Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/spirv-headers-1.5.4/example/example.cpp
Examining data/spirv-headers-1.5.4/include/spirv/1.0/GLSL.std.450.h
Examining data/spirv-headers-1.5.4/include/spirv/1.0/OpenCL.std.h
Examining data/spirv-headers-1.5.4/include/spirv/1.0/spirv.h
Examining data/spirv-headers-1.5.4/include/spirv/1.0/spirv.hpp
Examining data/spirv-headers-1.5.4/include/spirv/1.1/GLSL.std.450.h
Examining data/spirv-headers-1.5.4/include/spirv/1.1/OpenCL.std.h
Examining data/spirv-headers-1.5.4/include/spirv/1.1/spirv.h
Examining data/spirv-headers-1.5.4/include/spirv/1.1/spirv.hpp
Examining data/spirv-headers-1.5.4/include/spirv/1.2/GLSL.std.450.h
Examining data/spirv-headers-1.5.4/include/spirv/1.2/OpenCL.std.h
Examining data/spirv-headers-1.5.4/include/spirv/1.2/spirv.h
Examining data/spirv-headers-1.5.4/include/spirv/1.2/spirv.hpp
Examining data/spirv-headers-1.5.4/include/spirv/unified1/AMD_gcn_shader.h
Examining data/spirv-headers-1.5.4/include/spirv/unified1/AMD_shader_ballot.h
Examining data/spirv-headers-1.5.4/include/spirv/unified1/AMD_shader_explicit_vertex_parameter.h
Examining data/spirv-headers-1.5.4/include/spirv/unified1/AMD_shader_trinary_minmax.h
Examining data/spirv-headers-1.5.4/include/spirv/unified1/DebugInfo.h
Examining data/spirv-headers-1.5.4/include/spirv/unified1/GLSL.std.450.h
Examining data/spirv-headers-1.5.4/include/spirv/unified1/NonSemanticClspvReflection.h
Examining data/spirv-headers-1.5.4/include/spirv/unified1/NonSemanticDebugPrintf.h
Examining data/spirv-headers-1.5.4/include/spirv/unified1/OpenCL.std.h
Examining data/spirv-headers-1.5.4/include/spirv/unified1/OpenCLDebugInfo100.h
Examining data/spirv-headers-1.5.4/include/spirv/unified1/spirv.h
Examining data/spirv-headers-1.5.4/include/spirv/unified1/spirv.hpp
Examining data/spirv-headers-1.5.4/tools/buildHeaders/header.cpp
Examining data/spirv-headers-1.5.4/tools/buildHeaders/header.h
Examining data/spirv-headers-1.5.4/tools/buildHeaders/jsonToSpirv.cpp
Examining data/spirv-headers-1.5.4/tools/buildHeaders/jsonToSpirv.h
Examining data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/json/json-forwards.h
Examining data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/json/json.h
Examining data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp
Examining data/spirv-headers-1.5.4/tools/buildHeaders/main.cpp
FINAL RESULTS:
data/spirv-headers-1.5.4/tools/buildHeaders/header.cpp:56:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/spirv-headers-1.5.4/tools/buildHeaders/header.cpp:56:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/spirv-headers-1.5.4/tools/buildHeaders/header.cpp:140:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buff, sizeof(buff), fmt, val);
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:209:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:209:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:807:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
count = sscanf(buffer, format, &value);
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:810:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
count = sscanf(buffer.c_str(), format, &value);
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:1770:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
count = sscanf(buffer, format, &value);
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:1773:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
count = sscanf(buffer.c_str(), format, &value);
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3967:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3967:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3969:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf snprintf
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3969:18: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf snprintf
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3971:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf std::snprintf
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3971:23: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf std::snprintf
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3977:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3977:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/spirv-headers-1.5.4/tools/buildHeaders/header.cpp:139:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[16]; // ample for 8 hex digits + 0x
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:142:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char UIntToStringBuffer[uintToStringBufferSize];
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:805:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, token.start_, length);
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:1006:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[18 + 16 + 16 + 1];
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:1768:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, token.start_, length);
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:1969:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[18 + 16 + 16 + 1];
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:2412:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char ALIGNAS(8) kNull[sizeof(Value)] = { 0 };
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:2473:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newString, value, length);
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:2497:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newString + sizeof(unsigned), value, length);
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:4047:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[32];
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:2506:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*length = strlen(prefixed);
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:2747:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value_.string_ = duplicateAndPrefixStringValue(value, static_cast<unsigned>(strlen(value)));
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:2818:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
otherComment.comment_, strlen(otherComment.comment_));
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3359:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key, static_cast<unsigned>(strlen(key)), CZString::noDuplication); // NOTE!
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3410:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Value const* found = find(key, key + strlen(key));
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3422:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return resolveReference(key, key + strlen(key));
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3454:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return get(key, key + strlen(key), defaultValue);
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3477:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return removeMember(key, key + strlen(key), removed);
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3491:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
removeMember(key, key + strlen(key), &removed);
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3536:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return isMember(key, key + strlen(key));
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:3699:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
setComment(comment, strlen(comment), placement);
data/spirv-headers-1.5.4/tools/buildHeaders/jsoncpp/dist/jsoncpp.cpp:4094:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(value) * 2 + 3; // allescaped+quotes+NULL
ANALYSIS SUMMARY:
Hits = 39
Lines analyzed = 21894 in approximately 0.44 seconds (49776 lines/second)
Physical Source Lines of Code (SLOC) = 17754
Hits@level = [0] 11 [1] 12 [2] 10 [3] 0 [4] 17 [5] 0
Hits@level+ = [0+] 50 [1+] 39 [2+] 27 [3+] 17 [4+] 17 [5+] 0
Hits/KSLOC@level+ = [0+] 2.81627 [1+] 2.19669 [2+] 1.52078 [3+] 0.957531 [4+] 0.957531 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.