Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/AbstractMemory.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/AbstractMemory.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/ArrayType.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/ArrayType.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Buffer.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Call.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Call.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/ClosurePool.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/ClosurePool.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/DynamicLibrary.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/DynamicLibrary.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Function.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Function.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/FunctionInfo.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/LastError.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/LastError.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/LongDouble.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/LongDouble.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/MappedType.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/MappedType.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/MemoryPointer.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/MemoryPointer.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/MethodHandle.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/MethodHandle.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Platform.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Platform.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Pointer.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Pointer.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Struct.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Struct.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/StructByValue.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/StructByValue.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/StructLayout.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Thread.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Thread.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Type.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Type.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Types.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Types.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Variadic.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/compat.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/ffi.c
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/rbffi.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/rbffi_endian.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/win32/stdbool.h
Examining data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/win32/stdint.h
Examining data/ruby-ffi-1.12.2+dfsg/spec/ffi/embed-test/ext/embed.c
Examining data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/Benchmark.c
Examining data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/BitmaskTest.c
Examining data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/BoolTest.c
Examining data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/BufferTest.c
Examining data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/ClosureTest.c
Examining data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/EnumTest.c
Examining data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/FunctionTest.c
Examining data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/GlobalVariable.c
Examining data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/LastErrorTest.c
Examining data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/NumberTest.c
Examining data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/PipeHelper.h
Examining data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/PipeHelperPosix.c
Examining data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/PipeHelperWindows.c
Examining data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/PointerTest.c
Examining data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/ReferenceTest.c
Examining data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/StringTest.c
Examining data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/StructTest.c
Examining data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/UnionTest.c
Examining data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/VariadicTest.c
FINAL RESULTS:
data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/StringTest.c:18:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s1, s2);
data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/StringTest.c:23:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dst, src);
data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/StructTest.c:96:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t->string, s);
data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/StructTest.c:235:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cp, ss.bytes);
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Function.c:517:9: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&async_cb_lock);
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Function.c:566:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&async_cb_lock);
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Function.c:571:9: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&async_cb_lock);
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Function.c:589:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&async_cb_lock);
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Function.c:914:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&async_cb_lock);
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/AbstractMemory.c:86:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memory->address + off, &tmp, sizeof(tmp)); \
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/AbstractMemory.c:146:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memory->address + off + (i * sizeof(type)), &tmp, sizeof(tmp)); \
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/AbstractMemory.c:518:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr->address + off, RSTRING_PTR(str), len);
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/AbstractMemory.c:586:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr->address + off, RSTRING_PTR(str) + idx, len);
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/AbstractMemory.c:675:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->address, rbffi_AbstractMemory_Cast(rbsrc, rbffi_AbstractMemoryClass)->address, NUM2INT(rblen));
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Buffer.c:162:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->memory.address, src->address, src->size);
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Buffer.c:231:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100];
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/ClosurePool.c:146:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[256];
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/DynamicLibrary.c:126:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[1024];
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/DynamicLibrary.c:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errmsg[1024];
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/DynamicLibrary.c:260:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Function.c:382:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char var[1024];
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Function.c:727:76: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
param = (*(void **) parameters[i] != NULL) ? rb_str_new2(*(char **) parameters[i]) : Qnil;
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Function.c:831:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(retval, memory->address, returnType->ffiType->size);
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/LongDouble.c:23:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/LongDouble.c:24:80: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return rb_funcall(rb_cBigDecimal, rb_intern("new"), 1, rb_str_new(buf, sprintf(buf, "%.35Le", ld)));
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/MethodHandle.c:320:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &ffi_trampoline, trampoline_size());
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Pointer.c:191:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->memory.address, src->address, src->size);
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Pointer.c:257:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Struct.c:169:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->pointer->address, src->pointer->address, src->layout->size);
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Struct.c:177:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->rbReferences, src->rbReferences, dst->layout->referenceFieldCount * sizeof(VALUE));
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Struct.c:643:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(array->memory->address + offset, s->pointer->address, array->componentType->ffiType->size);
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/StructLayout.c:396:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memory->address + f->offset + (i * array->componentType->ffiType->size),
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Type.c:134:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Type.c:175:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/ruby-ffi-1.12.2+dfsg/ext/ffi_c/Types.c:102:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem->address, ptr, sbv->base.ffiType->size);
data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/NumberTest.c:83:44: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define pack_f32(buf, v) do { float f = v; memcpy((buf), &f, sizeof(f)); } while(0)
data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/NumberTest.c:84:45: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define pack_f64(buf, v) do { double f = v; memcpy((buf), &f, sizeof(f)); } while(0)
data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/PipeHelperWindows.c:14:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ MAX_PATH ];
data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/PipeHelperWindows.c:16:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( name, "\\\\.\\Pipe\\pipeHelper-%u-%i",
data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/PointerTest.c:23:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((caddr_t) arg1 + offset, &value, sizeof(value)); \
data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/StructTest.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[32];
data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/VariadicTest.c:48:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf++, &d, sizeof(d));
data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/VariadicTest.c:85:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf++, &d, sizeof(d));
data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/PipeHelperPosix.c:28:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if( read(fd, &d, 1) != 1)
data/ruby-ffi-1.12.2+dfsg/spec/ffi/fixtures/StructTest.c:234:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = malloc(strlen(ss.bytes) + 1);
ANALYSIS SUMMARY:
Hits = 45
Lines analyzed = 11503 in approximately 0.31 seconds (37097 lines/second)
Physical Source Lines of Code (SLOC) = 7157
Hits@level = [0] 12 [1] 2 [2] 34 [3] 5 [4] 4 [5] 0
Hits@level+ = [0+] 57 [1+] 45 [2+] 43 [3+] 9 [4+] 4 [5+] 0
Hits/KSLOC@level+ = [0+] 7.96423 [1+] 6.28755 [2+] 6.0081 [3+] 1.25751 [4+] 0.558893 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.