Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/64tass-1.55.2200/variables.h
Examining data/64tass-1.55.2200/functionobj.h
Examining data/64tass-1.55.2200/intobj.h
Examining data/64tass-1.55.2200/oper_e.h
Examining data/64tass-1.55.2200/eval.h
Examining data/64tass-1.55.2200/namespaceobj.h
Examining data/64tass-1.55.2200/ternary.h
Examining data/64tass-1.55.2200/opcodes.c
Examining data/64tass-1.55.2200/ternary.c
Examining data/64tass-1.55.2200/64tass.h
Examining data/64tass-1.55.2200/unicode.c
Examining data/64tass-1.55.2200/section.h
Examining data/64tass-1.55.2200/wchar.h
Examining data/64tass-1.55.2200/wctype.h
Examining data/64tass-1.55.2200/errorobj.h
Examining data/64tass-1.55.2200/registerobj.h
Examining data/64tass-1.55.2200/str.c
Examining data/64tass-1.55.2200/dictobj.c
Examining data/64tass-1.55.2200/values.c
Examining data/64tass-1.55.2200/memblocksobj.h
Examining data/64tass-1.55.2200/wait_e.h
Examining data/64tass-1.55.2200/labelobj.c
Examining data/64tass-1.55.2200/wchar.c
Examining data/64tass-1.55.2200/macroobj.c
Examining data/64tass-1.55.2200/bytesobj.h
Examining data/64tass-1.55.2200/unicode.h
Examining data/64tass-1.55.2200/mem.c
Examining data/64tass-1.55.2200/arguments.c
Examining data/64tass-1.55.2200/variables.c
Examining data/64tass-1.55.2200/listing.h
Examining data/64tass-1.55.2200/floatobj.h
Examining data/64tass-1.55.2200/opcodes.h
Examining data/64tass-1.55.2200/file.c
Examining data/64tass-1.55.2200/identobj.h
Examining data/64tass-1.55.2200/strobj.c
Examining data/64tass-1.55.2200/mem.h
Examining data/64tass-1.55.2200/64tass.c
Examining data/64tass-1.55.2200/noneobj.h
Examining data/64tass-1.55.2200/math.c
Examining data/64tass-1.55.2200/gapobj.h
Examining data/64tass-1.55.2200/addressobj.c
Examining data/64tass-1.55.2200/wctype.c
Examining data/64tass-1.55.2200/error.c
Examining data/64tass-1.55.2200/opt_bit.c
Examining data/64tass-1.55.2200/identobj.c
Examining data/64tass-1.55.2200/encoding.c
Examining data/64tass-1.55.2200/avl.c
Examining data/64tass-1.55.2200/boolobj.c
Examining data/64tass-1.55.2200/registerobj.c
Examining data/64tass-1.55.2200/bitsobj.c
Examining data/64tass-1.55.2200/str.h
Examining data/64tass-1.55.2200/strobj.h
Examining data/64tass-1.55.2200/boolobj.h
Examining data/64tass-1.55.2200/inttypes.h
Examining data/64tass-1.55.2200/isnprintf.h
Examining data/64tass-1.55.2200/my_getopt.c
Examining data/64tass-1.55.2200/bitsobj.h
Examining data/64tass-1.55.2200/mfuncobj.h
Examining data/64tass-1.55.2200/floatobj.c
Examining data/64tass-1.55.2200/memblocksobj.c
Examining data/64tass-1.55.2200/my_getopt.h
Examining data/64tass-1.55.2200/namespaceobj.c
Examining data/64tass-1.55.2200/errorobj.c
Examining data/64tass-1.55.2200/macroobj.h
Examining data/64tass-1.55.2200/typeobj.c
Examining data/64tass-1.55.2200/foldobj.h
Examining data/64tass-1.55.2200/typeobj.h
Examining data/64tass-1.55.2200/intobj.c
Examining data/64tass-1.55.2200/operobj.c
Examining data/64tass-1.55.2200/console.h
Examining data/64tass-1.55.2200/operobj.h
Examining data/64tass-1.55.2200/listobj.h
Examining data/64tass-1.55.2200/macro.c
Examining data/64tass-1.55.2200/instruction.c
Examining data/64tass-1.55.2200/addressobj.h
Examining data/64tass-1.55.2200/instruction.h
Examining data/64tass-1.55.2200/listing.c
Examining data/64tass-1.55.2200/isnprintf.c
Examining data/64tass-1.55.2200/foldobj.c
Examining data/64tass-1.55.2200/noneobj.c
Examining data/64tass-1.55.2200/math.h
Examining data/64tass-1.55.2200/longjump.c
Examining data/64tass-1.55.2200/encoding.h
Examining data/64tass-1.55.2200/section.c
Examining data/64tass-1.55.2200/eval.c
Examining data/64tass-1.55.2200/unicodedata.c
Examining data/64tass-1.55.2200/dictobj.h
Examining data/64tass-1.55.2200/labelobj.h
Examining data/64tass-1.55.2200/codeobj.h
Examining data/64tass-1.55.2200/functionobj.c
Examining data/64tass-1.55.2200/stdbool.h
Examining data/64tass-1.55.2200/values.h
Examining data/64tass-1.55.2200/obj.h
Examining data/64tass-1.55.2200/longjump.h
Examining data/64tass-1.55.2200/bytesobj.c
Examining data/64tass-1.55.2200/arguments.h
Examining data/64tass-1.55.2200/obj.c
Examining data/64tass-1.55.2200/codeobj.c
Examining data/64tass-1.55.2200/main.c
Examining data/64tass-1.55.2200/error.h
Examining data/64tass-1.55.2200/errors_e.h
Examining data/64tass-1.55.2200/attributes.h
Examining data/64tass-1.55.2200/file.h
Examining data/64tass-1.55.2200/console.c
Examining data/64tass-1.55.2200/macro.h
Examining data/64tass-1.55.2200/listobj.c
Examining data/64tass-1.55.2200/opt_bit.h
Examining data/64tass-1.55.2200/optimizer.h
Examining data/64tass-1.55.2200/optimizer.c
Examining data/64tass-1.55.2200/unicodedata.h
Examining data/64tass-1.55.2200/avl.h
Examining data/64tass-1.55.2200/gapobj.c
Examining data/64tass-1.55.2200/mfuncobj.c
FINAL RESULTS:
data/64tass-1.55.2200/error.c:624:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(msg2, msg, bits);
data/64tass-1.55.2200/error.c:801:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(msg2, msg, v1, v2);
data/64tass-1.55.2200/error.c:859:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(line, ", got %" PRIuSIZE, num);
data/64tass-1.55.2200/error.c:1282:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, ":%" PRIuline ":%" PRIlinepos, epoint->line, ((file->encoding == E_UTF8) ? (linecpos_t)calcpos(line, epoint->pos) : epoint->pos) + 1);
data/64tass-1.55.2200/isnprintf.c:65:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#ifndef snprintf
data/64tass-1.55.2200/isnprintf.c:66:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf(str, size, format, var, var2) sprintf(str, format, var, var2)
data/64tass-1.55.2200/isnprintf.c:66:48: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
#define snprintf(str, size, format, var, var2) sprintf(str, format, var, var2)
data/64tass-1.55.2200/isnprintf.c:397:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
l = snprintf(tmp, sizeof tmp, form, (p->precision < 80) ? (p->precision > 0 ? p->precision : 0) : 80, d);
data/64tass-1.55.2200/mem.c:170:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(temp, "$%04" PRIaddress, start);
data/64tass-1.55.2200/mem.c:171:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(temp2, "$%04" PRIaddress, (address_t)(start + size - 1));
data/64tass-1.55.2200/section.c:194:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(temp, "$%04" PRIaddress, l->address.start);
data/64tass-1.55.2200/section.c:197:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(temp2, "-$%04" PRIaddress, (address_t)(l->address.start + l->size - 1));
data/64tass-1.55.2200/section.c:199:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(temp3, "$%04" PRIaddress, l->size);
data/64tass-1.55.2200/unicode.c:423:19: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ln2 = fprintf(f, ch < 0x10000 ? "$'\\u%" PRIx32 "'" : "$'\\U%" PRIx32 "'", ch);
data/64tass-1.55.2200/unicode.c:526:14: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ln = fprintf(f, format, ch);
data/64tass-1.55.2200/unicode.c:532:12: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
return sprintf(temp, format, ch);
data/64tass-1.55.2200/unicode.c:685:21: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
if (swprintf(tmp2, lenof(tmp2), L"%S", tmp) > 0) {
data/64tass-1.55.2200/console.c:45:28: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char const *term = getenv("TERM");
data/64tass-1.55.2200/my_getopt.c:50:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("POSIXLY_CORRECT") != NULL) colon_mode = mode = '+';
data/64tass-1.55.2200/my_getopt.c:146:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("POSIXLY_CORRECT") != NULL) colon_mode = mode = '+';
data/64tass-1.55.2200/64tass.c:577:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pokealloc(trec->len, trec->epoint), trec->buff, trec->len);
data/64tass-1.55.2200/64tass.c:675:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pokealloc(trec->len, trec->epoint), trec->buff, trec->len);
data/64tass-1.55.2200/64tass.c:740:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pokealloc(brec->len, brec->epoint), brec->buff, brec->len);
data/64tass-1.55.2200/64tass.c:760:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pokealloc(brec->len, brec->epoint), brec->buff, brec->len);
data/64tass-1.55.2200/64tass.c:822:66: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
else if (brec->len >= (ssize_t)(sizeof brec->buff) - 4) {memcpy(pokealloc(brec->len, brec->epoint), brec->buff, brec->len); brec->len = 0;}
data/64tass-1.55.2200/64tass.c:1382:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(labels.data, labels.val, sizeof labels.val);
data/64tass-1.55.2200/64tass.c:1483:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(expr, pline, lentmp);
data/64tass-1.55.2200/64tass.c:1506:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(expr2, pline, lentmp);
data/64tass-1.55.2200/64tass.c:1721:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(expr, pline, lentmp);
data/64tass-1.55.2200/64tass.c:3247:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, current_section->name.data, current_section->name.len);
data/64tass-1.55.2200/64tass.c:3384:51: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (trec.len > 0) memcpy(pokealloc(trec.len, trec.epoint), trec.buff, trec.len);
data/64tass-1.55.2200/64tass.c:3402:33: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pokealloc(trec.len, trec.epoint), trec.buff, trec.len);
data/64tass-1.55.2200/64tass.c:3408:43: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (trec.len > 0) memcpy(pokealloc(trec.len, trec.epoint), trec.buff, trec.len);
data/64tass-1.55.2200/64tass.c:3454:47: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (brec.len > 0) memcpy(pokealloc(brec.len, brec.epoint), brec.buff, brec.len);
data/64tass-1.55.2200/64tass.c:3497:40: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
} else memcpy(d, s, ln);
data/64tass-1.55.2200/64tass.c:3813:37: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pokealloc(trec.len, trec.epoint), trec.buff, trec.len);
data/64tass-1.55.2200/64tass.c:3822:45: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pokealloc(trec.len, trec.epoint), trec.buff, trec.len);
data/64tass-1.55.2200/64tass.c:3829:45: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pokealloc(trec.len, trec.epoint), trec.buff, trec.len);
data/64tass-1.55.2200/64tass.c:3839:43: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (trec.len > 0) memcpy(pokealloc(trec.len, trec.epoint), trec.buff, trec.len);
data/64tass-1.55.2200/64tass.c:3929:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, str->data, str->len);
data/64tass-1.55.2200/64tass.c:4144:85: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (newlabel != NULL && prm == CMD_BINCLUDE && (f == NULL || f->open > 1) && newlabel->value->obj == CODE_OBJ) {
data/64tass-1.55.2200/64tass.c:4149:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f->open>1) {
data/64tass-1.55.2200/addressobj.c:111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100], buffer2[100], *b2;
data/64tass-1.55.2200/addressobj.c:123:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buffer2[ind], "address(", 8);
data/64tass-1.55.2200/addressobj.c:175:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, b2, ind);
data/64tass-1.55.2200/addressobj.c:179:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, str->data, str->len);
data/64tass-1.55.2200/addressobj.c:182:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (ind2 != 0) memcpy(s, buffer, ind2);
data/64tass-1.55.2200/arguments.c:273:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&diagnostics, no ? &diagnostic_no_all : &diagnostic_all, sizeof diagnostics);
data/64tass-1.55.2200/arguments.c:278:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&diagnostic_errors, no ? &diagnostic_no_error_all : &diagnostic_error_all, sizeof diagnostic_errors);
data/64tass-1.55.2200/arguments.c:550:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fin->data + fp, my_optarg, len);
data/64tass-1.55.2200/bitsobj.c:112:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, v1->data, sz * sizeof *v->data);
data/64tass-1.55.2200/bitsobj.c:124:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->u.val, d, sz * sizeof *d);
data/64tass-1.55.2200/bitsobj.c:586:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, v->u.val, j * sizeof *d);
data/64tass-1.55.2200/bitsobj.c:607:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, v->u.val, j * sizeof *d);
data/64tass-1.55.2200/bitsobj.c:624:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->u.val, d, osz * sizeof *d);
data/64tass-1.55.2200/bitsobj.c:706:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
} else memcpy(d, b, sz * sizeof *d);
data/64tass-1.55.2200/boolobj.c:86:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, val ? "true" : "false", len);
data/64tass-1.55.2200/bytesobj.c:137:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, v->u.val, byteslen(v));
data/64tass-1.55.2200/bytesobj.c:152:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, v1->data, sz);
data/64tass-1.55.2200/bytesobj.c:181:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (i < sz) memcpy(v->data + i, v1->data + i, sz - i);
data/64tass-1.55.2200/bytesobj.c:245:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(src2, src + i, 4);
data/64tass-1.55.2200/bytesobj.c:341:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 4 - (sz & 3), v1->data + (sz & ~3), sz & 3);
data/64tass-1.55.2200/bytesobj.c:345:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, tmp2 + 5 - sz, sz);
data/64tass-1.55.2200/bytesobj.c:460:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp + 5 - i, s, i);
data/64tass-1.55.2200/bytesobj.c:463:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data + j, tmp2 + 4 - i, i);
data/64tass-1.55.2200/bytesobj.c:500:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, v->u.val, len2);
data/64tass-1.55.2200/bytesobj.c:533:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (len2 != 0) memcpy(v->u.val, s, len2);
data/64tass-1.55.2200/bytesobj.c:706:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (sz != 0) memcpy(v->u.val, d, sz);
data/64tass-1.55.2200/bytesobj.c:999:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, v1->data, len1);
data/64tass-1.55.2200/bytesobj.c:1003:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
} else memcpy(s + len1, v2->data, len2);
data/64tass-1.55.2200/bytesobj.c:1181:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s + v->len, v1->data, len1);
data/64tass-1.55.2200/bytesobj.c:1258:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p2, v1->data + offs, length);
data/64tass-1.55.2200/bytesobj.c:1268:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p2, v1->data + offs, length);
data/64tass-1.55.2200/codeobj.c:588:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((unsigned char *)v) + sizeof(Obj), ((unsigned char *)v1) + sizeof(Obj), sizeof(Code) - sizeof(Obj));
data/64tass-1.55.2200/codeobj.c:671:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((unsigned char *)v) + sizeof(Obj), ((unsigned char *)v2) + sizeof(Obj), sizeof(Code) - sizeof(Obj));
data/64tass-1.55.2200/console.c:106:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const ansi_sequences[8] = {
data/64tass-1.55.2200/dictobj.c:472:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, str2->data, str2->len);
data/64tass-1.55.2200/dictobj.c:481:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, str2->data, str2->len);
data/64tass-1.55.2200/encoding.c:702:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, tmp.val, i);
data/64tass-1.55.2200/encoding.c:719:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->val, tmp.val, i);
data/64tass-1.55.2200/error.c:218:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (line_len != 0) memcpy(&error_list.data[error_list.header_pos + sizeof(struct errorentry_s)], pline, line_len);
data/64tass-1.55.2200/error.c:241:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (line_len != 0) memcpy(&error_list.data[error_list.header_pos + sizeof(struct errorentry_s)], err->line, line_len);
data/64tass-1.55.2200/error.c:298:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(error_list.data + error_list.len, s, len);
data/64tass-1.55.2200/error.c:525:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/64tass-1.55.2200/error.c:529:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,"branch too far by %+d bytes", *(const int *)prm); adderror(line);
data/64tass-1.55.2200/error.c:532:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,"ptext too long by %" PRIuSIZE " bytes", *(const size_t *)prm - 0x100); adderror(line);
data/64tass-1.55.2200/error.c:535:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,"branch crosses page by %+d bytes", *(const int *)prm); adderror(line);
data/64tass-1.55.2200/error.c:623:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg2[256];
data/64tass-1.55.2200/error.c:641:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (line_len != 0) memcpy(&error_list.data[error_list.header_pos + sizeof(struct errorentry_s)], err->line, line_len);
data/64tass-1.55.2200/error.c:654:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (line_len != 0) memcpy(&error_list.data[error_list.header_pos + sizeof(struct errorentry_s)], pline, line_len);
data/64tass-1.55.2200/error.c:751:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[17];
data/64tass-1.55.2200/error.c:752:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, "for opcode 'xxx'", sizeof tmp);
data/64tass-1.55.2200/error.c:793:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg2[256];
data/64tass-1.55.2200/error.c:794:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg2, "no %" PRIuSIZE " operand", opers);
data/64tass-1.55.2200/error.c:800:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg2[256];
data/64tass-1.55.2200/error.c:847:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/64tass-1.55.2200/error.c:856:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
default: sprintf(line, "%" PRIuSIZE " arguments", n); adderror(line); break;
data/64tass-1.55.2200/error.c:944:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/64tass-1.55.2200/error.c:946:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line, "expected %" PRIuSIZE " values but got %" PRIuSIZE " to unpack", expect, got);
data/64tass-1.55.2200/error.c:1028:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const opr_names[ADR_LEN] = {
data/64tass-1.55.2200/error.c:1101:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const order_suffix[4] = {
data/64tass-1.55.2200/error.c:1106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg2[4];
data/64tass-1.55.2200/error.c:1110:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg2 + 1, order_suffix[i < 4 ? i : 3], 3);
data/64tass-1.55.2200/error.c:1236:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg2[256];
data/64tass-1.55.2200/error.c:1238:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg2, "branch crosses page by %+d bytes [-Wbranch-page]", by);
data/64tass-1.55.2200/error.c:1243:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256];
data/64tass-1.55.2200/error.c:1245:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(line,"different start and end page $%04" PRIaddress " and $%04" PRIaddress " [-Wpage]", adr, adr2);
data/64tass-1.55.2200/error.c:1250:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[4];
data/64tass-1.55.2200/error.c:1271:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf((char *)s, "' ($%02" PRIx32 ") in encoding '", ch); adderror((char *)line);
data/64tass-1.55.2200/errorobj.c:176:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (l != NULL) memcpy(l, pline, ln);
data/64tass-1.55.2200/eval.c:247:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[4];
data/64tass-1.55.2200/eval.c:269:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char txt[4];
data/64tass-1.55.2200/eval.c:391:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, opr->data, OPR_LEN * sizeof *opr->data);
data/64tass-1.55.2200/eval.c:1047:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(list->data, l1->data, l1->len * sizeof *list->data);
data/64tass-1.55.2200/eval.c:1048:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(list->data + l1->len, l2->data, l2->len * sizeof *list->data);
data/64tass-1.55.2200/eval.c:1057:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(list->data, l1->data, l1->len * sizeof *list->data);
data/64tass-1.55.2200/eval.c:1071:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&list->data[1], l2->data, l2->len * sizeof *list->data);
data/64tass-1.55.2200/file.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1];
data/64tass-1.55.2200/file.c:113:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(include_list_last->path, path, i + 1);
data/64tass-1.55.2200/file.c:114:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (i != j) memcpy(include_list_last->path + i, "/", 2);
data/64tass-1.55.2200/file.c:149:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path, base, i);
data/64tass-1.55.2200/file.c:150:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path + i, v->data, v->len);
data/64tass-1.55.2200/file.c:244:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t *wname, *c2, wmode[3];
data/64tass-1.55.2200/file.c:266:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[64];
data/64tass-1.55.2200/file.c:285:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newname + len - l, temp, (size_t)l);
data/64tass-1.55.2200/file.c:288:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(newname, mode);
data/64tass-1.55.2200/file.c:431:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, name, namelen); tmp->name = s;
data/64tass-1.55.2200/file.c:752:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, cmd_name, cmdlen); tmp->realname = s;
data/64tass-1.55.2200/file.c:776:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (f->open != 0) f->open--;
data/64tass-1.55.2200/file.h:42:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
uint16_t open; /* open/not open */
data/64tass-1.55.2200/floatobj.c:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[100];
data/64tass-1.55.2200/floatobj.c:97:26: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
size_t len = (size_t)sprintf(line, "%.10g", v1->real);
data/64tass-1.55.2200/floatobj.c:104:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, line, len);
data/64tass-1.55.2200/functionobj.c:81:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, "<native_function '", 18);
data/64tass-1.55.2200/functionobj.c:83:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, v1->name.data, v1->name.len);
data/64tass-1.55.2200/functionobj.c:97:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, v1->name.data, v1->name.len);
data/64tass-1.55.2200/functionobj.c:471:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->data, cfile2->data + offset, ln);
data/64tass-1.55.2200/identobj.c:43:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(idn->val, name->data, name->len);
data/64tass-1.55.2200/identobj.c:87:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, "ident(", 6);
data/64tass-1.55.2200/identobj.c:109:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, v1->name.data, v1->name.len);
data/64tass-1.55.2200/intobj.c:109:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, v1->data, ln * sizeof *v->data);
data/64tass-1.55.2200/intobj.c:121:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->val, d, sz * sizeof *d);
data/64tass-1.55.2200/intobj.c:453:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vv->val, v, i * sizeof *v);
data/64tass-1.55.2200/intobj.c:524:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vv->val, v, i * sizeof *v);
data/64tass-1.55.2200/intobj.c:572:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vv->val, v, i * sizeof *v);
data/64tass-1.55.2200/intobj.c:657:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(w0, v2, len2 * sizeof *w0);
data/64tass-1.55.2200/intobj.c:659:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v0, v1, len1 * sizeof *v0);
data/64tass-1.55.2200/intobj.c:719:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vv->val, a, k * sizeof *a);
data/64tass-1.55.2200/intobj.c:733:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&vv->val, v0, len2 * sizeof *v0);
data/64tass-1.55.2200/intobj.c:802:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
} else if (len1 != 0) memcpy(v2, v1, len1 * sizeof *v2);
data/64tass-1.55.2200/intobj.c:858:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
} else if (sz != 0) memcpy(v, v1, sz * sizeof *v);
data/64tass-1.55.2200/intobj.c:1395:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
} else memcpy(d, b, sz * sizeof *d);
data/64tass-1.55.2200/intobj.c:1443:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, v->val, j * sizeof *d);
data/64tass-1.55.2200/intobj.c:1463:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, v->val, j * sizeof *d);
data/64tass-1.55.2200/intobj.c:1478:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->val, d, osz * sizeof *d);
data/64tass-1.55.2200/intobj.c:1566:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, v->val, sizeof v->val);
data/64tass-1.55.2200/isnprintf.c:373:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[400], *t, form[10];
data/64tass-1.55.2200/isnprintf.c:597:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str->u.val, return_value.data, return_value.len);
data/64tass-1.55.2200/labelobj.c:105:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, "<label '", 8);
data/64tass-1.55.2200/labelobj.c:107:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, v1->name.data, len);
data/64tass-1.55.2200/labelobj.c:129:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, v1->name.data, len);
data/64tass-1.55.2200/listing.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[LINE_WIDTH + ADDR_WIDTH + LADDR_WIDTH + 3*16];
data/64tass-1.55.2200/listing.c:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[16];
data/64tass-1.55.2200/listing.c:151:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ls->hex, "0123456789abcdef", 16);
data/64tass-1.55.2200/listing.c:556:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&prev, ¤t, sizeof prev);
data/64tass-1.55.2200/listobj.c:129:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, v->u.val, v->len * sizeof *v->data);
data/64tass-1.55.2200/listobj.c:304:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, str->data, str->len);
data/64tass-1.55.2200/listobj.c:347:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vals, lst->u.val, o * sizeof *lst->data);
data/64tass-1.55.2200/listobj.c:369:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lst->u.val, lst->data, lst->len * sizeof *lst->data);
data/64tass-1.55.2200/macro.c:259:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mline->data + last, pline + last2, p - last);
data/64tass-1.55.2200/macro.c:283:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mline->data + p, param.data, param.len);
data/64tass-1.55.2200/macro.c:298:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (p != last) memcpy(mline->data + last, pline + last2, p - last);
data/64tass-1.55.2200/macro.c:332:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(par, pbuf, pp);
data/64tass-1.55.2200/main.c:92:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
argv[i] = (char *)realloc(argv[i], (char *)c2 - argv[i]);
data/64tass-1.55.2200/main.c:98:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(argv[0], "64tass");
data/64tass-1.55.2200/main.c:166:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argv[0], "64tass", 7);
data/64tass-1.55.2200/mem.c:77:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&memblocks->mem.data[b2->p], &b->mem.data[b->data[k].p], b2->len);
data/64tass-1.55.2200/mem.c:95:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memblocks->mem.data + bj->p + (bi->addr - bj->addr), memblocks->mem.data + bi->p, overlap);
data/64tass-1.55.2200/mem.c:156:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[10], temp2[10];
data/64tass-1.55.2200/mem.c:177:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nuls[256];
data/64tass-1.55.2200/mem.c:198:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[4];
data/64tass-1.55.2200/mem.c:235:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[6];
data/64tass-1.55.2200/mem.c:281:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[6];
data/64tass-1.55.2200/mem.c:330:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1+(1+2+1+32+1)*2+1];
data/64tass-1.55.2200/mem.c:387:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ihex.data + ihex.length, d, copy);
data/64tass-1.55.2200/mem.c:410:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1+1+(1+4+32+1)*2+1];
data/64tass-1.55.2200/mem.c:458:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(srec.data + srec.length, d, copy);
data/64tass-1.55.2200/memblocksobj.c:78:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (m->mem.len != 0) memcpy(val->mem.data, m->mem.data, m->mem.len);
data/64tass-1.55.2200/namespaceobj.c:202:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, "namespace({", 11);
data/64tass-1.55.2200/namespaceobj.c:208:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, str2->data, str2->len);
data/64tass-1.55.2200/obj.c:131:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, name, len2);
data/64tass-1.55.2200/opcodes.c:852:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * const addr_modes[ADR_LEN+1] = {
data/64tass-1.55.2200/opcodes.h:50:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char * const addr_modes[ADR_LEN+1];
data/64tass-1.55.2200/operobj.c:131:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, "<oper ", 6);
data/64tass-1.55.2200/operobj.c:133:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, txt, len);
data/64tass-1.55.2200/registerobj.c:67:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, v1->data, v->len);
data/64tass-1.55.2200/registerobj.c:118:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, "register(", 9);
data/64tass-1.55.2200/registerobj.c:141:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, v1->data, v1->len);
data/64tass-1.55.2200/section.c:193:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[10], temp2[10], temp3[10];
data/64tass-1.55.2200/str.c:84:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (i != 0) memcpy(s, d, i);
data/64tass-1.55.2200/str.c:115:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, s2->data, s2->len);
data/64tass-1.55.2200/strobj.c:156:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, v->u.val, v->len);
data/64tass-1.55.2200/strobj.c:290:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iter->data, s, ln);
data/64tass-1.55.2200/strobj.c:334:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, p, l + 1);
data/64tass-1.55.2200/strobj.c:338:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, p, j);
data/64tass-1.55.2200/strobj.c:343:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, s + 1, j);
data/64tass-1.55.2200/strobj.c:473:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s + v1->len, v2->data, v2->len);
data/64tass-1.55.2200/strobj.c:482:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, v1->data, v1->len);
data/64tass-1.55.2200/strobj.c:491:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, v1->data, v1->len);
data/64tass-1.55.2200/strobj.c:492:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s + v1->len, v2->data, v2->len);
data/64tass-1.55.2200/strobj.c:537:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, v1->data, ln);
data/64tass-1.55.2200/strobj.c:637:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(o, v->u.val, m - 4096);
data/64tass-1.55.2200/strobj.c:650:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p2, p, k);p2 += k;
data/64tass-1.55.2200/strobj.c:657:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->u.val, o, len2);
data/64tass-1.55.2200/strobj.c:704:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->u.val, v1->data + offs, len2);
data/64tass-1.55.2200/strobj.c:714:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->data, v1->data + offs, len2);
data/64tass-1.55.2200/strobj.c:774:34: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (i == k) {memcpy(p2, p, j);p2 += j; k += step;}
data/64tass-1.55.2200/strobj.c:780:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v->u.val, o, len2);
data/64tass-1.55.2200/typeobj.c:87:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, "<type '", 7);
data/64tass-1.55.2200/typeobj.c:89:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, name, ln);
data/64tass-1.55.2200/unicode.c:344:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64];
data/64tass-1.55.2200/unicode.c:345:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, line + i, ln);
data/64tass-1.55.2200/unicode.c:414:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[64];
data/64tass-1.55.2200/unicode.c:460:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64];
data/64tass-1.55.2200/unicode.c:461:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, line + i, ln);
data/64tass-1.55.2200/unicode.c:476:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[64];
data/64tass-1.55.2200/unicode.c:521:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[64];
data/64tass-1.55.2200/unicode.c:549:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64];
data/64tass-1.55.2200/unicode.c:550:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, line + i, ln);
data/64tass-1.55.2200/unicode.c:577:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[64];
data/64tass-1.55.2200/unicode.c:605:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64];
data/64tass-1.55.2200/unicode.c:606:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, line + i, ln);
data/64tass-1.55.2200/unicode.c:644:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[64];
data/64tass-1.55.2200/unicode.c:681:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64];
data/64tass-1.55.2200/unicode.c:682:17: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t tmp2[64];
data/64tass-1.55.2200/unicode.c:683:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, line + i, ln);
data/64tass-1.55.2200/unicode.c:696:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[64];
data/64tass-1.55.2200/wchar.c:32:14: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t cp437[128] = {
data/64tass-1.55.2200/wchar.c:50:14: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t cp737[128] = {
data/64tass-1.55.2200/wchar.c:68:14: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t cp775[128] = {
data/64tass-1.55.2200/wchar.c:86:14: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t cp850[128] = {
data/64tass-1.55.2200/wchar.c:104:14: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t cp852[128] = {
data/64tass-1.55.2200/wchar.c:122:14: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t cp855[128] = {
data/64tass-1.55.2200/wchar.c:140:14: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t cp857[128] = {
data/64tass-1.55.2200/wchar.c:158:14: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t cp860[128] = {
data/64tass-1.55.2200/wchar.c:176:14: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t cp861[128] = {
data/64tass-1.55.2200/wchar.c:194:14: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t cp862[128] = {
data/64tass-1.55.2200/wchar.c:212:14: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t cp863[128] = {
data/64tass-1.55.2200/wchar.c:230:14: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t cp864[128] = {
data/64tass-1.55.2200/wchar.c:248:14: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t cp865[128] = {
data/64tass-1.55.2200/wchar.c:266:14: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t cp866[128] = {
data/64tass-1.55.2200/wchar.c:284:14: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t cp869[128] = {
data/64tass-1.55.2200/wchar.c:302:14: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const wchar_t cp874[128] = {
data/64tass-1.55.2200/64tass.c:1481:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lentmp = strlen((const char *)pline) + 1;
data/64tass-1.55.2200/64tass.c:1504:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lentmp = strlen((const char *)pline) + 1;
data/64tass-1.55.2200/64tass.c:1719:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t lentmp = strlen((const char *)pline) + 1;
data/64tass-1.55.2200/64tass.c:4090:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cpuname.len == strlen((*cpui)->name) && memcmp((*cpui)->name, cpuname.data, cpuname.len) == 0) {
data/64tass-1.55.2200/arguments.c:282:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
m = strcmp(s2, "unused") == 0 ? strlen(s2) : SIZE_MAX;
data/64tass-1.55.2200/arguments.c:396:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/64tass-1.55.2200/arguments.c:416:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/64tass-1.55.2200/arguments.c:533:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(my_optarg) + 1;
data/64tass-1.55.2200/encoding.c:746:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s + 1);
data/64tass-1.55.2200/error.c:215:119: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
default: line_len = ((epoint->line == lpoint.line) && (size_t)(pline - flist->file->data) >= flist->file->len) ? (strlen((const char *)pline) + 1) : 0; break;
data/64tass-1.55.2200/error.c:238:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_len = strlen((const char *)err->line) + 1;
data/64tass-1.55.2200/error.c:303:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
adderror2((const uint8_t *)s, strlen(s));
data/64tass-1.55.2200/error.c:638:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_len = strlen((const char *)err->line) + 1;
data/64tass-1.55.2200/error.c:651:119: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
default: line_len = ((epoint->line == lpoint.line) && (size_t)(pline - flist->file->data) >= flist->file->len) ? (strlen((const char *)pline) + 1) : 0; break;
data/64tass-1.55.2200/error.c:1548:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = strlen(s);
data/64tass-1.55.2200/error.c:1586:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (epoint->line == lpoint.line && strlen((const char *)pline) > epoint->pos) {
data/64tass-1.55.2200/errorobj.c:174:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ln = strlen((const char *)pline) + 1;
data/64tass-1.55.2200/file.c:101:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = i = strlen(path);
data/64tass-1.55.2200/file.c:159:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t i = 0, j = 0, len = ((max != SIZE_MAX) ? max : strlen(name)) + 2;
data/64tass-1.55.2200/file.c:200:11: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = wcslen(wname) + 1;
data/64tass-1.55.2200/file.c:256:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = 0, max = strlen(name) + 1;
data/64tass-1.55.2200/file.c:400:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n.len = strlen(name);
data/64tass-1.55.2200/file.c:429:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t namelen = strlen(name) + 1;
data/64tass-1.55.2200/file.c:467:42: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c2 = getc(f);
data/64tass-1.55.2200/file.c:748:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cmdlen = strlen(cmd_name) + 1;
data/64tass-1.55.2200/functionobj.c:829:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
func->name.len = strlen(builtin_functions[i].name);
data/64tass-1.55.2200/main.c:132:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = strlen(s), j = 0;
data/64tass-1.55.2200/my_getopt.c:211:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(longopts[ind].name) == (size_t) (charind - offset)) &&
data/64tass-1.55.2200/obj.c:123:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(name);
data/64tass-1.55.2200/operobj.c:124:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(txt);
data/64tass-1.55.2200/typeobj.c:80:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ln = strlen(name);
data/64tass-1.55.2200/values.c:151:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else len = printable_print2((const uint8_t *)err->obj->name, f, strlen(err->obj->name));
data/64tass-1.55.2200/variables.c:798:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name.len = strlen(ident);
ANALYSIS SUMMARY:
Hits = 286
Lines analyzed = 51410 in approximately 1.64 seconds (31373 lines/second)
Physical Source Lines of Code (SLOC) = 46707
Hits@level = [0] 42 [1] 33 [2] 233 [3] 3 [4] 17 [5] 0
Hits@level+ = [0+] 328 [1+] 286 [2+] 253 [3+] 20 [4+] 17 [5+] 0
Hits/KSLOC@level+ = [0+] 7.0225 [1+] 6.12328 [2+] 5.41675 [3+] 0.428201 [4+] 0.363971 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.