Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/r-zoo-1.8-8/src/lag.c Examining data/r-zoo-1.8-8/src/init.c Examining data/r-zoo-1.8-8/src/coredata.c Examining data/r-zoo-1.8-8/inst/include/zoo.h FINAL RESULTS: data/r-zoo-1.8-8/src/coredata.c:40:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(REAL(result), REAL(x), length(result) * sizeof(double)); data/r-zoo-1.8-8/src/coredata.c:43:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(INTEGER(result), INTEGER(x), length(result) * sizeof(int)); data/r-zoo-1.8-8/src/coredata.c:46:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(LOGICAL(result), LOGICAL(x), length(result) * sizeof(int)); data/r-zoo-1.8-8/src/coredata.c:49:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(COMPLEX(result), COMPLEX(x), length(result) * sizeof(Rcomplex)); data/r-zoo-1.8-8/src/coredata.c:58:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RAW(result), RAW(x), length(result) * sizeof(unsigned char)); data/r-zoo-1.8-8/src/lag.c:68:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&REAL(result)[k+(j*nrr)], data/r-zoo-1.8-8/src/lag.c:72:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&REAL(result)[(j*nrr)], data/r-zoo-1.8-8/src/lag.c:84:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&INTEGER(result)[k+(j*nrr)], data/r-zoo-1.8-8/src/lag.c:88:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&INTEGER(result)[(j*nrr)], data/r-zoo-1.8-8/src/lag.c:100:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&LOGICAL(result)[k+(j*nrr)], data/r-zoo-1.8-8/src/lag.c:104:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&LOGICAL(result)[(j*nrr)], data/r-zoo-1.8-8/src/lag.c:117:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&COMPLEX(result)[k+(j*nrr)], data/r-zoo-1.8-8/src/lag.c:121:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&COMPLEX(result)[(j*nrr)], data/r-zoo-1.8-8/src/lag.c:132:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&RAW(result)[k+(j*nrr)], data/r-zoo-1.8-8/src/lag.c:136:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&RAW(result)[(j*nrr)], data/r-zoo-1.8-8/src/lag.c:169:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&REAL(result)[(j*nrr)], data/r-zoo-1.8-8/src/lag.c:173:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&REAL(result)[(j*nrr)], data/r-zoo-1.8-8/src/lag.c:185:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&INTEGER(result)[(j*nrr)], data/r-zoo-1.8-8/src/lag.c:189:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&INTEGER(result)[(j*nrr)], data/r-zoo-1.8-8/src/lag.c:201:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&LOGICAL(result)[(j*nrr)], data/r-zoo-1.8-8/src/lag.c:205:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&LOGICAL(result)[(j*nrr)], data/r-zoo-1.8-8/src/lag.c:218:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&COMPLEX(result)[(j*nrr)], data/r-zoo-1.8-8/src/lag.c:222:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&COMPLEX(result)[(j*nrr)], data/r-zoo-1.8-8/src/lag.c:233:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&RAW(result)[(j*nrr)], data/r-zoo-1.8-8/src/lag.c:237:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&RAW(result)[(j*nrr)], data/r-zoo-1.8-8/src/lag.c:282:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(REAL(newindex), &REAL(index)[k], nrr * sizeof(double)); data/r-zoo-1.8-8/src/lag.c:284:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(REAL(newindex), REAL(index), nrr * sizeof(double)); data/r-zoo-1.8-8/src/lag.c:289:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(INTEGER(newindex), &INTEGER(index)[k], nrr * sizeof(int)); data/r-zoo-1.8-8/src/lag.c:291:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(INTEGER(newindex), INTEGER(index), nrr * sizeof(int)); ANALYSIS SUMMARY: Hits = 29 Lines analyzed = 485 in approximately 0.05 seconds (9884 lines/second) Physical Source Lines of Code (SLOC) = 427 Hits@level = [0] 0 [1] 0 [2] 29 [3] 0 [4] 0 [5] 0 Hits@level+ = [0+] 29 [1+] 29 [2+] 29 [3+] 0 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 67.9157 [1+] 67.9157 [2+] 67.9157 [3+] 0 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.