Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-ragg-0.4.0/src/AggDeviceJpeg.h
Examining data/r-cran-ragg-0.4.0/src/ppm_dev.cpp
Examining data/r-cran-ragg-0.4.0/src/AggDevice16.h
Examining data/r-cran-ragg-0.4.0/src/ragg.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_arc.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_conv_adaptor_vpgen.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_gradient_alpha.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_path_length.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_conv_shorten_path.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_dda_line.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_rendering_buffer.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_conv_marker_adaptor.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_pixfmt_transposer.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_simul_eq.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_math_stroke.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_arrowhead.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_conv_contour.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_pixfmt_rgb_packed.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_vpgen_clip_polygon.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_scanline_u.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_trans_single_path.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_conv_smooth_poly1.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_interpolator_adaptor.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_subdiv_adaptor.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_conv_stroke.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_shorten_path.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_conv_bspline.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_conv_gpc.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_basics.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_renderer_raster_text.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_rasterizer_outline_aa.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_ellipse_bresenham.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_trans_warp_magnifier.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_gradient.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_scanline_boolean_algebra.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_pattern_rgba.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_rasterizer_cells_aa.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_bspline.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_converter.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_math.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_trans_viewport.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_scanline_storage_aa.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_image_filter_rgba.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_vcgen_bspline.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_curves.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_renderer_mclip.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_image_filter_gray.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_bounding_rect.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_font_freetype.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_gamma_lut.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_vcgen_vertex_sequence.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_trans_bilinear.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_pixfmt_rgb.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_gradient_image.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_gsv_text.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_pixfmt_gray.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_allocator.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_gouraud_gray.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_conv_curve.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_interpolator_linear.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_vcgen_stroke.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_config.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_line_aa_basics.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_scanline_storage_bin.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_embedded_raster_fonts.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_rasterizer_compound_aa.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_rasterizer_scanline_aa.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_rendering_buffer_dynarow.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_gouraud_rgba.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_conv_transform.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_path_storage_integer.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_pixfmt_amask_adaptor.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_rasterizer_sl_clip.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_renderer_markers.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_conv_segmentator.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_renderer_outline_image.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_conv_clip_polygon.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_interpolator_persp.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_gouraud.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_scanline_bin.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_alpha_mask_u8.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_conv_dash.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_gamma_functions.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_glyph_raster_bin.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_renderer_scanline.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_conv_unclose_polygon.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_vcgen_dash.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_font_cache_manager2.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_color_rgba.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_bezier_arc.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_vcgen_markers_term.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_gradient_contour.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_conv_concat.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_blur.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_trans_perspective.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_bitset_iterator.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_conv_adaptor_vcgen.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_solid.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_renderer_primitives.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/util/agg_color_conv.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_vcgen_contour.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_clip_liang_barsky.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_scanline_p.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_vpgen_clip_polyline.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_rounded_rect.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_trans_affine.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_trans_double_path.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_renderer_outline_aa.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_rasterizer_scanline_aa_nogamma.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_image_filter.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_interpolator_trans.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_vertex_sequence.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_renderer_base.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_pattern_filters_rgba.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_ellipse.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_image_filters.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_conv_clip_polyline.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_color_gray.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_vcgen_smooth_poly1.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_pattern_gray.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_conv_close_polygon.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_image_filter_rgb.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_pixfmt_base.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_vpgen_segmentator.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_font_cache_manager.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_conv_marker.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_array.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_span_pattern_rgb.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_pixfmt_rgba.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_rasterizer_outline.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_gradient_lut.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_path_storage.h
Examining data/r-cran-ragg-0.4.0/src/agg/include/agg_image_accessors.h
Examining data/r-cran-ragg-0.4.0/src/agg/src/agg_trans_affine.cpp
Examining data/r-cran-ragg-0.4.0/src/agg/src/agg_curves.cpp
Examining data/r-cran-ragg-0.4.0/src/agg/src/agg_vcgen_stroke.cpp
Examining data/r-cran-ragg-0.4.0/src/agg/src/agg_vcgen_dash.cpp
Examining data/r-cran-ragg-0.4.0/src/agg/src/agg_font_freetype.cpp
Examining data/r-cran-ragg-0.4.0/src/init.cpp
Examining data/r-cran-ragg-0.4.0/src/png_dev.cpp
Examining data/r-cran-ragg-0.4.0/src/AggDeviceCapture.h
Examining data/r-cran-ragg-0.4.0/src/AggDeviceTiff.h
Examining data/r-cran-ragg-0.4.0/src/AggDevice.h
Examining data/r-cran-ragg-0.4.0/src/tiff_dev.cpp
Examining data/r-cran-ragg-0.4.0/src/AggDevicePng.h
Examining data/r-cran-ragg-0.4.0/src/init_device.h
Examining data/r-cran-ragg-0.4.0/src/text_renderer.h
Examining data/r-cran-ragg-0.4.0/src/AggDevicePpm.h
Examining data/r-cran-ragg-0.4.0/src/capture_dev.cpp
Examining data/r-cran-ragg-0.4.0/src/jpeg_dev.cpp
FINAL RESULTS:
data/r-cran-ragg-0.4.0/src/AggDeviceJpeg.h:29:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, PATH_MAX, this->file.c_str(), this->pageno); buf[PATH_MAX] = '\0';
data/r-cran-ragg-0.4.0/src/AggDevicePng.h:24:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, PATH_MAX, this->file.c_str(), this->pageno); buf[PATH_MAX] = '\0';
data/r-cran-ragg-0.4.0/src/AggDevicePng.h:93:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, PATH_MAX, this->file.c_str(), this->pageno); buf[PATH_MAX] = '\0';
data/r-cran-ragg-0.4.0/src/AggDevicePpm.h:18:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, PATH_MAX, this->file.c_str(), this->pageno); buf[PATH_MAX] = '\0';
data/r-cran-ragg-0.4.0/src/AggDeviceTiff.h:27:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, PATH_MAX, this->file.c_str(), this->pageno); buf[PATH_MAX] = '\0';
data/r-cran-ragg-0.4.0/src/AggDeviceTiff.h:97:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, PATH_MAX, this->file.c_str(), this->pageno); buf[PATH_MAX] = '\0';
data/r-cran-ragg-0.4.0/src/agg/include/agg_font_cache_manager.h:64:18: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(m_font_signature, font_signature);
data/r-cran-ragg-0.4.0/src/agg/src/agg_font_freetype.cpp:662:26: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(m_face_names[m_num_faces], font_name);
data/r-cran-ragg-0.4.0/src/agg/src/agg_font_freetype.cpp:852:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
std::sprintf(m_signature,
data/r-cran-ragg-0.4.0/src/agg/src/agg_font_freetype.cpp:878:22: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
std::strcat(m_signature, buf);
data/r-cran-ragg-0.4.0/src/AggDeviceJpeg.h:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX+1];
data/r-cran-ragg-0.4.0/src/AggDeviceJpeg.h:30:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(buf, "wb");
data/r-cran-ragg-0.4.0/src/AggDevicePng.h:23:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX+1];
data/r-cran-ragg-0.4.0/src/AggDevicePng.h:25:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(buf, "wb");
data/r-cran-ragg-0.4.0/src/AggDevicePng.h:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX+1];
data/r-cran-ragg-0.4.0/src/AggDevicePng.h:94:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(buf, "wb");
data/r-cran-ragg-0.4.0/src/AggDevicePpm.h:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX+1];
data/r-cran-ragg-0.4.0/src/AggDevicePpm.h:19:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fd = fopen(buf, "wb");
data/r-cran-ragg-0.4.0/src/AggDeviceTiff.h:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX+1];
data/r-cran-ragg-0.4.0/src/AggDeviceTiff.h:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX+1];
data/r-cran-ragg-0.4.0/src/agg/include/agg_array.h:56:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_array, c, sizeof(T) * Size);
data/r-cran-ragg-0.4.0/src/agg/include/agg_array.h:61:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_array, c, sizeof(T) * Size);
data/r-cran-ragg-0.4.0/src/agg/include/agg_array.h:124:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_array, v.m_array, sizeof(T) * m_size);
data/r-cran-ragg-0.4.0/src/agg/include/agg_array.h:138:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_array, v.m_array, sizeof(T) * m_size);
data/r-cran-ragg-0.4.0/src/agg/include/agg_array.h:249:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(data, m_array, m_size * sizeof(T));
data/r-cran-ragg-0.4.0/src/agg/include/agg_array.h:272:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_array, v.m_array, sizeof(T) * v.m_size);
data/r-cran-ragg-0.4.0/src/agg/include/agg_array.h:280:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(v.m_size) std::memcpy(m_array, v.m_array, sizeof(T) * v.m_size);
data/r-cran-ragg-0.4.0/src/agg/include/agg_array.h:287:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(m_size) std::memcpy(ptr, m_array, m_size * sizeof(T));
data/r-cran-ragg-0.4.0/src/agg/include/agg_array.h:296:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(byte_size) std::memcpy(m_array, data, byte_size * sizeof(T));
data/r-cran-ragg-0.4.0/src/agg/include/agg_array.h:589:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_blocks[i], v.m_blocks[i], block_size * sizeof(T));
data/r-cran-ragg-0.4.0/src/agg/include/agg_array.h:606:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_blocks[i], v.m_blocks[i], block_size * sizeof(T));
data/r-cran-ragg-0.4.0/src/agg/include/agg_array.h:623:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(new_blocks,
data/r-cran-ragg-0.4.0/src/agg/include/agg_array.h:723:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(ptr, &(*this)[i], sizeof(T));
data/r-cran-ragg-0.4.0/src/agg/include/agg_array.h:737:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(ptr, data, sizeof(T));
data/r-cran-ragg-0.4.0/src/agg/include/agg_array.h:760:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&((*this)[start + i]), data, sizeof(T));
data/r-cran-ragg-0.4.0/src/agg/include/agg_array.h:765:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(ptr, data, sizeof(T));
data/r-cran-ragg-0.4.0/src/agg/include/agg_array.h:868:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(new_blocks,
data/r-cran-ragg-0.4.0/src/agg/include/agg_blur.h:1360:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(r1, r0, w * sizeof(pixel_type));
data/r-cran-ragg-0.4.0/src/agg/include/agg_blur.h:1374:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(r2, r1, w * sizeof(pixel_type)); // duplicate bottom row
data/r-cran-ragg-0.4.0/src/agg/include/agg_font_cache_manager.h:175:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_fonts,
data/r-cran-ragg-0.4.0/src/agg/include/agg_gsv_text.h:91:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_chr[2];
data/r-cran-ragg-0.4.0/src/agg/include/agg_path_storage.h:310:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(new_coords,
data/r-cran-ragg-0.4.0/src/agg/include/agg_path_storage.h:314:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(new_cmds,
data/r-cran-ragg-0.4.0/src/agg/include/agg_path_storage_integer.h:127:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(ptr, &m_storage[i], sizeof(vertex_integer_type));
data/r-cran-ragg-0.4.0/src/agg/include/agg_path_storage_integer.h:269:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&v, m_ptr, sizeof(vertex_integer_type));
data/r-cran-ragg-0.4.0/src/agg/include/agg_pixfmt_amask_adaptor.h:57:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&m_span[0], covers, len * sizeof(cover_type));
data/r-cran-ragg-0.4.0/src/agg/include/agg_rasterizer_cells_aa.h:483:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(new_cells, m_cells, m_max_blocks * sizeof(cell_type*));
data/r-cran-ragg-0.4.0/src/agg/include/agg_rendering_buffer.h:109:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(row_ptr(0, y, w), src.row_ptr(y), l);
data/r-cran-ragg-0.4.0/src/agg/include/agg_rendering_buffer.h:239:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(row_ptr(0, y, w), src.row_ptr(y), l);
data/r-cran-ragg-0.4.0/src/agg/include/agg_scanline_p.h:107:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_cover_ptr, covers, len * sizeof(cover_type));
data/r-cran-ragg-0.4.0/src/agg/include/agg_scanline_p.h:263:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_cover_ptr, covers, len * sizeof(cover_type));
data/r-cran-ragg-0.4.0/src/agg/include/agg_scanline_storage_aa.h:100:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(ptr, cells, sizeof(T) * num_cells);
data/r-cran-ragg-0.4.0/src/agg/include/agg_scanline_storage_aa.h:106:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(s.ptr, cells, sizeof(T) * num_cells);
data/r-cran-ragg-0.4.0/src/agg/include/agg_scanline_storage_aa.h:147:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dst.ptr, src.ptr, dst.len * sizeof(T));
data/r-cran-ragg-0.4.0/src/agg/include/agg_scanline_storage_aa.h:482:30: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(data, covers, sizeof(T));
data/r-cran-ragg-0.4.0/src/agg/include/agg_scanline_storage_aa.h:487:30: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(data, covers, unsigned(sp.len) * sizeof(T));
data/r-cran-ragg-0.4.0/src/agg/include/agg_scanline_u.h:172:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&m_covers[x], covers, len * sizeof(cover_type));
data/r-cran-ragg-0.4.0/src/agg/include/agg_scanline_u.h:387:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&m_covers[x], covers, len * sizeof(cover_type));
data/r-cran-ragg-0.4.0/src/agg/include/agg_trans_viewport.h:206:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(ptr, this, sizeof(*this));
data/r-cran-ragg-0.4.0/src/agg/include/agg_trans_viewport.h:211:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(this, ptr, sizeof(*this));
data/r-cran-ragg-0.4.0/src/agg/src/agg_font_freetype.cpp:631:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_faces,
data/r-cran-ragg-0.4.0/src/agg/src/agg_font_freetype.cpp:634:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_face_names,
data/r-cran-ragg-0.4.0/src/agg/src/agg_font_freetype.cpp:637:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(m_face_indices,
data/r-cran-ragg-0.4.0/src/agg/src/agg_font_freetype.cpp:843:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gamma_table[rasterizer_scanline_aa<>::aa_scale];
data/r-cran-ragg-0.4.0/src/agg/src/agg_font_freetype.cpp:869:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/r-cran-ragg-0.4.0/src/agg/src/agg_font_freetype.cpp:871:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
std::sprintf(buf, ",%08X%08X%08X%08X%08X%08X",
data/r-cran-ragg-0.4.0/src/text_renderer.h:40:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char trailingBytesForUTF8[256] = {
data/r-cran-ragg-0.4.0/src/agg/include/agg_array.h:1031:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
unsigned remove_duplicates(Array& arr, Equal equal)
data/r-cran-ragg-0.4.0/src/agg/include/agg_array.h:1039:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(!equal(e, arr[i - 1]))
data/r-cran-ragg-0.4.0/src/agg/include/agg_font_cache_manager.h:63:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_font_signature = (char*)m_allocator.allocate(std::strlen(font_signature) + 1);
data/r-cran-ragg-0.4.0/src/agg/src/agg_font_freetype.cpp:661:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m_face_names[m_num_faces] = new char [std::strlen(font_name) + 1];
data/r-cran-ragg-0.4.0/src/agg/src/agg_font_freetype.cpp:830:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned name_len = std::strlen(m_name);
data/r-cran-ragg-0.4.0/src/text_renderer.h:112:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n_bytes = strlen(string) + 1;
data/r-cran-ragg-0.4.0/src/text_renderer.h:205:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int expected_max = strlen(string) * 16;
ANALYSIS SUMMARY:
Hits = 74
Lines analyzed = 50727 in approximately 0.90 seconds (56442 lines/second)
Physical Source Lines of Code (SLOC) = 37211
Hits@level = [0] 1 [1] 7 [2] 57 [3] 0 [4] 10 [5] 0
Hits@level+ = [0+] 75 [1+] 74 [2+] 67 [3+] 10 [4+] 10 [5+] 0
Hits/KSLOC@level+ = [0+] 2.01553 [1+] 1.98866 [2+] 1.80054 [3+] 0.268738 [4+] 0.268738 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.