Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/zthreads-2.3.2/src/AtomicCount.cxx
Examining data/zthreads-2.3.2/src/ConcurrentExecutor.cxx
Examining data/zthreads-2.3.2/src/Condition.cxx
Examining data/zthreads-2.3.2/src/ConditionImpl.h
Examining data/zthreads-2.3.2/src/CountingSemaphore.cxx
Examining data/zthreads-2.3.2/src/Debug.h
Examining data/zthreads-2.3.2/src/DeferredInterruptionScope.h
Examining data/zthreads-2.3.2/src/FastLock.h
Examining data/zthreads-2.3.2/src/FastMutex.cxx
Examining data/zthreads-2.3.2/src/FastRecursiveLock.h
Examining data/zthreads-2.3.2/src/FastRecursiveMutex.cxx
Examining data/zthreads-2.3.2/src/IntrusivePtr.h
Examining data/zthreads-2.3.2/src/Monitor.cxx
Examining data/zthreads-2.3.2/src/Monitor.h
Examining data/zthreads-2.3.2/src/Mutex.cxx
Examining data/zthreads-2.3.2/src/PriorityCondition.cxx
Examining data/zthreads-2.3.2/src/PriorityInheritanceMutex.cxx
Examining data/zthreads-2.3.2/src/PriorityMutex.cxx
Examining data/zthreads-2.3.2/src/PrioritySemaphore.cxx
Examining data/zthreads-2.3.2/src/RecursiveMutex.cxx
Examining data/zthreads-2.3.2/src/RecursiveMutexImpl.cxx
Examining data/zthreads-2.3.2/src/RecursiveMutexImpl.h
Examining data/zthreads-2.3.2/src/Scheduling.h
Examining data/zthreads-2.3.2/src/Semaphore.cxx
Examining data/zthreads-2.3.2/src/SemaphoreImpl.h
Examining data/zthreads-2.3.2/src/State.h
Examining data/zthreads-2.3.2/src/Status.h
Examining data/zthreads-2.3.2/src/SynchronousExecutor.cxx
Examining data/zthreads-2.3.2/src/TSS.h
Examining data/zthreads-2.3.2/src/Thread.cxx
Examining data/zthreads-2.3.2/src/ThreadImpl.cxx
Examining data/zthreads-2.3.2/src/ThreadImpl.h
Examining data/zthreads-2.3.2/src/ThreadLocalImpl.cxx
Examining data/zthreads-2.3.2/src/ThreadOps.cxx
Examining data/zthreads-2.3.2/src/ThreadOps.h
Examining data/zthreads-2.3.2/src/ThreadQueue.cxx
Examining data/zthreads-2.3.2/src/ThreadQueue.h
Examining data/zthreads-2.3.2/src/ThreadedExecutor.cxx
Examining data/zthreads-2.3.2/src/Time.cxx
Examining data/zthreads-2.3.2/src/TimeStrategy.h
Examining data/zthreads-2.3.2/src/linux/AtomicCount.cxx
Examining data/zthreads-2.3.2/src/linux/AtomicFastLock.h
Examining data/zthreads-2.3.2/src/linux/FastRecursiveLock.h
Examining data/zthreads-2.3.2/src/macos/FastLock.h
Examining data/zthreads-2.3.2/src/macos/Monitor.cxx
Examining data/zthreads-2.3.2/src/macos/Monitor.h
Examining data/zthreads-2.3.2/src/macos/TSS.h
Examining data/zthreads-2.3.2/src/macos/ThreadOps.cxx
Examining data/zthreads-2.3.2/src/macos/ThreadOps.h
Examining data/zthreads-2.3.2/src/macos/UpTimeStrategy.h
Examining data/zthreads-2.3.2/src/posix/ConditionRecursiveLock.h
Examining data/zthreads-2.3.2/src/posix/FastLock.h
Examining data/zthreads-2.3.2/src/posix/FtimeStrategy.h
Examining data/zthreads-2.3.2/src/posix/GetTimeOfDayStrategy.h
Examining data/zthreads-2.3.2/src/posix/Monitor.cxx
Examining data/zthreads-2.3.2/src/posix/Monitor.h
Examining data/zthreads-2.3.2/src/posix/PriorityOps.h
Examining data/zthreads-2.3.2/src/posix/TSS.h
Examining data/zthreads-2.3.2/src/posix/ThreadOps.cxx
Examining data/zthreads-2.3.2/src/posix/ThreadOps.h
Examining data/zthreads-2.3.2/src/solaris/FastRecursiveLock.h
Examining data/zthreads-2.3.2/src/vanilla/DualMutexRecursiveLock.h
Examining data/zthreads-2.3.2/src/vanilla/SimpleAtomicCount.cxx
Examining data/zthreads-2.3.2/src/vanilla/SimpleRecursiveLock.h
Examining data/zthreads-2.3.2/src/win32/AtomicCount.cxx
Examining data/zthreads-2.3.2/src/win32/AtomicFastLock.h
Examining data/zthreads-2.3.2/src/win32/AtomicFastRecursiveLock.h
Examining data/zthreads-2.3.2/src/win32/FastLock.h
Examining data/zthreads-2.3.2/src/win32/FastRecursiveLock.h
Examining data/zthreads-2.3.2/src/win32/Monitor.cxx
Examining data/zthreads-2.3.2/src/win32/Monitor.h
Examining data/zthreads-2.3.2/src/win32/PerformanceCounterStrategy.h
Examining data/zthreads-2.3.2/src/win32/TSS.h
Examining data/zthreads-2.3.2/src/win32/ThreadOps.cxx
Examining data/zthreads-2.3.2/src/win32/ThreadOps.h
Examining data/zthreads-2.3.2/src/win9x/AtomicCount.cxx
Examining data/zthreads-2.3.2/src/win9x/AtomicFastLock.h
Examining data/zthreads-2.3.2/src/config.h
Examining data/zthreads-2.3.2/src/MutexImpl.h
Examining data/zthreads-2.3.2/src/PoolExecutor.cxx
Examining data/zthreads-2.3.2/include/zthread/AtomicCount.h
Examining data/zthreads-2.3.2/include/zthread/BiasedReadWriteLock.h
Examining data/zthreads-2.3.2/include/zthread/BoundedQueue.h
Examining data/zthreads-2.3.2/include/zthread/Cancelable.h
Examining data/zthreads-2.3.2/include/zthread/ClassLockable.h
Examining data/zthreads-2.3.2/include/zthread/ConcurrentExecutor.h
Examining data/zthreads-2.3.2/include/zthread/Condition.h
Examining data/zthreads-2.3.2/include/zthread/CountedPtr.h
Examining data/zthreads-2.3.2/include/zthread/CountingSemaphore.h
Examining data/zthreads-2.3.2/include/zthread/Exceptions.h
Examining data/zthreads-2.3.2/include/zthread/Executor.h
Examining data/zthreads-2.3.2/include/zthread/FairReadWriteLock.h
Examining data/zthreads-2.3.2/include/zthread/FastMutex.h
Examining data/zthreads-2.3.2/include/zthread/FastRecursiveMutex.h
Examining data/zthreads-2.3.2/include/zthread/GuardedClass.h
Examining data/zthreads-2.3.2/include/zthread/Lockable.h
Examining data/zthreads-2.3.2/include/zthread/LockedQueue.h
Examining data/zthreads-2.3.2/include/zthread/MonitoredQueue.h
Examining data/zthreads-2.3.2/include/zthread/Mutex.h
Examining data/zthreads-2.3.2/include/zthread/NonCopyable.h
Examining data/zthreads-2.3.2/include/zthread/PoolExecutor.h
Examining data/zthreads-2.3.2/include/zthread/Priority.h
Examining data/zthreads-2.3.2/include/zthread/PriorityCondition.h
Examining data/zthreads-2.3.2/include/zthread/PriorityInheritanceMutex.h
Examining data/zthreads-2.3.2/include/zthread/PriorityMutex.h
Examining data/zthreads-2.3.2/include/zthread/PrioritySemaphore.h
Examining data/zthreads-2.3.2/include/zthread/Queue.h
Examining data/zthreads-2.3.2/include/zthread/ReadWriteLock.h
Examining data/zthreads-2.3.2/include/zthread/RecursiveMutex.h
Examining data/zthreads-2.3.2/include/zthread/Runnable.h
Examining data/zthreads-2.3.2/include/zthread/Semaphore.h
Examining data/zthreads-2.3.2/include/zthread/Singleton.h
Examining data/zthreads-2.3.2/include/zthread/SynchronousExecutor.h
Examining data/zthreads-2.3.2/include/zthread/Task.h
Examining data/zthreads-2.3.2/include/zthread/Thread.h
Examining data/zthreads-2.3.2/include/zthread/ThreadLocal.h
Examining data/zthreads-2.3.2/include/zthread/ThreadLocalImpl.h
Examining data/zthreads-2.3.2/include/zthread/ThreadedExecutor.h
Examining data/zthreads-2.3.2/include/zthread/Time.h
Examining data/zthreads-2.3.2/include/zthread/Waitable.h
Examining data/zthreads-2.3.2/include/zthread/ZThread.h
Examining data/zthreads-2.3.2/include/zthread/Barrier.h
Examining data/zthreads-2.3.2/include/zthread/Config.h
Examining data/zthreads-2.3.2/include/zthread/Guard.h
Examining data/zthreads-2.3.2/include/zthread/BlockingQueue.h
FINAL RESULTS:
data/zthreads-2.3.2/src/Debug.h:27:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define ZTDEBUG printf
data/zthreads-2.3.2/src/win9x/AtomicCount.cxx:44:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
::InitializeCriticalSection(&c->cs);
data/zthreads-2.3.2/src/win9x/AtomicCount.cxx:63:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(&c->cs);
data/zthreads-2.3.2/src/win9x/AtomicCount.cxx:77:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(&c->cs);
data/zthreads-2.3.2/src/win9x/AtomicCount.cxx:91:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(&c->cs);
data/zthreads-2.3.2/src/win9x/AtomicCount.cxx:105:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
::EnterCriticalSection(&c->cs);
data/zthreads-2.3.2/include/zthread/CountedPtr.h:188:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal(const CountedPtr& ptr) const {
data/zthreads-2.3.2/include/zthread/CountedPtr.h:196:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal(const CountedPtr<U, V>& ptr) const {
data/zthreads-2.3.2/include/zthread/CountedPtr.h:202:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return lhs.equal(rhs);
data/zthreads-2.3.2/include/zthread/CountedPtr.h:242:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return lhs.equal(rhs.get);
data/zthreads-2.3.2/include/zthread/CountedPtr.h:247:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return !(lhs.equal(rhs.get));
data/zthreads-2.3.2/include/zthread/CountedPtr.h:265:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return lhs.equal(rhs.get);
data/zthreads-2.3.2/include/zthread/CountedPtr.h:270:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return !(lhs.equal(rhs.get));
ANALYSIS SUMMARY:
Hits = 13
Lines analyzed = 18671 in approximately 0.46 seconds (40794 lines/second)
Physical Source Lines of Code (SLOC) = 6195
Hits@level = [0] 0 [1] 7 [2] 0 [3] 5 [4] 1 [5] 0
Hits@level+ = [0+] 13 [1+] 13 [2+] 6 [3+] 6 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 2.09847 [1+] 2.09847 [2+] 0.968523 [3+] 0.968523 [4+] 0.161421 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.