Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xgboost-1.2.1/R-package/src/init.c
Examining data/xgboost-1.2.1/R-package/src/xgboost_R.cc
Examining data/xgboost-1.2.1/R-package/src/xgboost_R.h
Examining data/xgboost-1.2.1/R-package/src/xgboost_assert.c
Examining data/xgboost-1.2.1/R-package/src/xgboost_custom.cc
Examining data/xgboost-1.2.1/amalgamation/dmlc-minimum0.cc
Examining data/xgboost-1.2.1/amalgamation/xgboost-all0.cc
Examining data/xgboost-1.2.1/demo/c-api/c-api-demo.c
Examining data/xgboost-1.2.1/include/xgboost/base.h
Examining data/xgboost-1.2.1/include/xgboost/c_api.h
Examining data/xgboost-1.2.1/include/xgboost/data.h
Examining data/xgboost-1.2.1/include/xgboost/feature_map.h
Examining data/xgboost-1.2.1/include/xgboost/gbm.h
Examining data/xgboost-1.2.1/include/xgboost/generic_parameters.h
Examining data/xgboost-1.2.1/include/xgboost/host_device_vector.h
Examining data/xgboost-1.2.1/include/xgboost/json.h
Examining data/xgboost-1.2.1/include/xgboost/json_io.h
Examining data/xgboost-1.2.1/include/xgboost/learner.h
Examining data/xgboost-1.2.1/include/xgboost/linear_updater.h
Examining data/xgboost-1.2.1/include/xgboost/logging.h
Examining data/xgboost-1.2.1/include/xgboost/metric.h
Examining data/xgboost-1.2.1/include/xgboost/model.h
Examining data/xgboost-1.2.1/include/xgboost/objective.h
Examining data/xgboost-1.2.1/include/xgboost/parameter.h
Examining data/xgboost-1.2.1/include/xgboost/predictor.h
Examining data/xgboost-1.2.1/include/xgboost/span.h
Examining data/xgboost-1.2.1/include/xgboost/tree_model.h
Examining data/xgboost-1.2.1/include/xgboost/tree_updater.h
Examining data/xgboost-1.2.1/include/xgboost/version_config.h
Examining data/xgboost-1.2.1/jvm-packages/xgboost4j/src/native/xgboost4j.cpp
Examining data/xgboost-1.2.1/jvm-packages/xgboost4j/src/native/xgboost4j.h
Examining data/xgboost-1.2.1/plugin/dense_parser/dense_libsvm.cc
Examining data/xgboost-1.2.1/plugin/example/custom_obj.cc
Examining data/xgboost-1.2.1/plugin/lz4/sparse_page_lz4_format.cc
Examining data/xgboost-1.2.1/src/c_api/c_api.cc
Examining data/xgboost-1.2.1/src/c_api/c_api_error.cc
Examining data/xgboost-1.2.1/src/c_api/c_api_error.h
Examining data/xgboost-1.2.1/src/cli_main.cc
Examining data/xgboost-1.2.1/src/common/base64.h
Examining data/xgboost-1.2.1/src/common/bitfield.h
Examining data/xgboost-1.2.1/src/common/charconv.cc
Examining data/xgboost-1.2.1/src/common/charconv.h
Examining data/xgboost-1.2.1/src/common/column_matrix.h
Examining data/xgboost-1.2.1/src/common/common.cc
Examining data/xgboost-1.2.1/src/common/common.h
Examining data/xgboost-1.2.1/src/common/compressed_iterator.h
Examining data/xgboost-1.2.1/src/common/config.h
Examining data/xgboost-1.2.1/src/common/group_data.h
Examining data/xgboost-1.2.1/src/common/hist_util.cc
Examining data/xgboost-1.2.1/src/common/hist_util.h
Examining data/xgboost-1.2.1/src/common/host_device_vector.cc
Examining data/xgboost-1.2.1/src/common/io.cc
Examining data/xgboost-1.2.1/src/common/io.h
Examining data/xgboost-1.2.1/src/common/json.cc
Examining data/xgboost-1.2.1/src/common/math.h
Examining data/xgboost-1.2.1/src/common/observer.h
Examining data/xgboost-1.2.1/src/common/probability_distribution.h
Examining data/xgboost-1.2.1/src/common/quantile.h
Examining data/xgboost-1.2.1/src/common/random.h
Examining data/xgboost-1.2.1/src/common/row_set.h
Examining data/xgboost-1.2.1/src/common/survival_util.cc
Examining data/xgboost-1.2.1/src/common/survival_util.h
Examining data/xgboost-1.2.1/src/common/threading_utils.h
Examining data/xgboost-1.2.1/src/common/timer.cc
Examining data/xgboost-1.2.1/src/common/timer.h
Examining data/xgboost-1.2.1/src/common/transform.h
Examining data/xgboost-1.2.1/src/common/version.cc
Examining data/xgboost-1.2.1/src/common/version.h
Examining data/xgboost-1.2.1/src/data/adapter.h
Examining data/xgboost-1.2.1/src/data/array_interface.h
Examining data/xgboost-1.2.1/src/data/data.cc
Examining data/xgboost-1.2.1/src/data/ellpack_page.cc
Examining data/xgboost-1.2.1/src/data/ellpack_page_source.cc
Examining data/xgboost-1.2.1/src/data/ellpack_page_source.h
Examining data/xgboost-1.2.1/src/data/iterative_device_dmatrix.h
Examining data/xgboost-1.2.1/src/data/proxy_dmatrix.h
Examining data/xgboost-1.2.1/src/data/simple_batch_iterator.h
Examining data/xgboost-1.2.1/src/data/simple_dmatrix.cc
Examining data/xgboost-1.2.1/src/data/simple_dmatrix.h
Examining data/xgboost-1.2.1/src/data/sparse_page_dmatrix.cc
Examining data/xgboost-1.2.1/src/data/sparse_page_dmatrix.h
Examining data/xgboost-1.2.1/src/data/sparse_page_raw_format.cc
Examining data/xgboost-1.2.1/src/data/sparse_page_source.h
Examining data/xgboost-1.2.1/src/data/sparse_page_writer.h
Examining data/xgboost-1.2.1/src/gbm/gblinear.cc
Examining data/xgboost-1.2.1/src/gbm/gblinear_model.cc
Examining data/xgboost-1.2.1/src/gbm/gblinear_model.h
Examining data/xgboost-1.2.1/src/gbm/gbm.cc
Examining data/xgboost-1.2.1/src/gbm/gbtree.cc
Examining data/xgboost-1.2.1/src/gbm/gbtree.h
Examining data/xgboost-1.2.1/src/gbm/gbtree_model.cc
Examining data/xgboost-1.2.1/src/gbm/gbtree_model.h
Examining data/xgboost-1.2.1/src/learner.cc
Examining data/xgboost-1.2.1/src/linear/coordinate_common.h
Examining data/xgboost-1.2.1/src/linear/linear_updater.cc
Examining data/xgboost-1.2.1/src/linear/param.h
Examining data/xgboost-1.2.1/src/linear/updater_coordinate.cc
Examining data/xgboost-1.2.1/src/linear/updater_shotgun.cc
Examining data/xgboost-1.2.1/src/logging.cc
Examining data/xgboost-1.2.1/src/metric/elementwise_metric.cc
Examining data/xgboost-1.2.1/src/metric/metric.cc
Examining data/xgboost-1.2.1/src/metric/metric_common.h
Examining data/xgboost-1.2.1/src/metric/multiclass_metric.cc
Examining data/xgboost-1.2.1/src/metric/rank_metric.cc
Examining data/xgboost-1.2.1/src/metric/survival_metric.cc
Examining data/xgboost-1.2.1/src/objective/aft_obj.cc
Examining data/xgboost-1.2.1/src/objective/hinge.cc
Examining data/xgboost-1.2.1/src/objective/multiclass_obj.cc
Examining data/xgboost-1.2.1/src/objective/objective.cc
Examining data/xgboost-1.2.1/src/objective/rank_obj.cc
Examining data/xgboost-1.2.1/src/objective/regression_loss.h
Examining data/xgboost-1.2.1/src/objective/regression_obj.cc
Examining data/xgboost-1.2.1/src/predictor/cpu_predictor.cc
Examining data/xgboost-1.2.1/src/predictor/predictor.cc
Examining data/xgboost-1.2.1/src/tree/constraints.cc
Examining data/xgboost-1.2.1/src/tree/constraints.h
Examining data/xgboost-1.2.1/src/tree/param.cc
Examining data/xgboost-1.2.1/src/tree/param.h
Examining data/xgboost-1.2.1/src/tree/split_evaluator.cc
Examining data/xgboost-1.2.1/src/tree/split_evaluator.h
Examining data/xgboost-1.2.1/src/tree/tree_model.cc
Examining data/xgboost-1.2.1/src/tree/tree_updater.cc
Examining data/xgboost-1.2.1/src/tree/updater_basemaker-inl.h
Examining data/xgboost-1.2.1/src/tree/updater_colmaker.cc
Examining data/xgboost-1.2.1/src/tree/updater_histmaker.cc
Examining data/xgboost-1.2.1/src/tree/updater_prune.cc
Examining data/xgboost-1.2.1/src/tree/updater_quantile_hist.cc
Examining data/xgboost-1.2.1/src/tree/updater_quantile_hist.h
Examining data/xgboost-1.2.1/src/tree/updater_refresh.cc
Examining data/xgboost-1.2.1/src/tree/updater_skmaker.cc
Examining data/xgboost-1.2.1/src/tree/updater_sync.cc
Examining data/xgboost-1.2.1/tests/ci_build/test_tidy.cc
Examining data/xgboost-1.2.1/tests/cpp/c_api/test_c_api.cc
Examining data/xgboost-1.2.1/tests/cpp/common/test_bitfield.cc
Examining data/xgboost-1.2.1/tests/cpp/common/test_charconv.cc
Examining data/xgboost-1.2.1/tests/cpp/common/test_column_matrix.cc
Examining data/xgboost-1.2.1/tests/cpp/common/test_compressed_iterator.cc
Examining data/xgboost-1.2.1/tests/cpp/common/test_config.cc
Examining data/xgboost-1.2.1/tests/cpp/common/test_group_data.cc
Examining data/xgboost-1.2.1/tests/cpp/common/test_hist_util.cc
Examining data/xgboost-1.2.1/tests/cpp/common/test_hist_util.h
Examining data/xgboost-1.2.1/tests/cpp/common/test_io.cc
Examining data/xgboost-1.2.1/tests/cpp/common/test_json.cc
Examining data/xgboost-1.2.1/tests/cpp/common/test_monitor.cc
Examining data/xgboost-1.2.1/tests/cpp/common/test_parameter.cc
Examining data/xgboost-1.2.1/tests/cpp/common/test_partition_builder.cc
Examining data/xgboost-1.2.1/tests/cpp/common/test_probability_distribution.cc
Examining data/xgboost-1.2.1/tests/cpp/common/test_random.cc
Examining data/xgboost-1.2.1/tests/cpp/common/test_span.cc
Examining data/xgboost-1.2.1/tests/cpp/common/test_span.h
Examining data/xgboost-1.2.1/tests/cpp/common/test_survival_util.cc
Examining data/xgboost-1.2.1/tests/cpp/common/test_threading_utils.cc
Examining data/xgboost-1.2.1/tests/cpp/common/test_transform_range.cc
Examining data/xgboost-1.2.1/tests/cpp/common/test_version.cc
Examining data/xgboost-1.2.1/tests/cpp/data/test_adapter.cc
Examining data/xgboost-1.2.1/tests/cpp/data/test_array_interface.cc
Examining data/xgboost-1.2.1/tests/cpp/data/test_array_interface.h
Examining data/xgboost-1.2.1/tests/cpp/data/test_data.cc
Examining data/xgboost-1.2.1/tests/cpp/data/test_metainfo.cc
Examining data/xgboost-1.2.1/tests/cpp/data/test_simple_dmatrix.cc
Examining data/xgboost-1.2.1/tests/cpp/data/test_sparse_page_dmatrix.cc
Examining data/xgboost-1.2.1/tests/cpp/gbm/test_gblinear.cc
Examining data/xgboost-1.2.1/tests/cpp/gbm/test_gbtree.cc
Examining data/xgboost-1.2.1/tests/cpp/helpers.cc
Examining data/xgboost-1.2.1/tests/cpp/helpers.h
Examining data/xgboost-1.2.1/tests/cpp/histogram_helpers.h
Examining data/xgboost-1.2.1/tests/cpp/linear/test_json_io.h
Examining data/xgboost-1.2.1/tests/cpp/linear/test_linear.cc
Examining data/xgboost-1.2.1/tests/cpp/metric/test_elementwise_metric.cc
Examining data/xgboost-1.2.1/tests/cpp/metric/test_metric.cc
Examining data/xgboost-1.2.1/tests/cpp/metric/test_multiclass_metric.cc
Examining data/xgboost-1.2.1/tests/cpp/metric/test_rank_metric.cc
Examining data/xgboost-1.2.1/tests/cpp/metric/test_survival_metric.cc
Examining data/xgboost-1.2.1/tests/cpp/objective/test_aft_obj.cc
Examining data/xgboost-1.2.1/tests/cpp/objective/test_hinge.cc
Examining data/xgboost-1.2.1/tests/cpp/objective/test_multiclass_obj.cc
Examining data/xgboost-1.2.1/tests/cpp/objective/test_objective.cc
Examining data/xgboost-1.2.1/tests/cpp/objective/test_ranking_obj.cc
Examining data/xgboost-1.2.1/tests/cpp/objective/test_regression_obj.cc
Examining data/xgboost-1.2.1/tests/cpp/plugin/test_example_objective.cc
Examining data/xgboost-1.2.1/tests/cpp/predictor/test_cpu_predictor.cc
Examining data/xgboost-1.2.1/tests/cpp/predictor/test_predictor.cc
Examining data/xgboost-1.2.1/tests/cpp/predictor/test_predictor.h
Examining data/xgboost-1.2.1/tests/cpp/test_helpers.cc
Examining data/xgboost-1.2.1/tests/cpp/test_learner.cc
Examining data/xgboost-1.2.1/tests/cpp/test_logging.cc
Examining data/xgboost-1.2.1/tests/cpp/test_main.cc
Examining data/xgboost-1.2.1/tests/cpp/test_serialization.cc
Examining data/xgboost-1.2.1/tests/cpp/tree/test_constraints.cc
Examining data/xgboost-1.2.1/tests/cpp/tree/test_histmaker.cc
Examining data/xgboost-1.2.1/tests/cpp/tree/test_param.cc
Examining data/xgboost-1.2.1/tests/cpp/tree/test_prune.cc
Examining data/xgboost-1.2.1/tests/cpp/tree/test_quantile_hist.cc
Examining data/xgboost-1.2.1/tests/cpp/tree/test_refresh.cc
Examining data/xgboost-1.2.1/tests/cpp/tree/test_tree_model.cc
Examining data/xgboost-1.2.1/tests/cpp/tree/test_tree_stat.cc
FINAL RESULTS:
data/xgboost-1.2.1/R-package/src/xgboost_assert.c:12:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, args);
data/xgboost-1.2.1/R-package/src/xgboost_assert.c:22:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, fmt, args);
data/xgboost-1.2.1/src/cli_main.cc:469:11: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(argv[i], "%[^=]=%s", name, val) == 2) {
data/xgboost-1.2.1/src/tree/param.cc:29:10: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
is.setstate(std::ios::failbit);
data/xgboost-1.2.1/src/tree/param.cc:75:10: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
is.setstate(std::ios::failbit);
data/xgboost-1.2.1/tests/cpp/common/test_compressed_iterator.cc:13:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(9);
data/xgboost-1.2.1/R-package/src/xgboost_R.cc:349:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RAW(ret), raw, olen);
data/xgboost-1.2.1/R-package/src/xgboost_R.cc:391:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RAW(ret), raw, out_len);
data/xgboost-1.2.1/R-package/src/xgboost_assert.c:8:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/xgboost-1.2.1/R-package/src/xgboost_assert.c:18:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/xgboost-1.2.1/plugin/dense_parser/dense_libsvm.cc:81:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint32_t(atoi(args.at("num_col").c_str())));
data/xgboost-1.2.1/src/cli_main.cc:135:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char evname[256];
data/xgboost-1.2.1/src/cli_main.cc:468:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256], val[256];
data/xgboost-1.2.1/src/common/base64.h:197:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf_prev[2];
data/xgboost-1.2.1/src/common/base64.h:255:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/xgboost-1.2.1/src/common/charconv.cc:59:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static constexpr char kItoaLut[200] = {
data/xgboost-1.2.1/src/common/charconv.cc:90:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&t, &from, sizeof(To));
data/xgboost-1.2.1/src/common/charconv.cc:603:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(result + index + out_length - i - 1, kItoaLut + c0, 2);
data/xgboost-1.2.1/src/common/charconv.cc:604:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(result + index + out_length - i - 3, kItoaLut + c1, 2);
data/xgboost-1.2.1/src/common/charconv.cc:610:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(result + index + out_length - i - 1, kItoaLut + c, 2);
data/xgboost-1.2.1/src/common/charconv.cc:640:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(result + index, kItoaLut + 2 * exp, 2);
data/xgboost-1.2.1/src/common/charconv.cc:652:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(result, u8"NaN", 3);
data/xgboost-1.2.1/src/common/charconv.cc:659:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(result + sign, u8"Infinity", 8);
data/xgboost-1.2.1/src/common/charconv.cc:662:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(result + sign, u8"0E0", 3);
data/xgboost-1.2.1/src/common/io.cc:26:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dptr, dmlc::BeginPtr(buffer_) + buffer_ptr_, nbuffer);
data/xgboost-1.2.1/src/common/io.cc:31:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dptr, dmlc::BeginPtr(buffer_) + buffer_ptr_, size);
data/xgboost-1.2.1/src/common/io.cc:45:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dptr, dmlc::BeginPtr(buffer_), buffer_.length());
data/xgboost-1.2.1/src/common/io.cc:48:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dptr, dmlc::BeginPtr(buffer_) + buffer_ptr_, size);
data/xgboost-1.2.1/src/common/json.cc:59:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[NumericLimits<float>::kToCharsSize];
data/xgboost-1.2.1/src/common/json.cc:64:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(stream_->data() + ori_size, number, end - number);
data/xgboost-1.2.1/src/common/json.cc:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char i2s_buffer_[NumericLimits<int64_t>::kToCharsSize];
data/xgboost-1.2.1/src/common/json.cc:76:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(stream_->data() + ori_size, i2s_buffer_, digits);
data/xgboost-1.2.1/src/common/json.cc:115:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/xgboost-1.2.1/src/common/json.cc:126:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(stream_->data() + s, buffer.data(), buffer.size());
data/xgboost-1.2.1/src/common/quantile.h:167:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(data, src.data, sizeof(Entry) * size);
data/xgboost-1.2.1/src/common/timer.h:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[255];
data/xgboost-1.2.1/src/data/array_interface.h:346:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[3];
data/xgboost-1.2.1/src/data/data.cc:799:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dmlc::BeginPtr(data_vec) + top,
data/xgboost-1.2.1/src/data/data.cc:914:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dmlc::BeginPtr(data)+beg,
data/xgboost-1.2.1/src/data/data.cc:922:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(dmlc::BeginPtr(data)+beg,
data/xgboost-1.2.1/src/learner.cc:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char floats[NumericLimits<float>::kToCharsSize];
data/xgboost-1.2.1/src/learner.cc:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char integers[NumericLimits<int64_t>::kToCharsSize];
data/xgboost-1.2.1/src/learner.cc:563:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(cfg_["num_class"].c_str()) > 1 && cfg_.count("objective") == 0) {
data/xgboost-1.2.1/tests/cpp/c_api/test_c_api.cc:97:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const* out[1];
data/xgboost-1.2.1/tests/cpp/common/test_charconv.cc:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[xgboost::NumericLimits<int64_t>::kToCharsSize];
data/xgboost-1.2.1/tests/cpp/common/test_charconv.cc:39:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&f, &bits, sizeof(float));
data/xgboost-1.2.1/tests/cpp/common/test_charconv.cc:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[xgboost::NumericLimits<float>::kToCharsSize];
data/xgboost-1.2.1/tests/cpp/common/test_charconv.cc:137:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[NumericLimits<float>::kToCharsSize] { 0 };
data/xgboost-1.2.1/tests/cpp/common/test_io.cc:74:30: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
dmlc::Stream::Create(tmpfile.c_str(), "w"));
data/xgboost-1.2.1/tests/cpp/common/test_io.cc:78:36: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
auto loaded = LoadSequentialFile(tmpfile, true);
data/xgboost-1.2.1/src/c_api/c_api.cc:758:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(fmap) != 0) {
data/xgboost-1.2.1/src/common/io.cc:60:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
total = read;
data/xgboost-1.2.1/src/common/io.cc:61:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < size) {
data/xgboost-1.2.1/src/common/io.cc:71:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
pointer_ += read;
data/xgboost-1.2.1/src/common/io.cc:72:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/xgboost-1.2.1/src/common/io.cc:122:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ifs.read(&buffer[0], file_size);
data/xgboost-1.2.1/src/common/io.cc:136:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
total += read;
data/xgboost-1.2.1/src/common/io.cc:137:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < size) {
data/xgboost-1.2.1/src/common/json.cc:250:15: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return std::equal(arr.cbegin(), arr.cend(), vec_.cbegin());
data/xgboost-1.2.1/src/common/version.cc:43:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::string verstr { u8"version:" }, read;
data/xgboost-1.2.1/src/common/version.cc:44:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read.resize(verstr.size(), 0);
data/xgboost-1.2.1/src/common/version.cc:46:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CHECK_EQ(fi->Read(&read[0], verstr.size()), verstr.size()) << msg;
data/xgboost-1.2.1/src/common/version.cc:47:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (verstr != read) {
data/xgboost-1.2.1/src/learner.cc:463:19: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
std::equal(postfix.rbegin(), postfix.rend(), key.rbegin());
data/xgboost-1.2.1/src/learner.cc:733:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!std::equal(multi.cbegin(), multi.cend(), tparam_.objective.cbegin())) {
data/xgboost-1.2.1/src/metric/rank_metric.cc:363:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (param[strlen(param) - 1] == '-') {
data/xgboost-1.2.1/tests/cpp/common/test_span.cc:232:19: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool res = std::equal(vec.begin(), vec.end(), s.begin());
data/xgboost-1.2.1/tests/cpp/common/test_transform_range.cc:58:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
ASSERT_TRUE(std::equal(h_sol.begin(), h_sol.end(), res.begin()));
ANALYSIS SUMMARY:
Hits = 68
Lines analyzed = 44977 in approximately 1.19 seconds (37794 lines/second)
Physical Source Lines of Code (SLOC) = 33322
Hits@level = [0] 15 [1] 18 [2] 44 [3] 3 [4] 3 [5] 0
Hits@level+ = [0+] 83 [1+] 68 [2+] 50 [3+] 6 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 2.49085 [1+] 2.04069 [2+] 1.50051 [3+] 0.180061 [4+] 0.0900306 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.