Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/r-cran-sf-0.9-6+dfsg/src/zm_range.cpp Examining data/r-cran-sf-0.9-6+dfsg/src/gdal_read.cpp Examining data/r-cran-sf-0.9-6+dfsg/src/wkb.cpp Examining data/r-cran-sf-0.9-6+dfsg/src/polygonize.cpp Examining data/r-cran-sf-0.9-6+dfsg/src/geos.cpp Examining data/r-cran-sf-0.9-6+dfsg/src/hex.cpp Examining data/r-cran-sf-0.9-6+dfsg/src/gdal_sf_pkg.h Examining data/r-cran-sf-0.9-6+dfsg/src/zm_range.h Examining data/r-cran-sf-0.9-6+dfsg/src/gdal_read.h Examining data/r-cran-sf-0.9-6+dfsg/src/sfg.cpp Examining data/r-cran-sf-0.9-6+dfsg/src/signed_area.cpp Examining data/r-cran-sf-0.9-6+dfsg/src/hex.h Examining data/r-cran-sf-0.9-6+dfsg/src/wkb.h Examining data/r-cran-sf-0.9-6+dfsg/src/stars.cpp Examining data/r-cran-sf-0.9-6+dfsg/src/ops.cpp Examining data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp Examining data/r-cran-sf-0.9-6+dfsg/src/bbox.cpp Examining data/r-cran-sf-0.9-6+dfsg/src/proj_info.cpp Examining data/r-cran-sf-0.9-6+dfsg/src/gdal_write.cpp Examining data/r-cran-sf-0.9-6+dfsg/src/gdal.cpp Examining data/r-cran-sf-0.9-6+dfsg/src/proj.cpp Examining data/r-cran-sf-0.9-6+dfsg/src/raster2sf.cpp Examining data/r-cran-sf-0.9-6+dfsg/src/bbox.h Examining data/r-cran-sf-0.9-6+dfsg/src/gdal.h Examining data/r-cran-sf-0.9-6+dfsg/src/gdal_geom.cpp Examining data/r-cran-sf-0.9-6+dfsg/src/RcppExports.cpp Examining data/r-cran-sf-0.9-6+dfsg/inst/include/sf.h Examining data/r-cran-sf-0.9-6+dfsg/inst/include/sf_RcppExports.h FINAL RESULTS: data/r-cran-sf-0.9-6+dfsg/src/geos.cpp:53:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buf, fmt, ap); data/r-cran-sf-0.9-6+dfsg/src/geos.cpp:69:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buf, fmt, ap); data/r-cran-sf-0.9-6+dfsg/src/gdal.cpp:118:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *options[3] = { "MULTILINE=YES", "FORMAT=WKT2", NULL }; data/r-cran-sf-0.9-6+dfsg/src/gdal.cpp:139:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. handle_error(srs->SetFromUserInput((const char *) proj4string[0])); data/r-cran-sf-0.9-6+dfsg/src/gdal.cpp:237:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). out(10) = Rcpp::IntegerVector::create(atoi(srs->GetAuthorityCode(NULL))); data/r-cran-sf-0.9-6+dfsg/src/gdal.cpp:281:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *options[2] = { NULL, NULL }; data/r-cran-sf-0.9-6+dfsg/src/gdal.cpp:325:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ret[i] = (char *) (lco[i]); data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:55:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GDALDatasetH ds = GDALOpenEx((const char *) obj[0], GA_ReadOnly, NULL, oo_char.data(), NULL); data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:78:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. src_pt[i] = GDALOpenEx((const char *) src[i], GA_ReadOnly, NULL, oo_char.data(), NULL); data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:81:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GDALDatasetH dst_ds = GDALOpenEx((const char *) dst[0], GDAL_OF_RASTER | GA_Update, NULL, doo_char.data(), NULL); data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:92:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GDALDatasetH result = GDALWarp(dst_ds == NULL ? (const char *) dst[0] : NULL, dst_ds, data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:115:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GDALDatasetH src_pt = GDALOpenEx((const char *) src[0], GDAL_OF_VECTOR | GA_ReadOnly, data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:123:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. dst_pt = GDALOpenEx((const char *) dst[0], GDAL_OF_RASTER | GA_Update, NULL, doo_char.data(), NULL); data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:127:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GDALRasterize(dst_pt == NULL ? (const char *) dst[0] : NULL, dst_pt, src_pt, opt, &err); data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:149:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GDALDatasetH src_pt = GDALOpenEx((const char *) src[0], GDAL_OF_RASTER | GA_ReadOnly, data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:153:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GDALDatasetH result = GDALTranslate((const char *) dst[0], src_pt, opt, &err); data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:175:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GDALDatasetH src_pt = GDALOpenEx((const char *) src[0], GDAL_OF_VECTOR | GA_ReadOnly, NULL, data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:181:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GDALDatasetH dst_pt = GDALOpenEx((const char *) dst[0], GDAL_OF_VECTOR | GA_Update, NULL, doo_char.data(), NULL); data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:184:47: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GDALVectorTranslate(dst_pt == NULL ? (const char *) dst[0] : NULL, dst_pt, 1, &src_pt, opt, &err); data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:208:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. srcpt[i] = GDALOpenEx((const char *) src[i], GDAL_OF_RASTER | GA_ReadOnly, NULL, data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:213:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. result = GDALBuildVRT((const char *) dst[0], src.size(), srcpt.data(), NULL, opt, &err); data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:219:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. srcpt[i] = (const char *) src[i]; data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:220:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. result = GDALBuildVRT((const char *) dst[0], src.size(), NULL, srcpt.data(), opt, &err); data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:240:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GDALDatasetH src_pt = GDALOpenEx((const char *) src[0], GDAL_OF_RASTER | GA_ReadOnly, data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:244:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GDALDatasetH result = GDALDEMProcessing((const char *) dst[0], src_pt, data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:245:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. processing.size() == 0 ? NULL : (const char *) processing[0], data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:246:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. colorfilename.size() == 0 ? NULL : (const char *) colorfilename[0], data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:270:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GDALDatasetH src_pt = GDALOpenEx((const char *) src[0], GDAL_OF_RASTER | GA_ReadOnly, NULL, oo_char.data(), NULL); data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:271:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GDALDatasetH dst_pt = GDALOpenEx((const char *) dst[0], GDAL_OF_RASTER | GA_Update, NULL, doo_char.data(), NULL); data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:272:62: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GDALDatasetH result = GDALNearblack(dst_pt == NULL ? (const char *) dst[0] : NULL, dst_pt, src_pt, opt, &err); data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:293:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GDALDatasetH src_pt = GDALOpenEx((const char *) src[0], GDAL_OF_ALL | GA_ReadOnly, data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:295:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GDALDatasetH result = GDALGrid((const char *) dst[0], src_pt, opt, &err); data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:310:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GDALDatasetH ds = GDALOpenEx((const char *) obj[0], GA_ReadOnly, NULL, oo_char.data(), NULL); data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:338:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GDALDatasetH src_pt = GDALOpenEx((const char *) src[0], GDAL_OF_RASTER | GA_ReadOnly, data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:344:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. srcpt[i] = GDALOpenEx((const char *) src[i], GDAL_OF_RASTER | GA_ReadOnly, NULL, data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:349:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GDALDatasetH result = GDALMultiDimTranslate((const char *) dst[0], NULL, srcpt.size(), srcpt.data(), opt, &err); data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:478:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(psWarpOptions->padfSrcNoDataReal[i]), &d, sizeof(double)); data/r-cran-sf-0.9-6+dfsg/src/gdal_utils.cpp:485:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(psWarpOptions->padfDstNoDataReal[i]), &d, sizeof(double)); data/r-cran-sf-0.9-6+dfsg/src/gdal_write.cpp:75:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. poFeature->SetField(j, (const char *) cv[i]); data/r-cran-sf-0.9-6+dfsg/src/gdal_write.cpp:77:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. poFeature->SetField(nm[j], (const char *) cv[i]); data/r-cran-sf-0.9-6+dfsg/src/geos.cpp:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ], *p; data/r-cran-sf-0.9-6+dfsg/src/geos.cpp:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZ], *p; data/r-cran-sf-0.9-6+dfsg/src/geos.cpp:183:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(raw[0]), buf, size); data/r-cran-sf-0.9-6+dfsg/src/hex.cpp:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hex[16] = { '0', '1', '2', '3', '4', '5', '6', '7', '8', '9', data/r-cran-sf-0.9-6+dfsg/src/stars.cpp:551:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. oSRS.SetFromUserInput((const char *) p4s[0]); // handles wkt too data/r-cran-sf-0.9-6+dfsg/src/wkb.cpp:38:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, wkb->pt, n); data/r-cran-sf-0.9-6+dfsg/src/wkb.cpp:49:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dst, wkb->pt, sizeof(T)); data/r-cran-sf-0.9-6+dfsg/src/wkb.cpp:60:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char u8[sizeof(T)]; data/r-cran-sf-0.9-6+dfsg/src/geos.cpp:55:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = buf + strlen(buf) - 1; data/r-cran-sf-0.9-6+dfsg/src/geos.cpp:56:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(buf) > 0 && *p == '\n') *p = '\0'; data/r-cran-sf-0.9-6+dfsg/src/geos.cpp:71:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = buf + strlen(buf) - 1; data/r-cran-sf-0.9-6+dfsg/src/geos.cpp:72:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(buf) > 0 && *p == '\n') *p = '\0'; ANALYSIS SUMMARY: Hits = 52 Lines analyzed = 7469 in approximately 0.23 seconds (33164 lines/second) Physical Source Lines of Code (SLOC) = 6431 Hits@level = [0] 0 [1] 4 [2] 46 [3] 0 [4] 2 [5] 0 Hits@level+ = [0+] 52 [1+] 52 [2+] 48 [3+] 2 [4+] 2 [5+] 0 Hits/KSLOC@level+ = [0+] 8.08583 [1+] 8.08583 [2+] 7.46385 [3+] 0.310994 [4+] 0.310994 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.