stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ruby-tokyocabinet-1.31/tokyocabinet.c

FINAL RESULTS:

data/ruby-tokyocabinet-1.31/tokyocabinet.c:330:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char kbuf[NUMBUFSIZ];
data/ruby-tokyocabinet-1.31/tokyocabinet.c:334:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    ksiz = sprintf(kbuf, "%d", (int)FIX2INT(vobj));
data/ruby-tokyocabinet-1.31/tokyocabinet.c:337:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    ksiz = sprintf(kbuf, "%lld", (long long)NUM2LL(vobj));
data/ruby-tokyocabinet-1.31/tokyocabinet.c:340:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    ksiz = sprintf(kbuf, "true");
data/ruby-tokyocabinet-1.31/tokyocabinet.c:343:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    ksiz = sprintf(kbuf, "false");
data/ruby-tokyocabinet-1.31/tokyocabinet.c:346:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    ksiz = sprintf(kbuf, "nil");
data/ruby-tokyocabinet-1.31/tokyocabinet.c:2378:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *tvbuf, kbuf[NUMBUFSIZ];
data/ruby-tokyocabinet-1.31/tokyocabinet.c:2391:14:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      ksiz = sprintf(kbuf, "%llu", (unsigned long long)id);
data/ruby-tokyocabinet-1.31/tokyocabinet.c:2413:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char *vbuf, kbuf[NUMBUFSIZ];
data/ruby-tokyocabinet-1.31/tokyocabinet.c:2424:14:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      ksiz = sprintf(kbuf, "%llu", (unsigned long long)id);
data/ruby-tokyocabinet-1.31/tokyocabinet.c:2436:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char kbuf[NUMBUFSIZ];
data/ruby-tokyocabinet-1.31/tokyocabinet.c:2445:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    ksiz = sprintf(kbuf, "%llu", (unsigned long long)id);
data/ruby-tokyocabinet-1.31/tokyocabinet.c:2477:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char kbuf[NUMBUFSIZ];
data/ruby-tokyocabinet-1.31/tokyocabinet.c:2485:12:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    ksiz = sprintf(kbuf, "%llu", (unsigned long long)id);

ANALYSIS SUMMARY:

Hits = 14
Lines analyzed = 3892 in approximately 0.13 seconds (30267 lines/second)
Physical Source Lines of Code (SLOC) = 3387
Hits@level = [0]   0 [1]   0 [2]  14 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  14 [1+]  14 [2+]  14 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 4.13345 [1+] 4.13345 [2+] 4.13345 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.