Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/wyhash-0~2.gbp234f0c6/benchmark.cpp
Examining data/wyhash-0~2.gbp234f0c6/o1hash.h
Examining data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_alpha.h
Examining data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_beta.h
Examining data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_gamma.h
Examining data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v1.h
Examining data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v2.h
Examining data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v3.h
Examining data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v4.h
Examining data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v5.h
Examining data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v6.h
Examining data/wyhash-0~2.gbp234f0c6/test_vector.cpp
Examining data/wyhash-0~2.gbp234f0c6/wyhash.h
Examining data/wyhash-0~2.gbp234f0c6/wyhash32.h
FINAL RESULTS:
data/wyhash-0~2.gbp234f0c6/o1hash.h:16:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline unsigned _o1r4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return v;}
data/wyhash-0~2.gbp234f0c6/o1hash.h:19:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline unsigned _o1r4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return __builtin_bswap32(v);}
data/wyhash-0~2.gbp234f0c6/o1hash.h:21:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline unsigned _o1r4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return _byteswap_ulong(v);}
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_alpha.h:55:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return v;}
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_alpha.h:56:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return v;}
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_alpha.h:59:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return __builtin_bswap64(v);}
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_alpha.h:60:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return __builtin_bswap32(v);}
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_alpha.h:62:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return _byteswap_uint64(v);}
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_alpha.h:63:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return _byteswap_ulong(v);}
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_beta.h:87:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return v^0x5555555555555555ull;}
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_beta.h:88:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return v^0x5555555555555555ull;}
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_beta.h:91:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return __builtin_bswap64(v)^0x5555555555555555ull;}
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_beta.h:92:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return __builtin_bswap32(v)^0x5555555555555555ull;}
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_beta.h:94:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return _byteswap_uint64(v)^0x5555555555555555ull;}
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_beta.h:95:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return _byteswap_ulong(v)^0x5555555555555555ull;}
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_gamma.h:66:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return v;}
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_gamma.h:67:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return v;}
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_gamma.h:69:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return __builtin_bswap64(v);}
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_gamma.h:70:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return __builtin_bswap32(v);}
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_gamma.h:72:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return _byteswap_uint64(v);}
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_gamma.h:73:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return _byteswap_ulong(v);}
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v1.h:36:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 1);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v1.h:41:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 2);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v1.h:46:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 4);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v1.h:51:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 8);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v2.h:40:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 1);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v2.h:45:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 2);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v2.h:50:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 4);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v2.h:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 8);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v3.h:44:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 8);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v3.h:49:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 4);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v3.h:175:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static inline char *wysum(const void *key, uint64_t len, char result[15]) {
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v3.h:175:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static inline char *wysum(const void *key, uint64_t len, char result[15]) {
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v3.h:237:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + 1, _wyhanzi + (h & 2047) * 3, 3);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v3.h:238:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + 4, _wyhanzi + ((h >> 11) & 2047) * 3, 3);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v3.h:239:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + 7, _wyhanzi + ((h >> 22) & 2047) * 3, 3);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v3.h:240:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + 10, _wyhanzi + ((h >> 33) & 2047) * 3, 3);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v4.h:54:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 8);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v4.h:59:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 4);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v4.h:66:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 8);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v4.h:71:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 4);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v4.h:77:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 8);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v4.h:82:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 4);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v5.h:82:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 8);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v5.h:87:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 4);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v5.h:94:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 8);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v5.h:99:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 4);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v5.h:105:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 8);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v5.h:110:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 4);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v5.h:250:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer + ctx->left, p, slots);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v5.h:259:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer, p, len);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v6.h:86:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 8);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v6.h:91:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 4);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v6.h:98:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 8);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v6.h:103:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 4);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v6.h:109:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 8);
data/wyhash-0~2.gbp234f0c6/old_versions/wyhash_v6.h:114:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&v, p, 4);
data/wyhash-0~2.gbp234f0c6/wyhash.h:72:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return v;}
data/wyhash-0~2.gbp234f0c6/wyhash.h:73:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return v;}
data/wyhash-0~2.gbp234f0c6/wyhash.h:75:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return __builtin_bswap64(v);}
data/wyhash-0~2.gbp234f0c6/wyhash.h:76:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return __builtin_bswap32(v);}
data/wyhash-0~2.gbp234f0c6/wyhash.h:78:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr8(const uint8_t *p) { uint64_t v; memcpy(&v, p, 8); return _byteswap_uint64(v);}
data/wyhash-0~2.gbp234f0c6/wyhash.h:79:62: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline uint64_t _wyr4(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return _byteswap_ulong(v);}
data/wyhash-0~2.gbp234f0c6/wyhash32.h:5:63: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline unsigned _wyr32(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return v;}
data/wyhash-0~2.gbp234f0c6/wyhash32.h:7:63: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline unsigned _wyr32(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return __builtin_bswap32(v);}
data/wyhash-0~2.gbp234f0c6/wyhash32.h:9:63: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static inline unsigned _wyr32(const uint8_t *p) { unsigned v; memcpy(&v, p, 4); return _byteswap_ulong(v);}
data/wyhash-0~2.gbp234f0c6/benchmark.cpp:29:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cerr.precision(2); cerr.setf(ios::fixed); cerr<<'|'<<name<<(strlen(name)<8?"\t\t|":"\t|");
ANALYSIS SUMMARY:
Hits = 67
Lines analyzed = 2236 in approximately 0.10 seconds (22397 lines/second)
Physical Source Lines of Code (SLOC) = 2108
Hits@level = [0] 0 [1] 1 [2] 66 [3] 0 [4] 0 [5] 0
Hits@level+ = [0+] 67 [1+] 67 [2+] 66 [3+] 0 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 31.7837 [1+] 31.7837 [2+] 31.3093 [3+] 0 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.