stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-rsclient-0.7-3/src/qap.h
Examining data/r-cran-rsclient-0.7-3/src/sbthread.h
Examining data/r-cran-rsclient-0.7-3/src/qap_encode.c
Examining data/r-cran-rsclient-0.7-3/src/RSprotocol.h
Examining data/r-cran-rsclient-0.7-3/src/cli.c
Examining data/r-cran-rsclient-0.7-3/src/qap_decode.c
Examining data/r-cran-rsclient-0.7-3/src/qap_decode.h

FINAL RESULTS:

data/r-cran-rsclient-0.7-3/src/cli.c:278:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(sau.sun_path, host);
data/r-cran-rsclient-0.7-3/src/qap_encode.c:272:4:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
			strcpy(st, cv);
data/r-cran-rsclient-0.7-3/src/qap_encode.c:331:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy((char*)buf, val);
data/r-cran-rsclient-0.7-3/src/cli.c:202:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char port_s[8];
data/r-cran-rsclient-0.7-3/src/cli.c:370:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(c->send_buf + c->send_len, cb, ts);
data/r-cran-rsclient-0.7-3/src/cli.c:377:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(c->send_buf + c->send_len, cb, len);
data/r-cran-rsclient-0.7-3/src/cli.c:405:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char slurp_buffer[65536];
data/r-cran-rsclient-0.7-3/src/cli.c:434:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char idstr[32];
data/r-cran-rsclient-0.7-3/src/cli.c:506:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(slurp_buffer, idstr + sizeof(struct phdr), sb_len);
data/r-cran-rsclient-0.7-3/src/cli.c:1074:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char secauth_buf[65536];
data/r-cran-rsclient-0.7-3/src/cli.c:1125:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(secauth_buf, r, l + 4);
data/r-cran-rsclient-0.7-3/src/cli.c:1131:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(secauth_buf + l + 8, ak, al);
data/r-cran-rsclient-0.7-3/src/cli.c:1136:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(secauth_buf + l + 8, RAW(auth), al);
data/r-cran-rsclient-0.7-3/src/cli.c:1219:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char idstr[32];    
data/r-cran-rsclient-0.7-3/src/qap.h:23:23:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define fixdcpy(A, B) memcpy(A, B, 8)
data/r-cran-rsclient-0.7-3/src/qap_decode.c:18:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char NaStringRepresentation[2] = { 255, 0 };
data/r-cran-rsclient-0.7-3/src/qap_decode.c:73:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(INTEGER(val), b, l * sizeof(int));
data/r-cran-rsclient-0.7-3/src/qap_decode.c:105:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(REAL(val), b, sizeof(double) * l);
data/r-cran-rsclient-0.7-3/src/qap_decode.c:122:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(COMPLEX(val), b, sizeof(*COMPLEX(val)) * l);
data/r-cran-rsclient-0.7-3/src/qap_decode.c:171:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(RAW(val), (b + 1), i);
data/r-cran-rsclient-0.7-3/src/qap_encode.c:28:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char NaStringRepresentation[2] = { 255, 0 };
data/r-cran-rsclient-0.7-3/src/qap_encode.c:190:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf, REAL(x), sizeof(double) * LENGTH(x));
data/r-cran-rsclient-0.7-3/src/qap_encode.c:208:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf, COMPLEX(x), LENGTH(x) * sizeof(*COMPLEX(x)));
data/r-cran-rsclient-0.7-3/src/qap_encode.c:228:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		if (ll) memcpy(buf, RAW(x), ll);
data/r-cran-rsclient-0.7-3/src/qap_encode.c:300:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(buf, iptr, n * sizeof(int));
data/r-cran-rsclient-0.7-3/src/sbthread.h:22:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(m,&lm,sizeof(pthread_mutex_t));
data/r-cran-rsclient-0.7-3/src/sbthread.h:56:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char mtxn[64],*c;
data/r-cran-rsclient-0.7-3/src/sbthread.h:59:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(mtxn,"sbthread_mutex");
data/r-cran-rsclient-0.7-3/src/sbthread.h:73:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&mtxn[i],&m,sizeof(m));
data/r-cran-rsclient-0.7-3/src/sbthread.h:75:23:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  c=(char*)malloc(i); memcpy(c,mtxn,i);
data/r-cran-rsclient-0.7-3/src/sbthread.h:88:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&m[i],&h,sizeof(h));
data/r-cran-rsclient-0.7-3/src/cli.c:274:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	    if (strlen(host) + 1 > sizeof(sau.sun_path)) {
data/r-cran-rsclient-0.7-3/src/cli.c:480:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	hdr.len = itop(strlen(proxy_target) + 1);
data/r-cran-rsclient-0.7-3/src/cli.c:484:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	rsc_write(c, proxy_target, strlen(proxy_target) + 1);
data/r-cran-rsclient-0.7-3/src/cli.c:971:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pll = strlen(pl);
data/r-cran-rsclient-0.7-3/src/cli.c:1056:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    hdr.len = strlen(key_type) + 5;
data/r-cran-rsclient-0.7-3/src/cli.c:1060:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    par = SET_PAR(DT_STRING, strlen(key_type) + 1);
data/r-cran-rsclient-0.7-3/src/cli.c:1063:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    rsc_write(c, key_type, strlen(key_type) + 1);
data/r-cran-rsclient-0.7-3/src/cli.c:1128:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	al = strlen(ak) + 1;
data/r-cran-rsclient-0.7-3/src/qap_encode.c:86:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
				rlen_t sl = strlen(ct) + 1L;				
data/r-cran-rsclient-0.7-3/src/qap_encode.c:266:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			rlen_t l = strlen(cv);
data/r-cran-rsclient-0.7-3/src/qap_encode.c:332:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		sl = strlen((char*)buf); sl++;
data/r-cran-rsclient-0.7-3/src/sbthread.h:86:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  i=strlen(m);
data/r-cran-rsclient-0.7-3/src/sbthread.h:95:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  i=strlen(m); i+=sizeof(h)+1;  
data/r-cran-rsclient-0.7-3/src/sbthread.h:107:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  i=strlen(m); i+=sizeof(h)+1;

ANALYSIS SUMMARY:

Hits = 45
Lines analyzed = 2484 in approximately 0.10 seconds (25438 lines/second)
Physical Source Lines of Code (SLOC) = 2002
Hits@level = [0]  29 [1]  14 [2]  28 [3]   0 [4]   3 [5]   0
Hits@level+ = [0+]  74 [1+]  45 [2+]  31 [3+]   3 [4+]   3 [5+]   0
Hits/KSLOC@level+ = [0+] 36.963 [1+] 22.4775 [2+] 15.4845 [3+] 1.4985 [4+] 1.4985 [5+]   0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.