Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/vowpal-wabbit-8.6.1.dfsg1/big_tests/testCode/mnist.extractfeatures.cpp Examining data/vowpal-wabbit-8.6.1.dfsg1/big_tests/testCode/mnist.extractpixels.cpp Examining data/vowpal-wabbit-8.6.1.dfsg1/c_test/sample.c Examining data/vowpal-wabbit-8.6.1.dfsg1/cluster/spanning_tree_main.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/AssemblyInfo.cpp Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/clr_io.cpp Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/clr_io.h Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/clr_io_memory.cpp Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/clr_io_memory.h Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/resource.h Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/spanning_tree_clr.cpp Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/spanning_tree_clr.h Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vld_clr.cpp Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vld_clr.h Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vowpalwabbit.cpp Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vowpalwabbit.h Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vw_arguments.h Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vw_base.cpp Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vw_base.h Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vw_builder.cpp Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vw_builder.h Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vw_cbutil.cpp Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vw_cbutil.h Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vw_clr.h Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vw_example.cpp Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vw_example.h Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vw_exception.cpp Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vw_interface.h Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vw_label.h Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vw_labelcomparator.h Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vw_model.cpp Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vw_model.h Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vw_prediction.cpp Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vw_prediction.h Examining data/vowpal-wabbit-8.6.1.dfsg1/cs/cli/vw_settings.h Examining data/vowpal-wabbit-8.6.1.dfsg1/demo/dna/quaddna2vw.cpp Examining data/vowpal-wabbit-8.6.1.dfsg1/demo/mnist/extractfeatures.cpp Examining data/vowpal-wabbit-8.6.1.dfsg1/demo/mnist/extractpixels.cpp Examining data/vowpal-wabbit-8.6.1.dfsg1/demo/mnist/pixelngrams.cpp Examining data/vowpal-wabbit-8.6.1.dfsg1/explore/explore.h Examining data/vowpal-wabbit-8.6.1.dfsg1/explore/explore_internal.h Examining data/vowpal-wabbit-8.6.1.dfsg1/explore/hash.h Examining data/vowpal-wabbit-8.6.1.dfsg1/java/src/main/c++/jni_base_learner.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/java/src/main/c++/jni_base_learner.h Examining data/vowpal-wabbit-8.6.1.dfsg1/java/src/main/c++/vowpalWabbit_VW.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/java/src/main/c++/vowpalWabbit_VW.h Examining data/vowpal-wabbit-8.6.1.dfsg1/java/src/main/c++/vowpalWabbit_learner_VWActionProbsLearner.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/java/src/main/c++/vowpalWabbit_learner_VWActionProbsLearner.h Examining data/vowpal-wabbit-8.6.1.dfsg1/java/src/main/c++/vowpalWabbit_learner_VWActionScoresLearner.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/java/src/main/c++/vowpalWabbit_learner_VWActionScoresLearner.h Examining data/vowpal-wabbit-8.6.1.dfsg1/java/src/main/c++/vowpalWabbit_learner_VWLearners.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/java/src/main/c++/vowpalWabbit_learner_VWLearners.h Examining data/vowpal-wabbit-8.6.1.dfsg1/java/src/main/c++/vowpalWabbit_learner_VWMulticlassLearner.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/java/src/main/c++/vowpalWabbit_learner_VWMulticlassLearner.h Examining data/vowpal-wabbit-8.6.1.dfsg1/java/src/main/c++/vowpalWabbit_learner_VWMultilabelsLearner.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/java/src/main/c++/vowpalWabbit_learner_VWMultilabelsLearner.h Examining data/vowpal-wabbit-8.6.1.dfsg1/java/src/main/c++/vowpalWabbit_learner_VWProbLearner.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/java/src/main/c++/vowpalWabbit_learner_VWProbLearner.h Examining data/vowpal-wabbit-8.6.1.dfsg1/java/src/main/c++/vowpalWabbit_learner_VWScalarLearner.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/java/src/main/c++/vowpalWabbit_learner_VWScalarLearner.h Examining data/vowpal-wabbit-8.6.1.dfsg1/java/src/main/c++/vowpalWabbit_learner_VWScalarsLearner.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/java/src/main/c++/vowpalWabbit_learner_VWScalarsLearner.h Examining data/vowpal-wabbit-8.6.1.dfsg1/library/ezexample_predict.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/library/ezexample_predict_threaded.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/library/ezexample_train.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/library/gd_mf_weights.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/library/library_example.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/library/libsearch.h Examining data/vowpal-wabbit-8.6.1.dfsg1/library/recommend.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/library/search_generate.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/library/test.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/library/test_search.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/python/pylibvw.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/examples/basic_usage_cpp/basic_usage_cpp.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/examples/basic_usage_cpp/basic_usage_cpp.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/examples/rl_sim_cpp/main.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/examples/rl_sim_cpp/person.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/examples/rl_sim_cpp/person.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/examples/rl_sim_cpp/rl_sim.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/examples/rl_sim_cpp/rl_sim.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/examples/rl_sim_cpp/rl_sim_cpp.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/examples/rl_sim_cpp/targetver.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/include/api_status.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/include/config_collection.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/include/config_utility.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/include/constants.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/include/err_constants.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/include/factory_resolver.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/include/live_model.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/include/model_mgmt.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/include/object_factory.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/include/personalization.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/include/ranking_response.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/include/str_util.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/api_status.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/error_callback_fn.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/error_callback_fn.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/factory_resolver.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/live_model.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/live_model_impl.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/live_model_impl.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/logger/async_batcher.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/logger/eventhub_client.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/logger/eventhub_client.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/logger/logger.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/logger/logger.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/logger/moving_queue.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/main.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/model_mgmt/data_callback_fn.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/model_mgmt/data_callback_fn.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/model_mgmt/model_downloader.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/model_mgmt/model_downloader.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/model_mgmt/model_mgmt.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/model_mgmt/restapi_data_transport.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/model_mgmt/restapi_data_transport.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/ranking_event.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/ranking_event.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/ranking_response.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/ranking_response_impl.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/ranking_response_impl.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/utility/config_collection.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/utility/config_utility.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/utility/context_helper.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/utility/context_helper.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/utility/http_helper.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/utility/interruptable_sleeper.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/utility/object_pool.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/utility/periodic_background_proc.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/utility/str_util.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/vw_model/safe_vw.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/vw_model/safe_vw.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/vw_model/vw_model.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/vw_model/vw_model.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/async_batcher_test.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/concurrent_queue_test.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/data.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/data_callback_test.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/err_callback_test.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/event_test.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/eventhub_client_test.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/explore_test.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/factory_test.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/http_server/http_server.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/http_server/http_server.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/http_server/main.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/http_server/stdafx.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/http_server/stdafx.h Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/json_context_parse_test.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/live_model_test.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/main.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/model_mgmt_test.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/object_pool_test.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/ranking_response_test.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/safe_vw_test.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/sleeper_test.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/status_builder_test.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/str_util_test.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/OjaNewton.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/OjaNewton.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/accumulate.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/accumulate.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/action_score.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/action_score.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/active.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/active.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/active_cover.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/active_cover.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/active_interactor.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/allreduce.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/allreduce_sockets.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/allreduce_threads.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/array_parameters.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/array_parameters_dense.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/audit_regressor.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/audit_regressor.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/autolink.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/autolink.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/baseline.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/baseline.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/beam.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/best_constant.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/best_constant.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bfgs.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bfgs.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/binary.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/binary.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/boosting.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/boosting.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bs.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bs.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cache.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cache.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cb.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cb.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cb_adf.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cb_adf.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cb_algs.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cb_algs.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cb_explore.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cb_explore.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cb_explore_adf.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cb_explore_adf.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cbify.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cbify.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/classweight.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/classweight.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/comp_io.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/comp_io.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/confidence.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/confidence.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/constant.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/correctedMath.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cost_sensitive.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cost_sensitive.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/crossplat_compat.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cs_active.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cs_active.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/csoaa.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/csoaa.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/ect.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/ect.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/error_reporting.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/example.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/example.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/example_predict.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/example_predict.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/explore_eval.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/explore_eval.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/expreplay.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/ezexample.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/feature_group.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/floatbits.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/ftrl.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/ftrl.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd_mf.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd_mf.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd_predict.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gen_cs_example.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gen_cs_example.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/global_data.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/global_data.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/interact.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/interact.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/interactions.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/interactions.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/interactions_predict.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/io_buf.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/io_buf.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/kernel_svm.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/kernel_svm.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/label_dictionary.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/label_dictionary.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/label_parser.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/learner.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/learner.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/loss_functions.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/loss_functions.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lrq.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lrq.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lrqfa.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lrqfa.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/main.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/memory.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/mf.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/mf.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/multiclass.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/multiclass.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/multilabel.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/multilabel.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/multilabel_oaa.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/multilabel_oaa.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/mwt.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/mwt.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/network.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/network.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/nn.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/nn.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/no_label.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/no_label.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/noop.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/noop.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/oaa.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/oaa.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_dispatch_loop.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_example.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_example.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_example_json.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_example_json.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_primitives.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_primitives.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parser.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parser.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parser_helper.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parser_helper.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/primitives.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/primitives.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/print.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/print.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/rand48.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/rand48.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/recall_tree.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/recall_tree.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/reductions.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/scorer.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/scorer.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search_dep_parser.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search_dep_parser.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search_entityrelationtask.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search_entityrelationtask.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search_graph.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search_graph.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search_hooktask.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search_hooktask.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search_meta.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search_meta.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search_multiclasstask.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search_multiclasstask.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search_sequencetask.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search_sequencetask.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/sender.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/sender.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/simple_label.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/simple_label.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/spanning_tree.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/spanning_tree.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/stagewise_poly.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/stagewise_poly.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/svrg.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/svrg.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/topk.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/topk.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/unique_sort.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/unique_sort.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/v_array.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/v_hashmap.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/vw.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/vw_allreduce.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/vw_exception.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/vw_exception.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/vw_validate.cc Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/vw_validate.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/vw_versions.h Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/vwdll.cpp Examining data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/vwdll.h FINAL RESULTS: data/vowpal-wabbit-8.6.1.dfsg1/library/test_search.cc:92:13: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. int ret = system("../vowpalwabbit/vw -k -c --holdout_off --passes 20 --search 4 --search_task sequence -d sequence.data -f sequence.model"); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bfgs.cc:1046:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, header_fmt, data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/crossplat_compat.h:12:19: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define sprintf_s snprintf data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/crossplat_compat.h:13:20: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define vsprintf_s vsnprintf data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/multiclass.cc:8:19: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define sprintf_s snprintf data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.cc:268:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(info.name, s); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.cc:276:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cstr, str.c_str()); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.cc:1377:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(c+2, s.c_str()); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.cc:1387:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(argv[i],"%s",foo[i].begin); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:421:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, header_fmt, "average", "since", "instance", "current true", "current predicted", "cur", "cur", "predic", "cache", "examples", ""); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:423:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, header_fmt, "loss", "last", "counter", "output prefix", "output prefix", "pass", "pol", "made", "hits", "gener", "#run"); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:425:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, header_fmt, "loss", "last", "counter", "output prefix", "output prefix", "pass", "pol", "made", "hits", "gener", "beta"); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:1542:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(priv.learn_condition_on_names.begin(), condition_on_names); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:2391:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cstr, nf_string.c_str()); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:715:63: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. initial_weights(weight initial, weight initial_random, bool random, uint32_t lda, uint32_t stride) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:716:67: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. : _initial(initial), _initial_random(initial_random), _random(random), _lda(lda), _stride(stride) {} data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.cc:873:30: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const std::string PATH = getenv( "PATH" ); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parser.cc:65:5: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. ::InitializeCriticalSection(pm); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parser.cc:92:5: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. ::EnterCriticalSection(pm); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:640:8: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. size_t random(uint64_t& v, size_t max) { return (size_t)(merand48(v) * (float)max); } data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:981:53: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. a = ( oracle_actions_cnt > 0) ? oracle_actions[random(priv.all->random_state, oracle_actions_cnt )] : data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:982:53: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. (allowed_actions_cnt > 0) ? allowed_actions[random(priv.all->random_state, allowed_actions_cnt)] : data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:983:31: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. priv.is_ldf ? (action)random(priv.all->random_state, ec_cnt) : data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:984:22: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. (action)(1 + random(priv.all->random_state, priv.A)); data/vowpal-wabbit-8.6.1.dfsg1/big_tests/testCode/mnist.extractfeatures.cpp:33:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[rc]; data/vowpal-wabbit-8.6.1.dfsg1/big_tests/testCode/mnist.extractpixels.cpp:33:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[rc]; data/vowpal-wabbit-8.6.1.dfsg1/cluster/spanning_tree_main.cc:47:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pid_file.open(argv[1]); data/vowpal-wabbit-8.6.1.dfsg1/demo/mnist/extractfeatures.cpp:33:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[rc]; data/vowpal-wabbit-8.6.1.dfsg1/demo/mnist/extractpixels.cpp:33:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[rc]; data/vowpal-wabbit-8.6.1.dfsg1/demo/mnist/pixelngrams.cpp:66:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[n_rows * n_columns]; data/vowpal-wabbit-8.6.1.dfsg1/library/ezexample_predict_threaded.cc:83:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int threadcount = atoi(argv[1]); data/vowpal-wabbit-8.6.1.dfsg1/library/ezexample_predict_threaded.cc:84:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). runcount = atoi(argv[2]); data/vowpal-wabbit-8.6.1.dfsg1/library/gd_mf_weights.cc:56:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). size_t rank = atoi(location); data/vowpal-wabbit-8.6.1.dfsg1/library/gd_mf_weights.cc:64:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* file = fopen(infile.c_str(), "r"); data/vowpal-wabbit-8.6.1.dfsg1/library/recommend.cc:125:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fB = fopen(blacklistfilename.c_str(), "r")) == NULL) data/vowpal-wabbit-8.6.1.dfsg1/library/recommend.cc:130:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fU = fopen(userfilename.c_str(), "r")) == NULL ) data/vowpal-wabbit-8.6.1.dfsg1/library/recommend.cc:135:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if((fI = fopen(itemfilename.c_str(), "r")) == NULL ) data/vowpal-wabbit-8.6.1.dfsg1/python/pylibvw.cc:264:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ns_str[2] = { (char)ns, 0 }; data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/examples/basic_usage_cpp/basic_usage_cpp.cc:92:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fs.open(file_name); data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/examples/rl_sim_cpp/rl_sim.cc:68:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fs.open(file_name); data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/utility/config_collection.cc:50:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(it->second.c_str()); data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/vw_model/safe_vw.cc:46:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &*_current, left_over); data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/data_callback_test.cc:30:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(md.data(), str, strlen(str)+1); data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/data_callback_test.cc:46:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(md.data(), str, strlen(str)+1); data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/data_callback_test.cc:65:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(md.data(), str, strlen(str)+1); data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/http_server/http_server.h:15:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pplx::task<void> open() { return m_listener.open(); } data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/http_server/http_server.h:15:46: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pplx::task<void> open() { return m_listener.open(); } data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/http_server/http_server.h:42:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return ( g_http->open().wait() == pplx::completed ); data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/http_server/main.cc:19:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). g_http->open().wait(); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/active.cc:91:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[30]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/active.cc:92:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "%f", res); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/active.cc:98:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, " %f", weight); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/active_interactor.cc:77:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/active_interactor.cc:92:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port=atoi(argv[2]); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/allreduce.h:206:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char child_read_buf[2][ar_buf_size + sizeof(T) - 1]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/allreduce_sockets.cc:49:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dotted_quad[INET_ADDRSTRLEN]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/allreduce_sockets.cc:53:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[NI_MAXHOST]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/allreduce_sockets.cc:54:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char servInfo[NI_MAXSERV]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/allreduce_sockets.cc:198:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dotted_quad[INET_ADDRSTRLEN]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/array_parameters.h:138:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(default_value, input.default_value, stride()); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/array_parameters_dense.h:129:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, _begin, float_count * sizeof(float)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bs.cc:135:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[30]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bs.cc:136:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "%f", res); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bs.cc:141:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "%f", lb); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bs.cc:144:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "%f", ub); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cache.cc:183:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, &f.value(), sizeof(feature_value)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cache.cc:198:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, tag.begin(), tag.size()); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cb_adf.cc:194:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[1]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cb_explore.cc:256:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_str[20]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cb_explore.cc:262:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp_str,"%f ", ec.pred.a_s[i].score); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cb_explore.cc:271:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp_str, "%d:%f", maxid, maxprob); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/confidence.cc:33:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[30]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/confidence.cc:34:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "%f %f", res, confidence); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/csoaa.cc:541:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[1]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/example.cc:156:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fec.tag,ec->tag.begin(), fec.tag_len); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/ezexample.h:20:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[2]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/global_data.cc:97:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[30]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/global_data.cc:99:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "%f", res); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/global_data.cc:101:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "%.0f", res); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/global_data.cc:202:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int n = atoi(ngram.c_str()); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/global_data.cc:212:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int n = atoi(ngram.c_str()+1); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/global_data.cc:227:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int n = atoi(limit.c_str()); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/global_data.cc:237:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int n = atoi(limit.c_str()+1); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/global_data.h:113:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. { char v_str[128]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/global_data.h:156:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, label_list.c_str(), strlen(label_list.c_str())); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/global_data.h:172:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(l_copy.begin, l.begin, len * sizeof(char)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/global_data.h:517:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char redefine[256]; // keeps new chars for amespaces data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/io_buf.h:95:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ret = open(name, O_RDONLY|O_LARGEFILE); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/io_buf.h:112:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ret = open(name, O_CREAT|O_WRONLY|O_LARGEFILE|O_TRUNC,0666); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/io_buf.h:225:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data,p,len); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/io_buf.h:249:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, data, len); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/kernel_svm.cc:605:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(queries + prev_sum, b->space.begin(), b->head - b->space.begin()); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:116:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mx, &x, sizeof(uint32_t)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:120:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&mx_f, &mx, sizeof(float)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:123:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&vx, &x, sizeof(uint32_t)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:142:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, &approx, sizeof(uint32_t)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:200:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ret, &val, sizeof(uint32_t)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:657:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v, new_gamma.begin(), sizeof(float) * l.topics); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:660:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(old_gamma.begin(), new_gamma.begin(), sizeof(float) * l.topics); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:688:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ec->pred.scalars.begin(), new_gamma.begin(), l.topics * sizeof(float)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:352:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen("atxm_debug.csv", "wt"); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lrq.cc:94:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). unsigned int k = atoi (i.c_str () + 2); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lrq.cc:211:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). unsigned int k = atoi (i.c_str () + 2); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lrqfa.cc:149:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). lrq->k = atoi(lrqopt.substr(last_index+1).c_str()); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/multiclass.cc:45:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, &ld->label, sizeof(ld->label)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/multiclass.cc:47:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, &ld->weight, sizeof(ld->weight)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/multiclass.cc:119:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_str[10]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/multiclass.cc:122:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label_str[512]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/multiclass.cc:131:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_str[10]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/multiclass.cc:134:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label_str[512]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/multilabel.cc:111:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). uint32_t n = atoi(p->parse_name[i].begin); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/network.cc:43:12: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). port = atoi(colon+1); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/nn.cc:142:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&sd, n.all->sd, sizeof(shared_data)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/oaa.cc:171:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_str[10]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/oaa.cc:183:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp_str, "%f", ec.pred.scalars[i]); // 0.123 -> 0.123000 data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.cc:97:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[1024]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.cc:231:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(word, c, d-c); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.cc:997:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = open(fstr, O_CREAT|O_WRONLY|O_LARGEFILE|O_TRUNC,0666); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.cc:1022:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = open(t, O_CREAT|O_WRONLY|O_LARGEFILE|O_TRUNC,0666); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_example.cc:66:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char (*redefine)[256]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:174:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(__dest, __src, __n); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:191:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff2, version.to_string().c_str(), min(v_length, buf2_size)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:210:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff2, all.id.c_str(), min(v_length, default_buf_size)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:269:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pair[3] = { 0, 0, 0 }; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:273:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pair, all.pairs[i].c_str(), 2); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:301:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char triple[4] = { 0, 0, 0, 0 }; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:306:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(triple, all.triples[i].c_str(), 3); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:343:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buff2, all.interactions[i].c_str(), inter_len); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:404:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ngram[4] = { 0, 0, 0, 0 }; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:408:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ngram, all.ngram_strings[i].c_str(), min(3, all.ngram_strings[i].size())); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:434:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char skip[4] = { 0, 0, 0, 0 }; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:438:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(skip, all.skip_strings[i].c_str(), min(3, all.skip_strings[i].size())); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parser.cc:476:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). port_file.open(all.opts_n_args.vm["port_file"].as<string>().c_str()); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parser.cc:495:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pid_file.open(all.opts_n_args.vm["pid_file"].as<string>().c_str()); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parser.cc:515:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sd, all.sd, sizeof(shared_data)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:409:30: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. if (big > 9999999999) sprintf(c, "%dg", (int)(big / 1000000000)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:410:30: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if (big > 9999999) sprintf(c, "%dm", (int)(big / 1000000)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:411:30: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else if (big > 9999) sprintf(c, "%dk", (int)(big / 1000)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:412:30: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. else sprintf(c, "%d", (int)(big)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:433:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char true_label[21]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:434:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pred_label[21]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:455:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inst_cntr[9]; number_to_natural((size_t)all.sd->example_number, inst_cntr); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:456:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char total_pred[8]; number_to_natural(priv.total_predictions_made, total_pred); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:457:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char total_cach[8]; number_to_natural(priv.total_cache_hits, total_cach); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:458:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char total_exge[8]; number_to_natural(priv.total_examples_generated, total_exge); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:1527:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(priv.learn_condition_on.begin(), condition_on, condition_on_cnt * sizeof(ptag)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:1549:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(priv.learn_allowed_actions.begin(), allowed_actions, allowed_actions_cnt*sizeof(action)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:1672:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(priv.learn_allowed_actions.begin(), allowed_actions, allowed_actions_cnt * sizeof(action)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:1732:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(B, A+lo, N*sizeof(size_t)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:2344:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(filename, "r"); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:2895:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(A.begin(), old_pointer, old_size * sizeof(T)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:2934:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (a != nullptr) memcpy(A.begin() + old_size, a, count * sizeof(T)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search_entityrelationtask.cc:122:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). id1 = atoi(s1.c_str()); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search_entityrelationtask.cc:130:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). id2 = atoi(s2.c_str()); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/simple_label.cc:46:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, &ld->label, sizeof(ld->label)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/simple_label.cc:48:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, &ld->weight, sizeof(ld->weight)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/simple_label.cc:50:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c, &ld->initial, sizeof(ld->initial)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/spanning_tree.cc:161:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dotted_quad[INET_ADDRSTRLEN]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/spanning_tree.cc:165:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostname[NI_MAXHOST]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/spanning_tree.cc:166:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char servInfo[NI_MAXSERV]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/topk.cc:32:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[30]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/topk.cc:39:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "%f", tmp_example.first); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/v_array.h:192:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v._end, _begin, num * sizeof(T)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/vw_exception.cc:43:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4 * 1024]; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/vw_exception.h:79:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char __errmsg[256]; \ data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/vw_exception.h:91:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char __errmsg[256]; \ data/vowpal-wabbit-8.6.1.dfsg1/big_tests/testCode/mnist.extractfeatures.cpp:16:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read (reinterpret_cast<char*> (&magic), sizeof (uint32_t)); data/vowpal-wabbit-8.6.1.dfsg1/big_tests/testCode/mnist.extractfeatures.cpp:21:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read (reinterpret_cast<char*> (&n_images), sizeof (uint32_t)); data/vowpal-wabbit-8.6.1.dfsg1/big_tests/testCode/mnist.extractfeatures.cpp:25:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read (reinterpret_cast<char*> (&n_rows), sizeof (uint32_t)); data/vowpal-wabbit-8.6.1.dfsg1/big_tests/testCode/mnist.extractfeatures.cpp:29:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read (reinterpret_cast<char*> (&n_columns), sizeof (uint32_t)); data/vowpal-wabbit-8.6.1.dfsg1/big_tests/testCode/mnist.extractfeatures.cpp:35:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (cin.read (reinterpret_cast<char*> (buf), rc); data/vowpal-wabbit-8.6.1.dfsg1/big_tests/testCode/mnist.extractfeatures.cpp:37:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read (reinterpret_cast<char*> (buf), rc)) data/vowpal-wabbit-8.6.1.dfsg1/big_tests/testCode/mnist.extractpixels.cpp:16:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read (reinterpret_cast<char*> (&magic), sizeof (uint32_t)); data/vowpal-wabbit-8.6.1.dfsg1/big_tests/testCode/mnist.extractpixels.cpp:21:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read (reinterpret_cast<char*> (&n_images), sizeof (uint32_t)); data/vowpal-wabbit-8.6.1.dfsg1/big_tests/testCode/mnist.extractpixels.cpp:25:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read (reinterpret_cast<char*> (&n_rows), sizeof (uint32_t)); data/vowpal-wabbit-8.6.1.dfsg1/big_tests/testCode/mnist.extractpixels.cpp:29:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read (reinterpret_cast<char*> (&n_columns), sizeof (uint32_t)); data/vowpal-wabbit-8.6.1.dfsg1/big_tests/testCode/mnist.extractpixels.cpp:35:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (cin.read (reinterpret_cast<char*> (buf), rc); data/vowpal-wabbit-8.6.1.dfsg1/big_tests/testCode/mnist.extractpixels.cpp:37:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read (reinterpret_cast<char*> (buf), rc)) data/vowpal-wabbit-8.6.1.dfsg1/demo/mnist/extractfeatures.cpp:16:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read (reinterpret_cast<char*> (&magic), sizeof (uint32_t)); data/vowpal-wabbit-8.6.1.dfsg1/demo/mnist/extractfeatures.cpp:21:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read (reinterpret_cast<char*> (&n_images), sizeof (uint32_t)); data/vowpal-wabbit-8.6.1.dfsg1/demo/mnist/extractfeatures.cpp:25:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read (reinterpret_cast<char*> (&n_rows), sizeof (uint32_t)); data/vowpal-wabbit-8.6.1.dfsg1/demo/mnist/extractfeatures.cpp:29:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read (reinterpret_cast<char*> (&n_columns), sizeof (uint32_t)); data/vowpal-wabbit-8.6.1.dfsg1/demo/mnist/extractfeatures.cpp:35:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (cin.read (reinterpret_cast<char*> (buf), rc); data/vowpal-wabbit-8.6.1.dfsg1/demo/mnist/extractfeatures.cpp:37:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read (reinterpret_cast<char*> (buf), rc)) data/vowpal-wabbit-8.6.1.dfsg1/demo/mnist/extractpixels.cpp:16:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read (reinterpret_cast<char*> (&magic), sizeof (uint32_t)); data/vowpal-wabbit-8.6.1.dfsg1/demo/mnist/extractpixels.cpp:21:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read (reinterpret_cast<char*> (&n_images), sizeof (uint32_t)); data/vowpal-wabbit-8.6.1.dfsg1/demo/mnist/extractpixels.cpp:25:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read (reinterpret_cast<char*> (&n_rows), sizeof (uint32_t)); data/vowpal-wabbit-8.6.1.dfsg1/demo/mnist/extractpixels.cpp:29:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read (reinterpret_cast<char*> (&n_columns), sizeof (uint32_t)); data/vowpal-wabbit-8.6.1.dfsg1/demo/mnist/extractpixels.cpp:35:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for (cin.read (reinterpret_cast<char*> (buf), rc); data/vowpal-wabbit-8.6.1.dfsg1/demo/mnist/extractpixels.cpp:37:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cin.read (reinterpret_cast<char*> (buf), rc)) data/vowpal-wabbit-8.6.1.dfsg1/explore/explore_internal.h:286:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint64_t seed_hash = uniform_hash(seed, strlen(seed), 0); data/vowpal-wabbit-8.6.1.dfsg1/explore/explore_internal.h:346:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint64_t seed_hash = uniform_hash(seed, strlen(seed), 0); data/vowpal-wabbit-8.6.1.dfsg1/library/gd_mf_weights.cc:67:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t read; data/vowpal-wabbit-8.6.1.dfsg1/library/gd_mf_weights.cc:78:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). { line[strlen(line)-1] = 0; // chop data/vowpal-wabbit-8.6.1.dfsg1/library/recommend.cc:58:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). get_hashv(line,strlen(line),hashv); data/vowpal-wabbit-8.6.1.dfsg1/library/recommend.cc:70:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). get_hashv(line,strlen(line),hashv); data/vowpal-wabbit-8.6.1.dfsg1/library/recommend.cc:145:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t read; data/vowpal-wabbit-8.6.1.dfsg1/library/recommend.cc:177:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u[strlen(u)-1] = 0; // chop data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/live_model.cc:75:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!arg1 || !arg2 || strlen(arg1) == 0 || strlen(arg2) == 0) data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/live_model.cc:75:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!arg1 || !arg2 || strlen(arg1) == 0 || strlen(arg2) == 0) data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/rlclientlib/vw_model/safe_vw.cc:118:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). std::vector<char> line_vec(context, context + strlen(context) + 1); data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/data_callback_test.cc:28:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md.alloc(strlen(str)+1); data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/data_callback_test.cc:30:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(md.data(), str, strlen(str)+1); data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/data_callback_test.cc:44:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md.alloc(strlen(str)+1); data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/data_callback_test.cc:46:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(md.data(), str, strlen(str)+1); data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/data_callback_test.cc:63:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md.alloc(strlen(str)+1); data/vowpal-wabbit-8.6.1.dfsg1/reinforcement_learning/unit_test/data_callback_test.cc:65:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(md.data(), str, strlen(str)+1); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/OjaNewton.cc:508:56: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load(OjaNewton& ON, io_buf& model_file, bool read, bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/OjaNewton.cc:511:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/OjaNewton.cc:522:81: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file, (char *)&resume, sizeof (resume), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/OjaNewton.cc:526:51: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). GD::save_load_online_state(all, model_file, read, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/OjaNewton.cc:528:48: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). GD::save_load_regressor(all, model_file, read, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bfgs.cc:962:71: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load_regularizer(vw& all, bfgs& b, io_buf& model_file, bool read, bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bfgs.cc:969:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(b.output_regularizer && !read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bfgs.cc:976:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bfgs.cc:1003:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bfgs.cc:1006:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((!read && i < length) || (read && brw >0)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bfgs.cc:1006:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((!read && i < length) || (read && brw >0)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bfgs.cc:1008:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bfgs.cc:1013:50: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load(bfgs& b, io_buf& model_file, bool read, bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bfgs.cc:1019:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bfgs.cc:1058:47: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool reg_vector = (b.output_regularizer && !read) || (all->per_feature_regularizer_input.length() > 0 && read); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bfgs.cc:1058:108: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool reg_vector = (b.output_regularizer && !read) || (all->per_feature_regularizer_input.length() > 0 && read); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bfgs.cc:1065:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bfgs.cc:1068:50: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). save_load_regularizer(*all, b, model_file, read, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/bfgs.cc:1070:49: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). GD::save_load_regressor(*all, model_file, read, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/boosting.cc:272:63: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load_sampling(boosting &o, io_buf &model_file, bool read, bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/boosting.cc:278:76: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file, (char *) &(o.N), sizeof(o.N), "", read, os, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/boosting.cc:280:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/boosting.cc:287:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/boosting.cc:301:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/boosting.cc:314:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/boosting.cc:341:54: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load(boosting &o, io_buf &model_file, bool read, bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/boosting.cc:347:76: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file, (char *) &(o.N), sizeof(o.N), "", read, os, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/boosting.cc:349:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/boosting.cc:354:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/boosting.cc:369:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cb.cc:110:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len_str = strlen(str); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cb_adf.cc:326:52: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load(cb_adf& c, io_buf& model_file, bool read, bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cb_adf.cc:333:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cb_adf.cc:337:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/cost_sensitive.cc:127:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len_str = strlen(str); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/ftrl.cc:205:50: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load(ftrl& b, io_buf& model_file, bool read, bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/ftrl.cc:208:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/ftrl.cc:216:80: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char *)&resume, sizeof (resume), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/ftrl.cc:219:52: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). GD::save_load_online_state(*all, model_file, read, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/ftrl.cc:221:49: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). GD::save_load_regressor(*all, model_file, read, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:675:60: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load_regressor(vw& all, io_buf& model_file, bool read, bool text, T& weights) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:703:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:745:60: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load_regressor(vw& all, io_buf& model_file, bool read, bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:748:42: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). save_load_regressor(all, model_file, read, text, all.weights.sparse_weights); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:750:42: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). save_load_regressor(all, model_file, read, text, all.weights.dense_weights); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:754:63: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load_online_state(vw& all, io_buf& model_file, bool read, bool text, gd* g, stringstream& msg, T& weights) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:762:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:828:63: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load_online_state(vw& all, io_buf& model_file, bool read, bool text, gd* g) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:835:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:839:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:843:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:847:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:851:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:855:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:859:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:863:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:867:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:871:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:875:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:879:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:883:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:885:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read || all.model_file_ver >= VERSION_SAVE_RESUME_FIX) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:891:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read && g != nullptr) total_weight = g->total_weight; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:894:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:895:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read && g != nullptr) g->total_weight = total_weight; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:900:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:906:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:911:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:917:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read && (!all.training || !all.preserve_performance_counters)) // reset various things so that we report test set performance properly data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:931:45: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). save_load_online_state(all, model_file, read, text, g, msg, all.weights.sparse_weights); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:933:45: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). save_load_online_state(all, model_file, read, text, g, msg, all.weights.dense_weights); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:946:48: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load(gd& g, io_buf& model_file, bool read, bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:949:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:976:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:980:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read && all.model_file_ver < VERSION_SAVE_RESUME_FIX) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:983:47: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). save_load_online_state(all, model_file, read, text, &g); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.cc:986:44: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). save_load_regressor(all, model_file, read, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.h:25:60: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load_regressor(vw& all, io_buf& model_file, bool read, bool text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd.h:26:63: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load_online_state(vw& all, io_buf& model_file, bool read, bool text, GD::gd *g = nullptr); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd_mf.cc:249:50: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load(gdmf& d, io_buf& model_file, bool read, bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd_mf.cc:253:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd_mf.cc:277:44: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd_mf.cc:286:48: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd_mf.cc:293:46: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg,text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd_mf.cc:296:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd_mf.cc:299:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((!read && i < length) || (read && brw >0)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/gd_mf.cc:299:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((!read && i < length) || (read && brw >0)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/global_data.cc:37:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(sock,buf,(unsigned int)(count-done)) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/global_data.h:156:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(temp, label_list.c_str(), strlen(label_list.c_str())); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/io_buf.cc:137:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read(f, buf, (unsigned int)nbytes); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/io_buf.h:279:66: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const char* read_message, bool read, data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/io_buf.h:281:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/io_buf.h:301:72: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const char* read_message, bool read, data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/io_buf.h:303:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/io_buf.h:310:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). const char* read_message, bool read, data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/io_buf.h:312:74: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { size_t nbytes = bin_text_read_write_fixed(io, data, len, read_message, read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/io_buf.h:313:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read && len > 0) // only validate bytes read/write if expected length > 0 data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/kernel_svm.cc:217:53: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int save_load_flat_example(io_buf& model_file, bool read, flat_example*& fec) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/kernel_svm.cc:220:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/kernel_svm.cc:278:71: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load_svm_model(svm_params& params, io_buf& model_file, bool read, bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/kernel_svm.cc:287:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/kernel_svm.cc:291:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/kernel_svm.cc:296:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/kernel_svm.cc:298:42: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). save_load_flat_example(model_file, read, fec); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/kernel_svm.cc:306:42: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). save_load_flat_example(model_file, read, fec); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/kernel_svm.cc:310:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/kernel_svm.cc:313:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/kernel_svm.cc:314:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/kernel_svm.cc:317:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/kernel_svm.cc:320:61: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load(svm_params& params, io_buf& model_file, bool read, bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/kernel_svm.cc:328:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). save_load_svm_model(params, model_file, read, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:736:49: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load(lda &l, io_buf &model_file, bool read, bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:740:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:759:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read && text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:762:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read || all.model_file_ver >= VERSION_FILE_WITH_HEADER_ID) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:763:81: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). brw += bin_text_read_write_fixed(model_file, (char *)&i, sizeof(i), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:768:81: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). brw += bin_text_read_write_fixed(model_file, (char *)&j, sizeof(j), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:778:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read && text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:780:83: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). brw += bin_text_read_write_fixed(model_file, (char *)v, sizeof(*v), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:785:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:787:70: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). brw += bin_text_read_write_fixed(model_file, nullptr, 0, "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:789:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:792:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((!read && i < length) || (read && brw > 0)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/lda_core.cc:792:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((!read && i < length) || (read && brw > 0)); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/learner.h:72:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { using fn = void(*)(void*, io_buf&, bool read, bool text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/learner.h:206:48: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). inline void save_load(io_buf& io, const bool read, const bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/learner.h:207:53: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). { save_load_fd.save_load_f(save_load_fd.data, io, read, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/learner.h:208:61: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (save_load_fd.base) save_load_fd.base->save_load(io, read, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:398:60: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load_tree(log_multi& b, io_buf& model_file, bool read, bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:404:85: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&b.max_predictors, sizeof(b.k), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:408:74: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&temp, sizeof(temp), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:409:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:414:98: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&b.max_predictors, sizeof(b.max_predictors), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:417:100: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&b.predictors_used, sizeof(b.predictors_used), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:420:86: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&b.progress, sizeof(b.progress), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:423:92: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&b.swap_resist, sizeof(b.swap_resist), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:431:84: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&n.parent, sizeof(n.parent), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:436:76: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&temp, sizeof(temp), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:437:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:442:90: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&n.min_count, sizeof(n.min_count), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:445:88: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&n.internal, sizeof(n.internal), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:450:102: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&n.base_predictor, sizeof(n.base_predictor), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:453:82: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&n.left, sizeof(n.left), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:456:84: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&n.right, sizeof(n.right), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:459:88: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&n.norm_Eh, sizeof(n.norm_Eh), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:462:78: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&n.Eh, sizeof(n.Eh), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:465:76: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&n.n, sizeof(n.n), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:470:92: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&n.max_count, sizeof(n.max_count), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:472:104: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&n.max_count_label, sizeof(n.max_count_label), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:480:80: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&p.Ehk, sizeof(p.Ehk), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:483:90: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&p.norm_Ehk, sizeof(p.norm_Ehk), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:486:78: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&p.nk, sizeof(p.nk), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:489:84: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&p.label, sizeof(p.label), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/log_multi.cc:492:96: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file,(char*)&p.label_count, sizeof(p.label_count), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:251:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load(data& sm, io_buf& io, bool read, bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:259:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:264:87: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed_validated(io, (char*)&total_size, sizeof(total_size), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:270:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:275:69: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(io, (char*)&index, sizeof(index), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:277:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:282:77: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(io, (char*)&numerator, sizeof(numerator), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:284:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:289:81: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(io, (char*)&denominator, sizeof(denominator), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:290:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:298:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:303:89: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed_validated(io, (char*)&total_size, sizeof(total_size), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:309:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:314:71: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(io, (char*)&index, sizeof(index), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:316:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:326:65: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(io, (char*)&r1, sizeof(r1), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:327:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:329:65: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(io, (char*)&c1, sizeof(c1), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:330:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:332:65: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(io, (char*)&w1, sizeof(w1), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:333:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:335:65: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(io, (char*)&r2, sizeof(r2), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:336:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:338:65: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(io, (char*)&c2, sizeof(c2), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:339:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if(!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:341:65: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(io, (char*)&w2, sizeof(w2), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/marginal.cc:343:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/mwt.cc:198:49: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load(mwt& c, io_buf& model_file, bool read, bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/mwt.cc:207:89: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed_validated(model_file, (char*)&c.total, sizeof(c.total), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/mwt.cc:211:101: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed_validated(model_file, (char*)&policies_size, sizeof(policies_size), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/mwt.cc:213:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/mwt.cc:226:43: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/mwt.cc:232:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/mwt.cc:235:45: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.cc:267:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dictionary_info info = { calloc_or_throw<char>(strlen(s)+1), fd_hash, map }; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.cc:445:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(vw1.spelling_features, vw1.spelling_features + (sizeof(vw1.spelling_features) / sizeof(bool)), vw2.spelling_features)) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.cc:448:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(vw1.affix_features, vw1.affix_features + (sizeof(vw1.affix_features) / sizeof(uint32_t)), vw2.affix_features)) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.cc:451:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(vw1.ngram, vw1.ngram + (sizeof(vw1.ngram) / sizeof(uint32_t)), vw2.ngram)) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.cc:454:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(vw1.skips, vw1.skips + (sizeof(vw1.skips) / sizeof(uint32_t)), vw2.skips)) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.cc:457:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(vw1.limit, vw1.limit + (sizeof(vw1.limit) / sizeof(uint32_t)), vw2.limit)) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.cc:472:27: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (vw1.ignore_some && !equal(vw1.ignore, vw1.ignore + (sizeof(vw1.ignore) / sizeof(bool)), vw2.ignore)) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.cc:478:34: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (vw1.ignore_some_linear && !equal(vw1.ignore_linear, vw1.ignore_linear + (sizeof(vw1.ignore_linear) / sizeof(bool)), vw2.ignore_linear)) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.cc:484:29: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (vw1.redefine_some && !equal(vw1.redefine, vw1.redefine + (sizeof(vw1.redefine) / sizeof(unsigned char)), vw2.redefine)) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_args.cc:493:8: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!equal(vw1.dictionary_path.begin(), vw1.dictionary_path.end(), vw2.dictionary_path.begin())) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_example.cc:444:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). substring ss = {line, line+strlen(line)}; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_example_json.h:1133:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). handler.init(&all, &examples, &ss, line + strlen(line), example_factory, ex_factory_context); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:177:57: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load_header(vw& all, io_buf& model_file, bool read, bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:192:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:198:51: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:211:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:214:53: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:217:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read && find(all.opts_n_args.args.begin(), all.opts_n_args.args.end(), "--id") == all.opts_n_args.args.end() && !all.id.empty()) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:227:55: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "file is not a model file", read, data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:232:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:237:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:242:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:244:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read && find(all.opts_n_args.args.begin(), all.opts_n_args.args.end(), "--bit_precision") == all.opts_n_args.args.end()) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:264:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:271:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:278:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:279:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:290:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:296:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:303:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:309:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:310:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:320:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:329:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:334:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:340:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:341:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:350:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:352:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:361:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:377:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:394:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:400:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:405:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:411:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:412:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:424:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:430:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:435:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:442:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:443:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:454:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:456:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:478:53: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.cc:493:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/parse_regressor.h:19:57: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load_header(vw& all, io_buf& model_file, bool read, bool text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/recall_tree.cc:477:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read, \ data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/recall_tree.cc:492:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read, \ data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/recall_tree.cc:498:62: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load_tree(recall_tree& b, io_buf& model_file, bool read, bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/recall_tree.cc:508:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/recall_tree.cc:537:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/recall_tree.cc:555:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:1445:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t condition_on_cnt = condition_on_names ? strlen(condition_on_names) : 0; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:1541:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ensure_size(priv.learn_condition_on_names, strlen(condition_on_names)+1); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/search.cc:2398:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). substring me = { p, p+strlen(p) }; data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/stagewise_poly.cc:661:63: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load(stagewise_poly &poly, io_buf &model_file, bool read, bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/stagewise_poly.cc:666:108: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bin_text_read_write_fixed(model_file, (char *) poly.depthsbits, (uint32_t)depthsbits_sizeof(poly), "", read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/svrg.cc:144:50: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void save_load(svrg& s, io_buf& model_file, bool read, bool text) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/svrg.cc:146:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read) data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/svrg.cc:157:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read, msg, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/svrg.cc:160:54: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). GD::save_load_online_state(*s.all, model_file, read, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/svrg.cc:162:51: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). GD::save_load_regressor(*s.all, model_file, read, text); data/vowpal-wabbit-8.6.1.dfsg1/vowpalwabbit/vw.h:150:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ss.end = ss.begin + strlen(fstr); ANALYSIS SUMMARY: Hits = 468 Lines analyzed = 54732 in approximately 1.60 seconds (34182 lines/second) Physical Source Lines of Code (SLOC) = 41629 Hits@level = [0] 72 [1] 302 [2] 142 [3] 10 [4] 14 [5] 0 Hits@level+ = [0+] 540 [1+] 468 [2+] 166 [3+] 24 [4+] 14 [5+] 0 Hits/KSLOC@level+ = [0+] 12.9717 [1+] 11.2422 [2+] 3.9876 [3+] 0.576521 [4+] 0.336304 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.