Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/r-cran-xml-3.99-0.5/src/RUtils.c
Examining data/r-cran-xml-3.99-0.5/src/ExpatParse.c
Examining data/r-cran-xml-3.99-0.5/src/NodeGC.h
Examining data/r-cran-xml-3.99-0.5/src/libxmlFeatures.c
Examining data/r-cran-xml-3.99-0.5/src/XMLHashTree.c
Examining data/r-cran-xml-3.99-0.5/src/schema.c
Examining data/r-cran-xml-3.99-0.5/src/RSDTD.h
Examining data/r-cran-xml-3.99-0.5/src/xmlsecurity.c
Examining data/r-cran-xml-3.99-0.5/src/EventParse.c
Examining data/r-cran-xml-3.99-0.5/src/DocParse.h
Examining data/r-cran-xml-3.99-0.5/src/HTMLParse.c
Examining data/r-cran-xml-3.99-0.5/src/XMLTree.c
Examining data/r-cran-xml-3.99-0.5/src/XMLEventParse.c
Examining data/r-cran-xml-3.99-0.5/src/Utils.c
Examining data/r-cran-xml-3.99-0.5/src/ExpatParse.h
Examining data/r-cran-xml-3.99-0.5/src/Utils.h
Examining data/r-cran-xml-3.99-0.5/src/Rcatalog.c
Examining data/r-cran-xml-3.99-0.5/src/NodeGC.c
Examining data/r-cran-xml-3.99-0.5/src/fixNS.c
Examining data/r-cran-xml-3.99-0.5/src/xpath.c
Examining data/r-cran-xml-3.99-0.5/src/RS_XML.h
Examining data/r-cran-xml-3.99-0.5/src/EventParse.h
Examining data/r-cran-xml-3.99-0.5/src/RSDTD.c
Examining data/r-cran-xml-3.99-0.5/src/RSCommon.h
Examining data/r-cran-xml-3.99-0.5/src/DocParse.c
FINAL RESULTS:
data/r-cran-xml-3.99-0.5/src/DocParse.c:1070:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, BUFSIZE, msg, ap);
data/r-cran-xml-3.99-0.5/src/DocParse.c:1465:14: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s:%s", atts->ns->prefix, atts->name);
data/r-cran-xml-3.99-0.5/src/Utils.c:137:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(tmp, msg, args);
data/r-cran-xml-3.99-0.5/src/Utils.c:174:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s:%d: ", input->filename,
data/r-cran-xml-3.99-0.5/src/Utils.c:386:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf)/sizeof(buf[0]), msg, ap);
data/r-cran-xml-3.99-0.5/src/schema.c:173:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf)/sizeof(buf[0]), msg, args);
data/r-cran-xml-3.99-0.5/src/DocParse.c:1067:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE];
data/r-cran-xml-3.99-0.5/src/DocParse.c:1464:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[400];
data/r-cran-xml-3.99-0.5/src/EventParse.c:118:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(name,"r");
data/r-cran-xml-3.99-0.5/src/EventParse.c:411:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, tmpString, newLen); tmp[newLen] = '\0';
data/r-cran-xml-3.99-0.5/src/EventParse.c:423:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
|| (len == 1 && ((const char *) s)[0] == '\n' && parserData->trim))
data/r-cran-xml-3.99-0.5/src/ExpatParse.c:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/r-cran-xml-3.99-0.5/src/HTMLParse.c:149:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rbuf, xbuf->content, xbuf->use + 1);
data/r-cran-xml-3.99-0.5/src/Rcatalog.c:94:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(CHAR(STRING_ELT(fileName, 0)), "w");
data/r-cran-xml-3.99-0.5/src/Utils.c:125:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3000], *tmp;
data/r-cran-xml-3.99-0.5/src/Utils.c:177:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Entity: line %d: ", input->line);
data/r-cran-xml-3.99-0.5/src/Utils.c:379:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10000];
data/r-cran-xml-3.99-0.5/src/XMLEventParse.c:89:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, ptr[3], ptr[4] - ptr[3]);
data/r-cran-xml-3.99-0.5/src/XMLEventParse.c:357:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, ptr[3], ptr[4] - ptr[3]);
data/r-cran-xml-3.99-0.5/src/XMLHashTree.c:66:36: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
#define SET_NODE_NAME(x, id, node) sprintf(x, "%p", (void *)node)
data/r-cran-xml-3.99-0.5/src/XMLHashTree.c:164:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/r-cran-xml-3.99-0.5/src/XMLHashTree.c:189:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/r-cran-xml-3.99-0.5/src/XMLHashTree.c:246:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[20];
data/r-cran-xml-3.99-0.5/src/XMLTree.c:1218:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(CHAR_DEREF(STRING_ELT(sfileName, 0)), "w");
data/r-cran-xml-3.99-0.5/src/XMLTree.c:1543:44: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ans = ScalarString(mkCharCE((const char *)tmp, INTEGER(r_encoding)[0]));
data/r-cran-xml-3.99-0.5/src/schema.c:172:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10000];
data/r-cran-xml-3.99-0.5/src/DocParse.c:202:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xmlReadMemory(name, (int)strlen(name), NULL, encoding, parserOptions) ;
data/r-cran-xml-3.99-0.5/src/DocParse.c:547:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
addValue = (contentValue && strlen(contentValue) && isBlank(contentValue) == 0);
data/r-cran-xml-3.99-0.5/src/EventParse.c:429:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpString, s, len);
data/r-cran-xml-3.99-0.5/src/EventParse.c:433:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int) strlen(tmpString);
data/r-cran-xml-3.99-0.5/src/ExpatParse.c:75:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
status = XML_Parse(parser, buf, strlen(buf), 1);
data/r-cran-xml-3.99-0.5/src/RUtils.c:365:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return(ScalarInteger((int) strlen(str)));
data/r-cran-xml-3.99-0.5/src/Utils.c:60:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = str + strlen(str) - 1;
data/r-cran-xml-3.99-0.5/src/Utils.c:67:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(tmp) > 1)
data/r-cran-xml-3.99-0.5/src/Utils.c:133:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp = buf + strlen(buf);
data/r-cran-xml-3.99-0.5/src/XMLEventParse.c:195:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int)strlen(str);
data/r-cran-xml-3.99-0.5/src/XMLEventParse.c:204:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, str, left);
data/r-cran-xml-3.99-0.5/src/XMLEventParse.c:801:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ans->length = (int)strlen(value);
data/r-cran-xml-3.99-0.5/src/XMLTree.c:90:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node = xmlNewDocTextLen(doc, txt, (int)strlen(XMLCHAR_TO_CHAR(txt)));
data/r-cran-xml-3.99-0.5/src/XMLTree.c:109:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
node = xmlNewCDataBlock(doc, CHAR_TO_XMLCHAR(tmp), (int)strlen(tmp));
ANALYSIS SUMMARY:
Hits = 40
Lines analyzed = 9611 in approximately 0.23 seconds (41683 lines/second)
Physical Source Lines of Code (SLOC) = 6722
Hits@level = [0] 24 [1] 14 [2] 20 [3] 0 [4] 6 [5] 0
Hits@level+ = [0+] 64 [1+] 40 [2+] 26 [3+] 6 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 9.52098 [1+] 5.95061 [2+] 3.8679 [3+] 0.892591 [4+] 0.892591 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.