_ELT(x, i)), size);
data/r-cran-jsonlite-1.7.1+dfsg/src/collapse_object.c:39:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(++s, translateCharUTF8(STRING_ELT(y, i)), size);
data/r-cran-jsonlite-1.7.1+dfsg/src/collapse_pretty.c:15:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*cur, val, n);
data/r-cran-jsonlite-1.7.1+dfsg/src/escape_chars.c:90:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outcur, "\\u%04x", *cur);
data/r-cran-jsonlite-1.7.1+dfsg/src/integer64_to_na.c:9:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/r-cran-jsonlite-1.7.1+dfsg/src/modp_numtoa.c:164:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%e", neg ? -value : value);
data/r-cran-jsonlite-1.7.1+dfsg/src/modp_numtoa.c:268:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%e", neg ? -value : value);
data/r-cran-jsonlite-1.7.1+dfsg/src/num_to_char.c:11:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/r-cran-jsonlite-1.7.1+dfsg/src/num_to_char.c:71:11: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, ".0");
data/r-cran-jsonlite-1.7.1+dfsg/src/parse.c:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[1024];
data/r-cran-jsonlite-1.7.1+dfsg/src/parse.c:59:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/r-cran-jsonlite-1.7.1+dfsg/src/push_parser.c:12:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[bufsize];
data/r-cran-jsonlite-1.7.1+dfsg/src/r-base64.c:29:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RAW(res), out, outlen);
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl.c:67:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) &(hand->alloc), (void *) afs, sizeof(yajl_alloc_funcs));
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_buf.c:76:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->data + buf->used, data, len);
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_encode.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexBuf[7];
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_encode.c:124:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8Buf[5];
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_gen.c:119:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *) &(g->alloc), (void *) afs, sizeof(yajl_alloc_funcs));
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_gen.c:211:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char i[32];
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_gen.c:213:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(i, "%lld", number);
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_gen.c:229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char i[32];
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_gen.c:233:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(i, "%.20g", number);
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_gen.c:235:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(i, ".0");
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_lex.c:138:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char charLookupTable[256] =
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_parser.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[72];
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_parser.c:97:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat((char *) str, " error");
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_parser.c:99:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat((char *) str, ": ");
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_tree.c:292:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->u.string, string, string_length);
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_tree.c:313:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->u.number.r, string, string_length);
data/r-cran-jsonlite-1.7.1+dfsg/src/collapse_array.c:13:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchar_total += strlen(translateCharUTF8(STRING_ELT(x, i)));
data/r-cran-jsonlite-1.7.1+dfsg/src/collapse_array.c:22:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(translateCharUTF8(STRING_ELT(x, i)));
data/r-cran-jsonlite-1.7.1+dfsg/src/collapse_object.c:17:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchar_total += strlen(translateCharUTF8(STRING_ELT(x, i)));
data/r-cran-jsonlite-1.7.1+dfsg/src/collapse_object.c:18:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchar_total += strlen(translateCharUTF8(STRING_ELT(y, i)));
data/r-cran-jsonlite-1.7.1+dfsg/src/collapse_object.c:30:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(translateCharUTF8(STRING_ELT(x, i)));
data/r-cran-jsonlite-1.7.1+dfsg/src/collapse_object.c:38:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(translateCharUTF8(STRING_ELT(y, i)));
data/r-cran-jsonlite-1.7.1+dfsg/src/collapse_pretty.c:14:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(val);
data/r-cran-jsonlite-1.7.1+dfsg/src/collapse_pretty.c:36:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchar_total += strlen(translateCharUTF8(STRING_ELT(x, i)));
data/r-cran-jsonlite-1.7.1+dfsg/src/collapse_pretty.c:37:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchar_total += strlen(translateCharUTF8(STRING_ELT(y, i)));
data/r-cran-jsonlite-1.7.1+dfsg/src/collapse_pretty.c:87:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchar_total += strlen(translateCharUTF8(STRING_ELT(x, i)));
data/r-cran-jsonlite-1.7.1+dfsg/src/collapse_pretty.c:138:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nchar_total += strlen(translateCharUTF8(STRING_ELT(x, i)));
data/r-cran-jsonlite-1.7.1+dfsg/src/modp_numtoa.c:165:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(str);
data/r-cran-jsonlite-1.7.1+dfsg/src/modp_numtoa.c:269:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(str);
data/r-cran-jsonlite-1.7.1+dfsg/src/num_to_char.c:70:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(always_dec && strspn(buf, "0123456789-") == strlen(buf)){
data/r-cran-jsonlite-1.7.1+dfsg/src/prettify.c:112:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t rd = strlen(json);
data/r-cran-jsonlite-1.7.1+dfsg/src/push_parser.c:68:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(errbuf, (char *) errstr, bufsize - 1);
data/r-cran-jsonlite-1.7.1+dfsg/src/validate.c:25:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t rd = strlen(json);
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_encode.c:69:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
print(ctx, escaped, (unsigned int)strlen(escaped));
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_encode.c:171:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
yajl_buf_append(buf, unescaped, (unsigned int)strlen(unescaped));
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_gen.c:133:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sep != NULL) g->print(g->ctx, sep, strlen(sep));
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_gen.c:160:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(unsigned int)strlen(g->indentString)); \
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_gen.c:214:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g->print(g->ctx, i, (unsigned int)strlen(i));
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_gen.c:234:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strspn(i, "0123456789-") == strlen(i)) {
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_gen.c:237:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g->print(g->ctx, i, (unsigned int)strlen(i));
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_gen.c:278:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g->print(g->ctx, "null", strlen("null"));
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_gen.c:290:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g->print(g->ctx, val, (unsigned int)strlen(val));
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_parser.c:87:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memneeded += strlen(errorType);
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_parser.c:88:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memneeded += strlen(" error");
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_parser.c:90:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memneeded += strlen(": ");
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_parser.c:91:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memneeded += strlen(errorText);
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_parser.c:102:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat((char *) str, "\n");
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_parser.c:132:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
YA_MALLOC(&(hand->alloc), (unsigned int)(strlen((char *) str) +
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_parser.c:133:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((char *) text) +
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_parser.c:134:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(arrow) + 1));
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_tree.c:320:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(v->u.number.r));
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_tree.c:443:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (input));
data/r-cran-jsonlite-1.7.1+dfsg/src/yajl/yajl_tree.c:454:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(input));
ANALYSIS SUMMARY:
Hits = 76
Lines analyzed = 5701 in approximately 0.16 seconds (34698 lines/second)
Physical Source Lines of Code (SLOC) = 3793
Hits@level = [0] 10 [1] 37 [2] 32 [3] 0 [4] 7 [5] 0
Hits@level+ = [0+] 86 [1+] 76 [2+] 39 [3+] 7 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 22.6733 [1+] 20.0369 [2+] 10.2821 [3+] 1.8455 [4+] 1.8455 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.