Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ros-perception-pcl-1.7.2/pcl_conversions/include/pcl_conversions/pcl_conversions.h Examining data/ros-perception-pcl-1.7.2/pcl_conversions/test/test_pcl_conversions.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/boundary.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/feature.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/fpfh.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/fpfh_omp.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/moment_invariants.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/normal_3d.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/normal_3d_omp.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/normal_3d_tbb.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/pfh.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/principal_curvatures.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/shot.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/shot_omp.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/features/vfh.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/filters/crop_box.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/filters/extract_indices.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/filters/filter.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/filters/passthrough.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/filters/project_inliers.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/filters/radius_outlier_removal.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/filters/statistical_outlier_removal.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/filters/voxel_grid.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/impl/transforms.hpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/io/bag_io.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/io/concatenate_data.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/io/concatenate_fields.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/io/pcd_io.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/pcl_nodelet.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/point_cloud.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/publisher.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/segmentation/extract_clusters.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/segmentation/extract_polygonal_prism_data.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/segmentation/sac_segmentation.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/segmentation/segment_differences.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/surface/convex_hull.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/surface/moving_least_squares.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/transforms.h Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/boundary.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/feature.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/fpfh.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/fpfh_omp.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/moment_invariants.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/normal_3d.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/normal_3d_omp.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/normal_3d_tbb.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/pfh.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/principal_curvatures.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/shot.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/shot_omp.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/features/vfh.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/filters/crop_box.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/filters/extract_indices.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/filters/filter.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/filters/passthrough.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/filters/project_inliers.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/filters/radius_outlier_removal.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/filters/statistical_outlier_removal.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/filters/voxel_grid.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/io/bag_io.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/io/concatenate_data.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/io/concatenate_fields.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/io/io.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/io/pcd_io.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/segmentation/extract_clusters.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/segmentation/extract_polygonal_prism_data.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/segmentation/sac_segmentation.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/segmentation/segment_differences.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/segmentation/segmentation.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/surface/convex_hull.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/surface/moving_least_squares.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/surface/surface.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/test/test_tf_message_filter_pcl.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/src/transforms.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/tools/bag_to_pcd.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/tools/convert_pcd_to_image.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/tools/convert_pointcloud_to_image.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/tools/pcd_to_pointcloud.cpp Examining data/ros-perception-pcl-1.7.2/pcl_ros/tools/pointcloud_to_pcd.cpp FINAL RESULTS: data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/segmentation/sac_segmentation.cpp:106:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand (time (0)); data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/segmentation/sac_segmentation.cpp:426:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand (time (0)); data/ros-perception-pcl-1.7.2/pcl_conversions/include/pcl_conversions/pcl_conversions.h:530:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pixel, &cloud (x, y).rgb, 3 * sizeof(std::uint8_t)); data/ros-perception-pcl-1.7.2/pcl_conversions/include/pcl_conversions/pcl_conversions.h:689:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (reinterpret_cast<char*> (&cloud_out.data[nrpts + cp * cloud1.point_step + cloud1.fields[i].offset]), data/ros-perception-pcl-1.7.2/pcl_conversions/include/pcl_conversions/pcl_conversions.h:713:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&cloud_out.data[nrpts], &cloud2.data[0], cloud2.data.size ()); data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/io/bag_io.h:89:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bool open (const std::string &file_name, const std::string &topic_name); data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/point_cloud.h:30:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stream_.advance(name_length), name, name_length); data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/point_cloud.h:167:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stream.advance(data_size), &m.points[0], data_size); data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/point_cloud.h:217:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_data, stream.advance(data_size), data_size); data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/point_cloud.h:222:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (m_data, stream.advance(row_step), m_row_step); data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/point_cloud.h:232:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m_data + fm.struct_offset, stream_data + fm.serialized_offset, fm.size); data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/io/bag_io.cpp:44:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pcl_ros::BAGReader::open (const std::string &file_name, const std::string &topic_name) data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/io/bag_io.cpp:48:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bag_.open (file_name, rosbag::bagmode::Read); data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/io/bag_io.cpp:92:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!open (file_name_, topic_name_)) data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/io/concatenate_fields.cpp:150:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&cloud_out.data[point_offset], &clouds[i]->data[cp * clouds[i]->point_step], clouds[i]->point_step); data/ros-perception-pcl-1.7.2/pcl_ros/src/transforms.cpp:191:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&out.data[0], &in.data[0], in.data.size ()); data/ros-perception-pcl-1.7.2/pcl_ros/src/transforms.cpp:230:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&out.data[xyz_offset[0]], &pt_out[0], sizeof (float)); data/ros-perception-pcl-1.7.2/pcl_ros/src/transforms.cpp:231:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&out.data[xyz_offset[1]], &pt_out[1], sizeof (float)); data/ros-perception-pcl-1.7.2/pcl_ros/src/transforms.cpp:232:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&out.data[xyz_offset[2]], &pt_out[2], sizeof (float)); data/ros-perception-pcl-1.7.2/pcl_ros/tools/bag_to_pcd.cpp:81:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bag.open (argv[1], rosbag::bagmode::Read); data/ros-perception-pcl-1.7.2/pcl_conversions/include/pcl_conversions/pcl_conversions.h:792:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). inline static void read(Stream& stream, pcl::PCLPointCloud2& m) data/ros-perception-pcl-1.7.2/pcl_conversions/include/pcl_conversions/pcl_conversions.h:848:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). inline static void read(Stream& stream, pcl::PCLPointField& m) data/ros-perception-pcl-1.7.2/pcl_conversions/include/pcl_conversions/pcl_conversions.h:884:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). inline static void read(Stream& stream, pcl::PCLHeader& m) data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/point_cloud.h:27:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). std::uint32_t name_length = strlen(name); data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/point_cloud.h:52:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). std::uint32_t name_length = strlen(traits::name<PointT, U>::value); data/ros-perception-pcl-1.7.2/pcl_ros/include/pcl_ros/point_cloud.h:174:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). inline static void read(Stream& stream, pcl::PointCloud<T>& m) data/ros-perception-pcl-1.7.2/pcl_ros/src/pcl_ros/io/pcd_io.cpp:90:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (impl_.read (file_name_, cloud) < 0) ANALYSIS SUMMARY: Hits = 27 Lines analyzed = 12623 in approximately 0.41 seconds (30855 lines/second) Physical Source Lines of Code (SLOC) = 6674 Hits@level = [0] 0 [1] 7 [2] 18 [3] 2 [4] 0 [5] 0 Hits@level+ = [0+] 27 [1+] 27 [2+] 20 [3+] 2 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 4.04555 [1+] 4.04555 [2+] 2.9967 [3+] 0.29967 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.