Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/spirv-llvm-translator-11.0.0/include/LLVMSPIRVLib.h
Examining data/spirv-llvm-translator-11.0.0/include/LLVMSPIRVOpts.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/LLVMSaddWithOverflow.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/LLVMToSPIRVDbgTran.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/LLVMToSPIRVDbgTran.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/Mangler/FunctionDescriptor.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/Mangler/FunctionDescriptor.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/Mangler/Mangler.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/Mangler/ManglingUtils.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/Mangler/ManglingUtils.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/Mangler/NameMangleAPI.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/Mangler/ParameterType.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/Mangler/ParameterType.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/Mangler/Refcount.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/OCL20ToSPIRV.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/OCL21ToSPIRV.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/OCLTypeToSPIRV.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/OCLTypeToSPIRV.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/OCLUtil.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/OCLUtil.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/PreprocessMetadata.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVInternal.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVLowerBool.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVLowerConstExpr.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVLowerMemmove.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVLowerOCLBlocks.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVLowerSPIRBlocks.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVLowerSaddWithOverflow.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVMDBuilder.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVMDWalker.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVReader.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVReader.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVRegularizeLLVM.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVToLLVMDbgTran.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVToLLVMDbgTran.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVToOCL.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVToOCL.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVToOCL12.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVToOCL20.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVUtil.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVWriter.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVWriter.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVWriterPass.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVWriterPass.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/VectorComputeUtil.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/VectorComputeUtil.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/OpenCL.std.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRV.debug.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVAsm.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVBasicBlock.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVBasicBlock.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVDebug.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVDebug.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVDecorate.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVDecorate.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVEntry.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVEntry.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVEnum.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVError.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVErrorEnum.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVExtInst.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVFunction.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVFunction.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVInstruction.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVInstruction.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVIsValidEnum.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVModule.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVModule.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVNameMapEnum.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVOpCode.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVOpCodeEnum.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVStream.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVStream.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVType.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVType.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVUtil.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVValue.cpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVValue.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/libSPIRV.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/spirv.hpp
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/runtime/OpenCL/inc/spirv.h
Examining data/spirv-llvm-translator-11.0.0/lib/SPIRV/runtime/OpenCL/inc/spirv_convert.h
Examining data/spirv-llvm-translator-11.0.0/tools/llvm-spirv/llvm-spirv.cpp
FINAL RESULTS:
data/spirv-llvm-translator-11.0.0/lib/SPIRV/Mangler/ManglingUtils.cpp:18:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *PrimitiveNames[PRIMITIVE_NUM] = {
data/spirv-llvm-translator-11.0.0/lib/SPIRV/Mangler/ManglingUtils.cpp:95:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *MangledTypes[PRIMITIVE_NUM] = {
data/spirv-llvm-translator-11.0.0/lib/SPIRV/Mangler/ManglingUtils.cpp:177:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *ReadableAttribute[ATTR_NUM] = {
data/spirv-llvm-translator-11.0.0/lib/SPIRV/Mangler/ManglingUtils.cpp:182:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *MangledAttribute[ATTR_NUM] = {
data/spirv-llvm-translator-11.0.0/lib/SPIRV/OCL20ToSPIRV.cpp:550:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
auto Len = atoi(LenStr.data());
data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVWriter.cpp:467:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
static_cast<spv::AccessQualifier>(atoi(Postfixes[0].c_str())));
data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVWriter.cpp:477:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Ops.push_back(atoi(Postfixes[I].c_str()));
data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVWriter.cpp:1902:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
case Intrinsic::memcpy:
data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVWriter.cpp:2062:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
case Intrinsic::memcpy:
data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVOpCodeEnum.h:57:11: [2] (buffer) CopyMemory:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
_SPIRV_OP(CopyMemory, 63)
data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVStream.cpp:178:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Zeros[4] = {0, 0, 0, 0};
data/spirv-llvm-translator-11.0.0/lib/SPIRV/Mangler/FunctionDescriptor.cpp:39:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static bool equal(const TypeVector &L, const TypeVector &R) {
data/spirv-llvm-translator-11.0.0/lib/SPIRV/Mangler/FunctionDescriptor.cpp:63:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal(Parameters, That.Parameters);
data/spirv-llvm-translator-11.0.0/lib/SPIRV/OCL20ToSPIRV.cpp:713:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Stem = Stem.drop_front(strlen("atom_"));
data/spirv-llvm-translator-11.0.0/lib/SPIRV/OCL20ToSPIRV.cpp:715:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Stem = Stem.drop_front(strlen("atomic_"));
data/spirv-llvm-translator-11.0.0/lib/SPIRV/OCL20ToSPIRV.cpp:760:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Stem = Stem.drop_front(strlen("atomic_"));
data/spirv-llvm-translator-11.0.0/lib/SPIRV/OCL20ToSPIRV.cpp:771:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NewStem.insert(NewStem.begin() + strlen("fetch_"), 'u');
data/spirv-llvm-translator-11.0.0/lib/SPIRV/OCL20ToSPIRV.cpp:781:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
getOCLCpp11AtomicMaxNumOps(Stem.drop_back(strlen("_explicit")));
data/spirv-llvm-translator-11.0.0/lib/SPIRV/OCL20ToSPIRV.cpp:876:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DemangledName.substr(strlen(kOCLBuiltinName::ConvertPrefix)));
data/spirv-llvm-translator-11.0.0/lib/SPIRV/OCL20ToSPIRV.cpp:926:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DemangledName.erase(0, strlen(kOCLBuiltinName::WorkPrefix));
data/spirv-llvm-translator-11.0.0/lib/SPIRV/OCL20ToSPIRV.cpp:929:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DemangledName.erase(0, strlen(kOCLBuiltinName::SubPrefix));
data/spirv-llvm-translator-11.0.0/lib/SPIRV/OCL20ToSPIRV.cpp:936:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FuncName = FuncName.drop_front(strlen(kSPIRVName::GroupPrefix));
data/spirv-llvm-translator-11.0.0/lib/SPIRV/OCL20ToSPIRV.cpp:1707:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (DemangledName.size() <= strlen(kOCLSubgroupsAVCIntel::MCEPrefix))
data/spirv-llvm-translator-11.0.0/lib/SPIRV/OCL20ToSPIRV.cpp:1711:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MCEName.replace(0, strlen(kOCLSubgroupsAVCIntel::MCEPrefix),
data/spirv-llvm-translator-11.0.0/lib/SPIRV/OCLUtil.cpp:1159:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
UnmangledName.erase(0, strlen(kOCLBuiltinName::Sampled));
data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVToOCL.cpp:256:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Op.erase(0, strlen(kSPIRVName::GroupPrefix));
data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVToOCL.cpp:291:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Op.erase(0, strlen(kSPIRVName::GroupNonUniformPrefix));
data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVUtil.cpp:258:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*Name = FullName.drop_front(strlen(kSPR2TypeName::OCLPrefix));
data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVUtil.cpp:356:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t Start = strlen(kSPIRVName::Prefix);
data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVUtil.cpp:366:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t Start = strlen(kSPIRVName::Prefix);
data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVUtil.cpp:578:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Name[Loc + strlen(kMangledName::AtomicPrefixIncoming)]);
data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVUtil.cpp:1059:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Name = Name.drop_front(strlen(kLLVMTypeName::StructPrefix));
data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVUtil.cpp:1090:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(kSPR2TypeName::OCLPrefix));
data/spirv-llvm-translator-11.0.0/lib/SPIRV/SPIRVWriter.cpp:172:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
S = S.drop_front(strlen(kSPIRVName::Prefix));
data/spirv-llvm-translator-11.0.0/lib/SPIRV/libSPIRV/SPIRVStream.h:103:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
I.IS.read(reinterpret_cast<char *>(&W), sizeof(W));
ANALYSIS SUMMARY:
Hits = 35
Lines analyzed = 49861 in approximately 1.22 seconds (40710 lines/second)
Physical Source Lines of Code (SLOC) = 40063
Hits@level = [0] 0 [1] 24 [2] 11 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 35 [1+] 35 [2+] 11 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.873624 [1+] 0.873624 [2+] 0.274568 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.