Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/zipios++-2.2.6/src/backbuffer.cpp
Examining data/zipios++-2.2.6/src/backbuffer.hpp
Examining data/zipios++-2.2.6/src/collectioncollection.cpp
Examining data/zipios++-2.2.6/src/deflateoutputstreambuf.cpp
Examining data/zipios++-2.2.6/src/deflateoutputstreambuf.hpp
Examining data/zipios++-2.2.6/src/directorycollection.cpp
Examining data/zipios++-2.2.6/src/directoryentry.cpp
Examining data/zipios++-2.2.6/src/dosdatetime.cpp
Examining data/zipios++-2.2.6/src/filecollection.cpp
Examining data/zipios++-2.2.6/src/fileentry.cpp
Examining data/zipios++-2.2.6/src/filepath.cpp
Examining data/zipios++-2.2.6/src/filterinputstreambuf.cpp
Examining data/zipios++-2.2.6/src/filterinputstreambuf.hpp
Examining data/zipios++-2.2.6/src/filteroutputstreambuf.cpp
Examining data/zipios++-2.2.6/src/filteroutputstreambuf.hpp
Examining data/zipios++-2.2.6/src/gzipoutputstream.cpp
Examining data/zipios++-2.2.6/src/gzipoutputstream.hpp
Examining data/zipios++-2.2.6/src/gzipoutputstreambuf.cpp
Examining data/zipios++-2.2.6/src/gzipoutputstreambuf.hpp
Examining data/zipios++-2.2.6/src/inflateinputstreambuf.cpp
Examining data/zipios++-2.2.6/src/inflateinputstreambuf.hpp
Examining data/zipios++-2.2.6/src/virtualseeker.cpp
Examining data/zipios++-2.2.6/src/zipcentraldirectoryentry.cpp
Examining data/zipios++-2.2.6/src/zipcentraldirectoryentry.hpp
Examining data/zipios++-2.2.6/src/zipendofcentraldirectory.cpp
Examining data/zipios++-2.2.6/src/zipendofcentraldirectory.hpp
Examining data/zipios++-2.2.6/src/zipfile.cpp
Examining data/zipios++-2.2.6/src/zipinputstream.cpp
Examining data/zipios++-2.2.6/src/zipinputstream.hpp
Examining data/zipios++-2.2.6/src/zipinputstreambuf.cpp
Examining data/zipios++-2.2.6/src/zipinputstreambuf.hpp
Examining data/zipios++-2.2.6/src/zipios_common.cpp
Examining data/zipios++-2.2.6/src/zipios_common.hpp
Examining data/zipios++-2.2.6/src/ziplocalentry.cpp
Examining data/zipios++-2.2.6/src/ziplocalentry.hpp
Examining data/zipios++-2.2.6/src/zipoutputstream.cpp
Examining data/zipios++-2.2.6/src/zipoutputstream.hpp
Examining data/zipios++-2.2.6/src/zipoutputstreambuf.cpp
Examining data/zipios++-2.2.6/src/zipoutputstreambuf.hpp
Examining data/zipios++-2.2.6/tests/backbuffer.cpp
Examining data/zipios++-2.2.6/tests/collectioncollection.cpp
Examining data/zipios++-2.2.6/tests/common.cpp
Examining data/zipios++-2.2.6/tests/directory_helper.cpp
Examining data/zipios++-2.2.6/tests/directorycollection.cpp
Examining data/zipios++-2.2.6/tests/directoryentry.cpp
Examining data/zipios++-2.2.6/tests/dosdatetime.cpp
Examining data/zipios++-2.2.6/tests/filepath.cpp
Examining data/zipios++-2.2.6/tests/raii_helper.cpp
Examining data/zipios++-2.2.6/tests/stream.cpp
Examining data/zipios++-2.2.6/tests/tests.cpp
Examining data/zipios++-2.2.6/tests/tests.hpp
Examining data/zipios++-2.2.6/tests/virtualseeker.cpp
Examining data/zipios++-2.2.6/tests/zipfile.cpp
Examining data/zipios++-2.2.6/tools/appendzip.cpp
Examining data/zipios++-2.2.6/tools/dosdatetime.cpp
Examining data/zipios++-2.2.6/tools/zipios.cpp
Examining data/zipios++-2.2.6/tools/zipios_example.cpp
Examining data/zipios++-2.2.6/zipios/collectioncollection.hpp
Examining data/zipios++-2.2.6/zipios/directorycollection.hpp
Examining data/zipios++-2.2.6/zipios/directoryentry.hpp
Examining data/zipios++-2.2.6/zipios/dosdatetime.hpp
Examining data/zipios++-2.2.6/zipios/filecollection.hpp
Examining data/zipios++-2.2.6/zipios/fileentry.hpp
Examining data/zipios++-2.2.6/zipios/filepath.hpp
Examining data/zipios++-2.2.6/zipios/virtualseeker.hpp
Examining data/zipios++-2.2.6/zipios/zipfile.hpp
Examining data/zipios++-2.2.6/zipios/zipiosexceptions.hpp
Examining data/zipios++-2.2.6/debian/zipios-config.h
FINAL RESULTS:
data/zipios++-2.2.6/tests/collectioncollection.cpp:109:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
REQUIRE(system("rm -rf tree") != -1); // clean up, just in case
data/zipios++-2.2.6/tests/collectioncollection.cpp:547:21: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
REQUIRE(system("rm -rf tree[1-5]")!=-1); // clean up, just in case
data/zipios++-2.2.6/tests/directorycollection.cpp:238:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
REQUIRE(system("rm -rf tree") == 0); // clean up, just in case
data/zipios++-2.2.6/tests/directorycollection.cpp:904:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
REQUIRE(system("rm -rf tree") == 0); // clean up, just in case
data/zipios++-2.2.6/tests/directorycollection.cpp:923:13: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
REQUIRE(system("rm -rf tree") == 0); // clean up, just in case
data/zipios++-2.2.6/tests/directoryentry.cpp:1262:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
REQUIRE(system("rm -rf filepath-test") == 0);
data/zipios++-2.2.6/tests/filepath.cpp:627:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
REQUIRE(system("rm -rf filepath-test") == 0);
data/zipios++-2.2.6/tests/zipfile.cpp:150:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
REQUIRE(system("rm -rf tree") == 0); // clean up, just in case
data/zipios++-2.2.6/tests/zipfile.cpp:154:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
REQUIRE(system("zip -r tree.zip tree >/dev/null") == 0);
data/zipios++-2.2.6/tests/zipfile.cpp:398:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
REQUIRE(system("rm -rf tree tree.zip") == 0); // clean up, just in case
data/zipios++-2.2.6/tests/zipfile.cpp:634:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
REQUIRE(system("rm -f file.bin") == 0); // clean up, just in case
data/zipios++-2.2.6/tests/zipfile.cpp:829:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
REQUIRE(system("rm -f file.bin") == 0); // clean up, just in case
data/zipios++-2.2.6/tests/zipfile.cpp:867:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
REQUIRE(system("rm -f file.bin") == 0); // clean up, just in case
data/zipios++-2.2.6/tests/zipfile.cpp:907:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
REQUIRE(system("rm -f file.zip file?.bin") == 0); // clean up, just in case
data/zipios++-2.2.6/src/zipcentraldirectoryentry.cpp:244:12: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
is.setstate(std::ios::failbit);
data/zipios++-2.2.6/src/zipfile.cpp:543:12: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
os.setstate(std::ios::failbit);
data/zipios++-2.2.6/src/ziplocalentry.cpp:349:12: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
is.setstate(std::ios::failbit);
data/zipios++-2.2.6/tests/common.cpp:896:16: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
os.setstate(std::ios::failbit);
data/zipios++-2.2.6/tests/common.cpp:912:16: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
os.setstate(std::ios::failbit);
data/zipios++-2.2.6/tests/common.cpp:928:16: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
os.setstate(std::ios::failbit);
data/zipios++-2.2.6/tests/common.cpp:944:16: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
os.setstate(std::ios::failbit);
data/zipios++-2.2.6/tests/common.cpp:960:16: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
os.setstate(std::ios::failbit);
data/zipios++-2.2.6/tests/tests.cpp:89:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/zipios++-2.2.6/src/zipios_common.cpp:76:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[sizeof(value)];
data/zipios++-2.2.6/src/zipios_common.cpp:97:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[sizeof(value)];
data/zipios++-2.2.6/src/zipios_common.cpp:116:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[sizeof(value)];
data/zipios++-2.2.6/src/zipios_common.cpp:239:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(value)];
data/zipios++-2.2.6/src/zipios_common.cpp:255:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(value)];
data/zipios++-2.2.6/src/zipios_common.cpp:269:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[sizeof(value)];
data/zipios++-2.2.6/tests/collectioncollection.cpp:188:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[BUFSIZ], buf2[BUFSIZ];
data/zipios++-2.2.6/tests/collectioncollection.cpp:291:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[BUFSIZ], buf2[BUFSIZ];
data/zipios++-2.2.6/tests/collectioncollection.cpp:388:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[BUFSIZ], buf2[BUFSIZ];
data/zipios++-2.2.6/tests/collectioncollection.cpp:485:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[BUFSIZ], buf2[BUFSIZ];
data/zipios++-2.2.6/tests/collectioncollection.cpp:648:37: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[BUFSIZ], buf2[BUFSIZ];
data/zipios++-2.2.6/tests/collectioncollection.cpp:754:41: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[BUFSIZ], buf2[BUFSIZ];
data/zipios++-2.2.6/tests/common.cpp:668:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/zipios++-2.2.6/tests/common.cpp:700:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/zipios++-2.2.6/tests/common.cpp:732:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/zipios++-2.2.6/tests/common.cpp:765:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[6];
data/zipios++-2.2.6/tests/common.cpp:796:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[7];
data/zipios++-2.2.6/tests/common.cpp:836:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[13];
data/zipios++-2.2.6/tests/common.cpp:874:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[9];
data/zipios++-2.2.6/tests/directory_helper.cpp:43:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const g_letters[66]{
data/zipios++-2.2.6/tests/directorycollection.cpp:538:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[BUFSIZ], buf2[BUFSIZ];
data/zipios++-2.2.6/tests/directorycollection.cpp:863:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[BUFSIZ], buf2[BUFSIZ];
data/zipios++-2.2.6/tests/virtualseeker.cpp:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/zipios++-2.2.6/tests/zipfile.cpp:237:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[BUFSIZ], buf2[BUFSIZ];
data/zipios++-2.2.6/tests/zipfile.cpp:351:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[BUFSIZ], buf2[BUFSIZ];
data/zipios++-2.2.6/tests/zipfile.cpp:491:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[BUFSIZ], buf2[BUFSIZ];
data/zipios++-2.2.6/tests/zipfile.cpp:604:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[BUFSIZ], buf2[BUFSIZ];
data/zipios++-2.2.6/tests/zipfile.cpp:718:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[BUFSIZ], buf2[BUFSIZ];
data/zipios++-2.2.6/tests/zipfile.cpp:1639:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/zipios++-2.2.6/tools/dosdatetime.cpp:151:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/zipios++-2.2.6/tools/dosdatetime.cpp:154:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "- -");
data/zipios++-2.2.6/src/fileentry.cpp:732:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void FileEntry::read(std::istream& is)
data/zipios++-2.2.6/src/zipcentraldirectoryentry.cpp:235:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void ZipCentralDirectoryEntry::read(std::istream& is)
data/zipios++-2.2.6/src/zipcentraldirectoryentry.hpp:53:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void read(std::istream& is) override;
data/zipios++-2.2.6/src/zipendofcentraldirectory.cpp:228:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool ZipEndOfCentralDirectory::read(::zipios::buffer_t const& buf, size_t pos)
data/zipios++-2.2.6/src/zipendofcentraldirectory.hpp:57:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(::zipios::buffer_t const& buf, size_t pos);
data/zipios++-2.2.6/src/zipfile.cpp:371:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(eocd.read(bb, read_p))
data/zipios++-2.2.6/src/zipfile.cpp:392:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_entries[entry_num].get()->read(zipfile);
data/zipios++-2.2.6/src/zipfile.cpp:418:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
zlh.read(zipfile);
data/zipios++-2.2.6/src/zipinputstreambuf.cpp:65:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
m_current_entry.read(is);
data/zipios++-2.2.6/src/zipios_common.cpp:78:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!is.read(reinterpret_cast<char *>(buf), sizeof(value)))
data/zipios++-2.2.6/src/zipios_common.cpp:99:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!is.read(reinterpret_cast<char *>(buf), sizeof(value)))
data/zipios++-2.2.6/src/zipios_common.cpp:118:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!is.read(reinterpret_cast<char *>(buf), sizeof(value)))
data/zipios++-2.2.6/src/zipios_common.cpp:137:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!is.read(reinterpret_cast<char *>(&buffer[0]), count))
data/zipios++-2.2.6/src/zipios_common.cpp:154:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!is.read(reinterpret_cast<char *>(&str[0]), count))
data/zipios++-2.2.6/src/ziplocalentry.cpp:335:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void ZipLocalEntry::read(std::istream& is)
data/zipios++-2.2.6/src/ziplocalentry.hpp:62:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void read(std::istream& is) override;
data/zipios++-2.2.6/tests/collectioncollection.cpp:190:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(buf1, sizeof(buf1));
data/zipios++-2.2.6/tests/collectioncollection.cpp:193:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is->read(buf2, sizeof(buf2));
data/zipios++-2.2.6/tests/collectioncollection.cpp:293:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(buf1, sizeof(buf1));
data/zipios++-2.2.6/tests/collectioncollection.cpp:296:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is->read(buf2, sizeof(buf2));
data/zipios++-2.2.6/tests/collectioncollection.cpp:390:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(buf1, sizeof(buf1));
data/zipios++-2.2.6/tests/collectioncollection.cpp:393:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is->read(buf2, sizeof(buf2));
data/zipios++-2.2.6/tests/collectioncollection.cpp:487:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(buf1, sizeof(buf1));
data/zipios++-2.2.6/tests/collectioncollection.cpp:490:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is->read(buf2, sizeof(buf2));
data/zipios++-2.2.6/tests/collectioncollection.cpp:650:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(buf1, sizeof(buf1));
data/zipios++-2.2.6/tests/collectioncollection.cpp:653:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is->read(buf2, sizeof(buf2));
data/zipios++-2.2.6/tests/collectioncollection.cpp:756:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(buf1, sizeof(buf1));
data/zipios++-2.2.6/tests/collectioncollection.cpp:759:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is->read(buf2, sizeof(buf2));
data/zipios++-2.2.6/tests/common.cpp:669:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(buf, 8);
data/zipios++-2.2.6/tests/common.cpp:701:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(buf, 8);
data/zipios++-2.2.6/tests/common.cpp:733:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(buf, 10);
data/zipios++-2.2.6/tests/common.cpp:766:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(buf, 6);
data/zipios++-2.2.6/tests/common.cpp:797:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(buf, 7);
data/zipios++-2.2.6/tests/common.cpp:837:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(buf, 13);
data/zipios++-2.2.6/tests/common.cpp:875:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(buf, 9);
data/zipios++-2.2.6/tests/directorycollection.cpp:304:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE_THROWS_AS((*it)->read(std::cin), zipios::IOException &);
data/zipios++-2.2.6/tests/directorycollection.cpp:367:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE_THROWS_AS((*it)->read(std::cin), zipios::IOException &);
data/zipios++-2.2.6/tests/directorycollection.cpp:426:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE_THROWS_AS((*it)->read(std::cin), zipios::IOException &);
data/zipios++-2.2.6/tests/directorycollection.cpp:485:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE_THROWS_AS((*it)->read(std::cin), zipios::IOException &);
data/zipios++-2.2.6/tests/directorycollection.cpp:540:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(buf1, sizeof(buf1));
data/zipios++-2.2.6/tests/directorycollection.cpp:543:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is->read(buf2, sizeof(buf2));
data/zipios++-2.2.6/tests/directorycollection.cpp:643:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE_THROWS_AS((*it)->read(std::cin), zipios::IOException &);
data/zipios++-2.2.6/tests/directorycollection.cpp:699:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE_THROWS_AS((*it)->read(std::cin), zipios::IOException &);
data/zipios++-2.2.6/tests/directorycollection.cpp:756:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE_THROWS_AS((*it)->read(std::cin), zipios::IOException &);
data/zipios++-2.2.6/tests/directorycollection.cpp:813:50: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE_THROWS_AS((*it)->read(std::cin), zipios::IOException &);
data/zipios++-2.2.6/tests/directorycollection.cpp:865:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(buf1, sizeof(buf1));
data/zipios++-2.2.6/tests/directorycollection.cpp:868:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is->read(buf2, sizeof(buf2));
data/zipios++-2.2.6/tests/directorycollection.cpp:977:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE_THROWS_AS((*it)->read(std::cin), zipios::IOException &);
data/zipios++-2.2.6/tests/directoryentry.cpp:92:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
REQUIRE_THROWS_AS(de.read(std::cin), zipios::IOException &);
data/zipios++-2.2.6/tests/filepath.cpp:147:38: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
zipios::FilePath equal("/this/file/really/should/not/exist/period.txt");
data/zipios++-2.2.6/tests/filepath.cpp:148:35: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
REQUIRE(fp == equal);
data/zipios++-2.2.6/tests/virtualseeker.cpp:109:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(buf, sz);
data/zipios++-2.2.6/tests/virtualseeker.cpp:137:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(buf, sz2);
data/zipios++-2.2.6/tests/virtualseeker.cpp:167:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(buf, sz);
data/zipios++-2.2.6/tests/virtualseeker.cpp:198:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(buf, sz2);
data/zipios++-2.2.6/tests/virtualseeker.cpp:270:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(buf, sz);
data/zipios++-2.2.6/tests/virtualseeker.cpp:299:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is.read(buf, sz);
data/zipios++-2.2.6/tests/zipfile.cpp:239:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(buf1, sizeof(buf1));
data/zipios++-2.2.6/tests/zipfile.cpp:242:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is->read(buf2, sizeof(buf2));
data/zipios++-2.2.6/tests/zipfile.cpp:353:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(buf1, sizeof(buf1));
data/zipios++-2.2.6/tests/zipfile.cpp:356:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is->read(buf2, sizeof(buf2));
data/zipios++-2.2.6/tests/zipfile.cpp:493:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(buf1, sizeof(buf1));
data/zipios++-2.2.6/tests/zipfile.cpp:496:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is->read(buf2, sizeof(buf2));
data/zipios++-2.2.6/tests/zipfile.cpp:606:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(buf1, sizeof(buf1));
data/zipios++-2.2.6/tests/zipfile.cpp:609:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is->read(buf2, sizeof(buf2));
data/zipios++-2.2.6/tests/zipfile.cpp:720:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(buf1, sizeof(buf1));
data/zipios++-2.2.6/tests/zipfile.cpp:723:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is->read(buf2, sizeof(buf2));
data/zipios++-2.2.6/tests/zipfile.cpp:1640:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in->read(buf, sizeof(buf));
data/zipios++-2.2.6/zipios/fileentry.hpp:128:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void read(std::istream& is);
ANALYSIS SUMMARY:
Hits = 123
Lines analyzed = 19722 in approximately 0.60 seconds (32806 lines/second)
Physical Source Lines of Code (SLOC) = 10133
Hits@level = [0] 0 [1] 69 [2] 31 [3] 9 [4] 14 [5] 0
Hits@level+ = [0+] 123 [1+] 123 [2+] 54 [3+] 23 [4+] 14 [5+] 0
Hits/KSLOC@level+ = [0+] 12.1386 [1+] 12.1386 [2+] 5.32912 [3+] 2.26981 [4+] 1.38162 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.