Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/android-platform-system-core-10.0.0+r36/adb/adb.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/adb.h
Examining data/android-platform-system-core-10.0.0+r36/adb/adb_auth.h
Examining data/android-platform-system-core-10.0.0+r36/adb/adb_io.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/adb_io.h
Examining data/android-platform-system-core-10.0.0+r36/adb/adb_io_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/adb_listeners.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/adb_listeners.h
Examining data/android-platform-system-core-10.0.0+r36/adb/adb_listeners_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/adb_mdns.h
Examining data/android-platform-system-core-10.0.0+r36/adb/adb_trace.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/adb_trace.h
Examining data/android-platform-system-core-10.0.0+r36/adb/adb_unique_fd.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/adb_unique_fd.h
Examining data/android-platform-system-core-10.0.0+r36/adb/adb_utils.h
Examining data/android-platform-system-core-10.0.0+r36/adb/adb_utils_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/bugreport_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/client/adb_client.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/client/adb_client.h
Examining data/android-platform-system-core-10.0.0+r36/adb/client/adb_install.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/client/adb_install.h
Examining data/android-platform-system-core-10.0.0+r36/adb/client/auth.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/client/bugreport.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/client/bugreport.h
Examining data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/client/commandline.h
Examining data/android-platform-system-core-10.0.0+r36/adb/client/console.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/client/fastdeploy.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/client/fastdeploy.h
Examining data/android-platform-system-core-10.0.0+r36/adb/client/fastdeploycallbacks.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/client/fastdeploycallbacks.h
Examining data/android-platform-system-core-10.0.0+r36/adb/client/file_sync_client.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/client/file_sync_client.h
Examining data/android-platform-system-core-10.0.0+r36/adb/client/line_printer.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/client/line_printer.h
Examining data/android-platform-system-core-10.0.0+r36/adb/client/main.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/client/transport_mdns.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/client/usb_dispatch.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/client/usb_linux.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/client/usb_osx.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/client/usb_windows.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/client/usb_libusb.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/abb.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/abb_service.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/auth.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/file_sync_service.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/file_sync_service.h
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/framebuffer_service.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/framebuffer_service.h
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/include/adbd/usb.h
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/jdwp_service.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/main.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/mdns.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/mdns.h
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/reboot_service.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/reboot_service.h
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/remount_service.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/remount_service.h
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/restart_service.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/restart_service.h
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/services.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/set_verity_enable_state_service.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/set_verity_enable_state_service.h
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/shell_service.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/shell_service.h
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/shell_service_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/transport_qemu.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/usb.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/usb_dummy.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/usb_ffs.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/daemon/usb_legacy.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/fdevent.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/fdevent.h
Examining data/android-platform-system-core-10.0.0+r36/adb/fdevent_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/fdevent_test.h
Examining data/android-platform-system-core-10.0.0+r36/adb/file_sync_protocol.h
Examining data/android-platform-system-core-10.0.0+r36/adb/security_log_tags.h
Examining data/android-platform-system-core-10.0.0+r36/adb/services.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/services.h
Examining data/android-platform-system-core-10.0.0+r36/adb/shell_protocol.h
Examining data/android-platform-system-core-10.0.0+r36/adb/shell_service_protocol.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/shell_service_protocol_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/socket.h
Examining data/android-platform-system-core-10.0.0+r36/adb/socket_spec.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/socket_spec.h
Examining data/android-platform-system-core-10.0.0+r36/adb/socket_spec_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/socket_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/sockets.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/sysdeps/chrono.h
Examining data/android-platform-system-core-10.0.0+r36/adb/sysdeps/errno.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/sysdeps/errno.h
Examining data/android-platform-system-core-10.0.0+r36/adb/sysdeps/network.h
Examining data/android-platform-system-core-10.0.0+r36/adb/sysdeps/posix/network.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/sysdeps/stat.h
Examining data/android-platform-system-core-10.0.0+r36/adb/sysdeps/stat_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/sysdeps/uio.h
Examining data/android-platform-system-core-10.0.0+r36/adb/sysdeps/vm_sockets.h
Examining data/android-platform-system-core-10.0.0+r36/adb/sysdeps/win32/errno.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/sysdeps/win32/errno_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/sysdeps/win32/stat.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/sysdeps_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/sysdeps_unix.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/sysdeps_win32.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/sysdeps_win32_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/transport.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/transport.h
Examining data/android-platform-system-core-10.0.0+r36/adb/transport_benchmark.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/transport_fd.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/transport_local.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/transport_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/transport_usb.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/types_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/usb.h
Examining data/android-platform-system-core-10.0.0+r36/adb/adb_utils.cpp
Examining data/android-platform-system-core-10.0.0+r36/adb/types.h
Examining data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h
Examining data/android-platform-system-core-10.0.0+r36/base/chrono_utils.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/chrono_utils_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/cmsg_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/endian_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/errors_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/errors_windows.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/file_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/chrono_utils.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/cmsg.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/collections.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/endian.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/errors.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/file.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/macros.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/mapped_file.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/memory.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/off64_t.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/parsedouble.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/parseint.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/parsenetaddress.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/properties.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/quick_exit.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/scopeguard.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/stringprintf.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/strings.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/test_utils.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/thread_annotations.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/threads.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/unique_fd.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/utf8.h
Examining data/android-platform-system-core-10.0.0+r36/base/include/android-base/logging.h
Examining data/android-platform-system-core-10.0.0+r36/base/logging_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/macros_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/mapped_file.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/mapped_file_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/parsedouble_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/parseint_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/parsenetaddress.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/parsenetaddress_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/properties.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/properties_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/quick_exit.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/quick_exit_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/scopeguard_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/stringprintf.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/stringprintf_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/strings.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/strings_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/test_main.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/test_utils.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/test_utils_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/threads.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/utf8.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/utf8_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/errors_unix.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/logging.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/file.cpp
Examining data/android-platform-system-core-10.0.0+r36/base/cmsg.cpp
Examining data/android-platform-system-core-10.0.0+r36/bootstat/boot_event_record_store.cpp
Examining data/android-platform-system-core-10.0.0+r36/bootstat/boot_event_record_store.h
Examining data/android-platform-system-core-10.0.0+r36/bootstat/boot_event_record_store_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/bootstat/bootstat.cpp
Examining data/android-platform-system-core-10.0.0+r36/bootstat/testrunner.cpp
Examining data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/client/debuggerd_client.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/client/debuggerd_client_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/common/include/dump_type.h
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/crash_dump.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/crasher/crasher.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/debuggerd.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/debuggerd_benchmark.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/debuggerd_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_fallback.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_fallback_nop.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_handler.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/handler/fallback.h
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/include/debuggerd/client.h
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/include/debuggerd/handler.h
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/backtrace.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/include/libdebuggerd/backtrace.h
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/include/libdebuggerd/open_files_list.h
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/include/libdebuggerd/tombstone.h
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/include/libdebuggerd/types.h
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/include/libdebuggerd/utility.h
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/open_files_list.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/UnwinderMock.h
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/dump_memory_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/elf_fake.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/elf_fake.h
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/host_signal_fixup.h
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/log_fake.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/log_fake.h
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/open_files_list_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/sys/system_properties.h
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/tombstone_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/tombstone.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/utility.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/protocol.h
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/tombstoned/include/tombstoned/tombstoned.h
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/tombstoned/intercept_manager.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/tombstoned/intercept_manager.h
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/tombstoned/tombstoned.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/tombstoned/tombstoned_client.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/util.cpp
Examining data/android-platform-system-core-10.0.0+r36/debuggerd/util.h
Examining data/android-platform-system-core-10.0.0+r36/demangle/DemangleTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/demangle/Demangler.h
Examining data/android-platform-system-core-10.0.0+r36/demangle/demangle.cpp
Examining data/android-platform-system-core-10.0.0+r36/demangle/demangle_fuzzer.cpp
Examining data/android-platform-system-core-10.0.0+r36/demangle/include/demangle.h
Examining data/android-platform-system-core-10.0.0+r36/demangle/Demangler.cpp
Examining data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/adf.cpp
Examining data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/include/adf/adf.h
Examining data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/include/video/adf.h
Examining data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/original-kernel-headers/video/adf.h
Examining data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/tests/adf_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadfhwc/adfhwc.cpp
Examining data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadfhwc/include/adfhwc/adfhwc.h
Examining data/android-platform-system-core-10.0.0+r36/diagnose_usb/diagnose_usb.cpp
Examining data/android-platform-system-core-10.0.0+r36/diagnose_usb/include/diagnose_usb.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/bootimg_utils.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/bootimg_utils.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/constants.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/device/commands.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/device/commands.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/device/fastboot_device.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/device/fastboot_device.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/device/flashing.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/device/flashing.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/device/main.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/device/usb_client.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/device/usb_client.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/device/utility.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/device/utility.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/device/variables.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/device/variables.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/fastboot_driver.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/fastboot_driver.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/fastboot_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/fs.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/fs.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/extensions.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/extensions.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/fixtures.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/fixtures.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/main.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/test_listeners.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/test_utils.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/test_utils.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/usb_transport_sniffer.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/usb_transport_sniffer.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/main.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/socket.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/socket.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/socket_mock.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/socket_mock.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/socket_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/tcp.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/tcp.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/tcp_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/transport.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/udp.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/udp.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/udp_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/usb.h
Examining data/android-platform-system-core-10.0.0+r36/fastboot/usb_linux.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/usb_osx.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/usb_windows.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/util.cpp
Examining data/android-platform-system-core-10.0.0+r36/fastboot/util.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_boot_config.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_dm_linear.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_format.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_fstab.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_overlayfs.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_priv.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_priv_boot_config.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_remount.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_roots.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_slotselect.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_vendor_overlay.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/include/fs_mgr.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/include/fs_mgr/roots.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/include/fs_mgr_dm_linear.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/include/fs_mgr_overlayfs.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/include/fs_mgr_vendor_overlay.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/include_fstab/fstab/fstab.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/dm.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/dm_table.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/dm_target.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/dm_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/include/libdm/dm.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/include/libdm/dm_table.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/include/libdm/dm_target.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/include/libdm/loop_control.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/loop_control.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/loop_control_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/test_util.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/test_util.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/include/libfiemap_writer/fiemap_writer.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/include/libfiemap_writer/split_fiemap_writer.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/split_fiemap_writer.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/utility.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/utility.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/avb_ops.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/avb_ops.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/avb_util.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/avb_util.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/fs_avb.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/fs_avb_util.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/include/fs_avb/fs_avb.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/include/fs_avb/fs_avb_util.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/include/fs_avb/types.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/sha.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/tests/avb_util_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/tests/basic_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/tests/fs_avb_device_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/tests/fs_avb_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/tests/fs_avb_test_util.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/tests/fs_avb_test_util.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/tests/fs_avb_util_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/tests/util_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/types.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/util.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/util.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/images.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/images.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/include/liblp/builder.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/include/liblp/liblp.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/include/liblp/metadata_format.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/include/liblp/partition_opener.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/io_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/partition_opener.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/reader.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/reader.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/test_partition_opener.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/test_partition_opener.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/utility.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/utility.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/utility_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/writer.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/writer.h
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/tests/fs_mgr_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/fs_mgr/tools/dmctl.cpp
Examining data/android-platform-system-core-10.0.0+r36/gatekeeperd/IGateKeeperService.cpp
Examining data/android-platform-system-core-10.0.0+r36/gatekeeperd/IGateKeeperService.h
Examining data/android-platform-system-core-10.0.0+r36/gatekeeperd/SoftGateKeeper.h
Examining data/android-platform-system-core-10.0.0+r36/gatekeeperd/SoftGateKeeperDevice.cpp
Examining data/android-platform-system-core-10.0.0+r36/gatekeeperd/SoftGateKeeperDevice.h
Examining data/android-platform-system-core-10.0.0+r36/gatekeeperd/gatekeeperd.cpp
Examining data/android-platform-system-core-10.0.0+r36/gatekeeperd/tests/gatekeeper_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/healthd/AnimationParser.cpp
Examining data/android-platform-system-core-10.0.0+r36/healthd/AnimationParser.h
Examining data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp
Examining data/android-platform-system-core-10.0.0+r36/healthd/HealthServiceDefault.cpp
Examining data/android-platform-system-core-10.0.0+r36/healthd/HealthServiceHealthd.cpp
Examining data/android-platform-system-core-10.0.0+r36/healthd/animation.h
Examining data/android-platform-system-core-10.0.0+r36/healthd/charger.cpp
Examining data/android-platform-system-core-10.0.0+r36/healthd/charger_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/healthd/healthd_draw.cpp
Examining data/android-platform-system-core-10.0.0+r36/healthd/healthd_draw.h
Examining data/android-platform-system-core-10.0.0+r36/healthd/healthd_mode_charger.cpp
Examining data/android-platform-system-core-10.0.0+r36/healthd/healthd_mode_charger.h
Examining data/android-platform-system-core-10.0.0+r36/healthd/healthd_mode_charger_nops.cpp
Examining data/android-platform-system-core-10.0.0+r36/healthd/healthd_mode_charger_nops.h
Examining data/android-platform-system-core-10.0.0+r36/healthd/include/healthd/BatteryMonitor.h
Examining data/android-platform-system-core-10.0.0+r36/healthd/include/healthd/healthd.h
Examining data/android-platform-system-core-10.0.0+r36/healthd/tests/AnimationParser_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/include/private/fs_config.h
Examining data/android-platform-system-core-10.0.0+r36/init/action.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/action.h
Examining data/android-platform-system-core-10.0.0+r36/init/action_manager.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/action_manager.h
Examining data/android-platform-system-core-10.0.0+r36/init/action_parser.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/action_parser.h
Examining data/android-platform-system-core-10.0.0+r36/init/bootchart.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/bootchart.h
Examining data/android-platform-system-core-10.0.0+r36/init/boringssl_self_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/boringssl_self_test.h
Examining data/android-platform-system-core-10.0.0+r36/init/builtin_arguments.h
Examining data/android-platform-system-core-10.0.0+r36/init/builtins.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/builtins.h
Examining data/android-platform-system-core-10.0.0+r36/init/capabilities.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/capabilities.h
Examining data/android-platform-system-core-10.0.0+r36/init/debug_ramdisk.h
Examining data/android-platform-system-core-10.0.0+r36/init/descriptors.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/descriptors.h
Examining data/android-platform-system-core-10.0.0+r36/init/devices.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/devices.h
Examining data/android-platform-system-core-10.0.0+r36/init/devices_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/epoll.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/epoll.h
Examining data/android-platform-system-core-10.0.0+r36/init/firmware_handler.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/firmware_handler.h
Examining data/android-platform-system-core-10.0.0+r36/init/first_stage_init.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/first_stage_init.h
Examining data/android-platform-system-core-10.0.0+r36/init/first_stage_main.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/first_stage_mount.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/first_stage_mount.h
Examining data/android-platform-system-core-10.0.0+r36/init/host_import_parser.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/host_import_parser.h
Examining data/android-platform-system-core-10.0.0+r36/init/host_init_stubs.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/host_init_stubs.h
Examining data/android-platform-system-core-10.0.0+r36/init/host_init_verifier.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/import_parser.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/import_parser.h
Examining data/android-platform-system-core-10.0.0+r36/init/init.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/init.h
Examining data/android-platform-system-core-10.0.0+r36/init/init_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/keychords.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/keychords.h
Examining data/android-platform-system-core-10.0.0+r36/init/keychords_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/keyword_map.h
Examining data/android-platform-system-core-10.0.0+r36/init/main.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/modalias_handler.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/modalias_handler.h
Examining data/android-platform-system-core-10.0.0+r36/init/mount_handler.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/mount_handler.h
Examining data/android-platform-system-core-10.0.0+r36/init/mount_namespace.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/mount_namespace.h
Examining data/android-platform-system-core-10.0.0+r36/init/parser.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/parser.h
Examining data/android-platform-system-core-10.0.0+r36/init/parser/tokenizer.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/parser/tokenizer.h
Examining data/android-platform-system-core-10.0.0+r36/init/parser/tokenizer_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/persistent_properties.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/persistent_properties.h
Examining data/android-platform-system-core-10.0.0+r36/init/persistent_properties_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/property_service.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/property_service.h
Examining data/android-platform-system-core-10.0.0+r36/init/property_service_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/property_type.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/property_type.h
Examining data/android-platform-system-core-10.0.0+r36/init/property_type_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/reboot.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/reboot.h
Examining data/android-platform-system-core-10.0.0+r36/init/reboot_utils.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/reboot_utils.h
Examining data/android-platform-system-core-10.0.0+r36/init/result.h
Examining data/android-platform-system-core-10.0.0+r36/init/result_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/rlimit_parser.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/rlimit_parser.h
Examining data/android-platform-system-core-10.0.0+r36/init/rlimit_parser_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/security.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/security.h
Examining data/android-platform-system-core-10.0.0+r36/init/selinux.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/selinux.h
Examining data/android-platform-system-core-10.0.0+r36/init/service.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/service.h
Examining data/android-platform-system-core-10.0.0+r36/init/service_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/sigchld_handler.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/sigchld_handler.h
Examining data/android-platform-system-core-10.0.0+r36/init/subcontext.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/subcontext.h
Examining data/android-platform-system-core-10.0.0+r36/init/subcontext_benchmark.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/subcontext_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/switch_root.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/switch_root.h
Examining data/android-platform-system-core-10.0.0+r36/init/test_function_map.h
Examining data/android-platform-system-core-10.0.0+r36/init/test_service/test_service.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/tokenizer.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/tokenizer.h
Examining data/android-platform-system-core-10.0.0+r36/init/tokenizer_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/uevent.h
Examining data/android-platform-system-core-10.0.0+r36/init/uevent_handler.h
Examining data/android-platform-system-core-10.0.0+r36/init/uevent_listener.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/uevent_listener.h
Examining data/android-platform-system-core-10.0.0+r36/init/ueventd.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/ueventd.h
Examining data/android-platform-system-core-10.0.0+r36/init/ueventd_parser.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/ueventd_parser.h
Examining data/android-platform-system-core-10.0.0+r36/init/ueventd_parser_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/ueventd_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/util.cpp
Examining data/android-platform-system-core-10.0.0+r36/init/util.h
Examining data/android-platform-system-core-10.0.0+r36/init/util_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libappfuse/EpollController.cc
Examining data/android-platform-system-core-10.0.0+r36/libappfuse/FuseAppLoop.cc
Examining data/android-platform-system-core-10.0.0+r36/libappfuse/FuseBridgeLoop.cc
Examining data/android-platform-system-core-10.0.0+r36/libappfuse/FuseBuffer.cc
Examining data/android-platform-system-core-10.0.0+r36/libappfuse/include/libappfuse/EpollController.h
Examining data/android-platform-system-core-10.0.0+r36/libappfuse/include/libappfuse/FuseAppLoop.h
Examining data/android-platform-system-core-10.0.0+r36/libappfuse/include/libappfuse/FuseBridgeLoop.h
Examining data/android-platform-system-core-10.0.0+r36/libappfuse/include/libappfuse/FuseBuffer.h
Examining data/android-platform-system-core-10.0.0+r36/libappfuse/tests/FuseAppLoopTest.cc
Examining data/android-platform-system-core-10.0.0+r36/libappfuse/tests/FuseBridgeLoopTest.cc
Examining data/android-platform-system-core-10.0.0+r36/libappfuse/tests/FuseBufferTest.cc
Examining data/android-platform-system-core-10.0.0+r36/libasyncio/AsyncIO.cpp
Examining data/android-platform-system-core-10.0.0+r36/libasyncio/include/asyncio/AsyncIO.h
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/Backtrace.cpp
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/BacktraceAsyncSafeLog.h
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/BacktraceCurrent.cpp
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/BacktraceCurrent.h
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/BacktraceLog.h
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/BacktracePtrace.cpp
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/BacktracePtrace.h
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/BacktraceTest.h
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/ThreadEntry.cpp
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/ThreadEntry.h
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/UnwindMap.cpp
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/UnwindMap.h
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/UnwindStack.cpp
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/UnwindStack.h
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/UnwindStackMap.h
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_benchmarks.cpp
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_offline_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_read_benchmarks.cpp
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_testlib.cpp
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_testlib.h
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/include/backtrace/Backtrace.h
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/include/backtrace/BacktraceMap.h
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/include/backtrace/backtrace_constants.h
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/BacktraceMap.cpp
Examining data/android-platform-system-core-10.0.0+r36/libbacktrace/UnwindStackMap.cpp
Examining data/android-platform-system-core-10.0.0+r36/libbinderwrapper/binder_test_base.cc
Examining data/android-platform-system-core-10.0.0+r36/libbinderwrapper/binder_wrapper.cc
Examining data/android-platform-system-core-10.0.0+r36/libbinderwrapper/include/binderwrapper/binder_test_base.h
Examining data/android-platform-system-core-10.0.0+r36/libbinderwrapper/include/binderwrapper/binder_wrapper.h
Examining data/android-platform-system-core-10.0.0+r36/libbinderwrapper/include/binderwrapper/stub_binder_wrapper.h
Examining data/android-platform-system-core-10.0.0+r36/libbinderwrapper/real_binder_wrapper.cc
Examining data/android-platform-system-core-10.0.0+r36/libbinderwrapper/real_binder_wrapper.h
Examining data/android-platform-system-core-10.0.0+r36/libbinderwrapper/stub_binder_wrapper.cc
Examining data/android-platform-system-core-10.0.0+r36/libcrypto_utils/android_pubkey.c
Examining data/android-platform-system-core-10.0.0+r36/libcrypto_utils/include/crypto_utils/android_pubkey.h
Examining data/android-platform-system-core-10.0.0+r36/libcrypto_utils/tests/android_pubkey_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/android_get_control_env.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/android_get_control_file.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/android_get_control_file_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/android_get_control_socket_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/android_reboot.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/arch-mips/android_memset.c
Examining data/android-platform-system-core-10.0.0+r36/libcutils/arch-x86/cache.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/arch-x86_64/cache.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/ashmem-dev.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/ashmem-host.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/ashmem_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/canned_fs_config.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/config_utils.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/fs.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/fs_config.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/fs_config_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/hashmap.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/android_get_control_file.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/android_reboot.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/ashmem.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/bitops.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/compiler.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/config_utils.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/fs.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/hashmap.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/iosched_policy.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/klog.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/list.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/log.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/memory.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/misc.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/multiuser.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/native_handle.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/partition_utils.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/properties.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/qtaguid.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/record_stream.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/sched_policy.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/sockets.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/str_parms.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/uevent.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/jstring.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/trace.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/atomic.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/threads.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/private/android_filesystem_capability.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/private/android_filesystem_config.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/private/canned_fs_config.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include/private/fs_config.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/include_vndk/cutils/log.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/iosched_policy.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/klog.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/load_file.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/memset_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/multiuser.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/multiuser_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/native_handle.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/partition_utils.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/properties.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/properties_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/qtaguid.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/record_stream.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/sched_policy_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/socket_inaddr_any_server_unix.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/socket_inaddr_any_server_windows.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/socket_local_client_unix.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/socket_local_server_unix.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/socket_local_unix.h
Examining data/android-platform-system-core-10.0.0+r36/libcutils/socket_network_client_unix.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/socket_network_client_windows.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/sockets.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/sockets_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/sockets_unix.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/sockets_windows.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/str_parms.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/str_parms_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/strdup16to8.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/strdup8to16.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/strlcpy.c
Examining data/android-platform-system-core-10.0.0+r36/libcutils/trace-container.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/trace-dev.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/trace-dev_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/trace-host.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/uevent.cpp
Examining data/android-platform-system-core-10.0.0+r36/libcutils/threads.cpp
Examining data/android-platform-system-core-10.0.0+r36/libdiskconfig/config_mbr.c
Examining data/android-platform-system-core-10.0.0+r36/libdiskconfig/diskconfig.c
Examining data/android-platform-system-core-10.0.0+r36/libdiskconfig/diskutils.c
Examining data/android-platform-system-core-10.0.0+r36/libdiskconfig/dump_diskconfig.c
Examining data/android-platform-system-core-10.0.0+r36/libdiskconfig/include/diskconfig/diskconfig.h
Examining data/android-platform-system-core-10.0.0+r36/libdiskconfig/write_lst.c
Examining data/android-platform-system-core-10.0.0+r36/libgrallocusage/GrallocUsageConversion.cpp
Examining data/android-platform-system-core-10.0.0+r36/libgrallocusage/include/grallocusage/GrallocUsageConversion.h
Examining data/android-platform-system-core-10.0.0+r36/libion/include/ion/ion.h
Examining data/android-platform-system-core-10.0.0+r36/libion/ion.c
Examining data/android-platform-system-core-10.0.0+r36/libion/ion_4.12.h
Examining data/android-platform-system-core-10.0.0+r36/libion/ion_test.c
Examining data/android-platform-system-core-10.0.0+r36/libion/kernel-headers/linux/ion.h
Examining data/android-platform-system-core-10.0.0+r36/libion/kernel-headers/linux/ion_test.h
Examining data/android-platform-system-core-10.0.0+r36/libion/original-kernel-headers/linux/ion.h
Examining data/android-platform-system-core-10.0.0+r36/libion/original-kernel-headers/linux/ion_test.h
Examining data/android-platform-system-core-10.0.0+r36/libion/tests/allocate_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libion/tests/exit_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libion/tests/formerly_valid_handle_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libion/tests/invalid_values_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libion/tests/ion_test_fixture.cpp
Examining data/android-platform-system-core-10.0.0+r36/libion/tests/ion_test_fixture.h
Examining data/android-platform-system-core-10.0.0+r36/libion/tests/map_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libkeyutils/include/keyutils.h
Examining data/android-platform-system-core-10.0.0+r36/libkeyutils/keyutils.cpp
Examining data/android-platform-system-core-10.0.0+r36/libkeyutils/keyutils_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libkeyutils/mini_keyctl.cpp
Examining data/android-platform-system-core-10.0.0+r36/libkeyutils/mini_keyctl_utils.cpp
Examining data/android-platform-system-core-10.0.0+r36/libkeyutils/mini_keyctl_utils.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/config_read.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/config_read.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/config_write.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/config_write.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/event_tag_map.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/include/android/log.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/include/log/event_tag_map.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/include/log/log.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/include/log/log_event_list.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/include/log/log_id.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/include/log/log_main.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/include/log/log_properties.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/include/log/log_radio.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/include/log/log_read.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/include/log/log_safetynet.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/include/log/log_system.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/include/log/log_time.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/include/log/log_transport.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/include/log/logprint.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/include/private/android_logger.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/include_vndk/log/log.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/include_vndk/log/log_event_list.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/include_vndk/log/log_time.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/log_event_list.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/log_event_write.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/log_portability.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/log_time.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/logd_reader.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/logd_reader.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/logd_writer.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/logger_lock.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/logger_name.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/logger_read.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/pmsg_reader.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/pmsg_writer.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/properties.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/tests/libc_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test_default.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test_stderr.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/tests/log_id_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/tests/log_radio_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/tests/log_read_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/tests/log_system_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/tests/log_time_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/tests/log_wrap_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/uio.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/logger.h
Examining data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/fake_writer.cpp
Examining data/android-platform-system-core-10.0.0+r36/liblog/stderr_write.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmeminfo/include/meminfo/meminfo.h
Examining data/android-platform-system-core-10.0.0+r36/libmeminfo/include/meminfo/pageacct.h
Examining data/android-platform-system-core-10.0.0+r36/libmeminfo/include/meminfo/procmeminfo.h
Examining data/android-platform-system-core-10.0.0+r36/libmeminfo/include/meminfo/sysmeminfo.h
Examining data/android-platform-system-core-10.0.0+r36/libmeminfo/libdmabufinfo/dmabufinfo.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmeminfo/libdmabufinfo/dmabufinfo_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmeminfo/libdmabufinfo/include/dmabufinfo/dmabufinfo.h
Examining data/android-platform-system-core-10.0.0+r36/libmeminfo/libdmabufinfo/tools/dmabuf_dump.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmeminfo/libmeminfo_benchmark.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmeminfo/libmeminfo_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmeminfo/meminfo_private.h
Examining data/android-platform-system-core-10.0.0+r36/libmeminfo/pageacct.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmeminfo/procmeminfo.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmeminfo/sysmeminfo.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmeminfo/tools/librank.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmeminfo/tools/procmem.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmeminfo/tools/procrank.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmeminfo/tools/showmap.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmeminfo/tools/wsstop.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmeminfo/vts/vts_meminfo_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmemtrack/include/memtrack/memtrack.h
Examining data/android-platform-system-core-10.0.0+r36/libmemtrack/memtrack.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmemtrack/memtrack_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/Allocator.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/Allocator.h
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/Binder.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/Binder.h
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/HeapWalker.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/HeapWalker.h
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/Leak.h
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/LeakFolding.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/LeakFolding.h
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/LeakPipe.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/LeakPipe.h
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/LinkedList.h
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/MemUnreachable.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/ProcessMappings.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/ProcessMappings.h
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/PtracerThread.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/PtracerThread.h
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/ScopedAlarm.h
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/ScopedDisableMalloc.h
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/ScopedPipe.h
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/ScopedSignalHandler.h
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/Semaphore.h
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/Tarjan.h
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/ThreadCapture.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/ThreadCapture.h
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/bionic.h
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/include/memunreachable/memunreachable.h
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/log.h
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/tests/Allocator_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/tests/Binder_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/tests/DisableMalloc_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/tests/HeapWalker_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/tests/HostMallocStub.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/tests/LeakFolding_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/tests/MemUnreachable_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmemunreachable/tests/ThreadCapture_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmetricslogger/include/metricslogger/metrics_logger.h
Examining data/android-platform-system-core-10.0.0+r36/libmetricslogger/metrics_logger.cpp
Examining data/android-platform-system-core-10.0.0+r36/libmetricslogger/metrics_logger_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/include/nativebridge/native_bridge.h
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/native_bridge.cc
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/native_bridge_lazy.cc
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/CodeCacheCreate_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/CodeCacheExists_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/CodeCacheStatFail_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/CompleteFlow_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/DummyNativeBridge.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/DummyNativeBridge2.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/DummyNativeBridge3.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/InvalidCharsNativeBridge_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/NativeBridge2Signal_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/NativeBridge3CreateNamespace_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/NativeBridge3GetError_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/NativeBridge3InitAnonymousNamespace_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/NativeBridge3IsPathSupported_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/NativeBridge3LoadLibraryExt_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/NativeBridge3UnloadLibrary_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/NativeBridgeApi.c
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/NativeBridgeTest.h
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/NativeBridgeVersion_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/NeedsNativeBridge_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/PreInitializeNativeBridgeFail1_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/PreInitializeNativeBridgeFail2_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/PreInitializeNativeBridge_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/ReSetupNativeBridge_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/UnavailableNativeBridge_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/ValidNameNativeBridge_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativeloader/include/nativeloader/dlext_namespaces.h
Examining data/android-platform-system-core-10.0.0+r36/libnativeloader/include/nativeloader/native_loader.h
Examining data/android-platform-system-core-10.0.0+r36/libnativeloader/native_loader.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativeloader/native_loader_lazy.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnativeloader/test/api_test.c
Examining data/android-platform-system-core-10.0.0+r36/libnativeloader/test/test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libnetutils/checksum.c
Examining data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpclient.c
Examining data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpmsg.c
Examining data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpmsg.h
Examining data/android-platform-system-core-10.0.0+r36/libnetutils/dhcptool.c
Examining data/android-platform-system-core-10.0.0+r36/libnetutils/ifc_utils.c
Examining data/android-platform-system-core-10.0.0+r36/libnetutils/include/netutils/checksum.h
Examining data/android-platform-system-core-10.0.0+r36/libnetutils/include/netutils/ifc.h
Examining data/android-platform-system-core-10.0.0+r36/libnetutils/packet.c
Examining data/android-platform-system-core-10.0.0+r36/libnetutils/packet.h
Examining data/android-platform-system-core-10.0.0+r36/libpackagelistparser/include/packagelistparser/packagelistparser.h
Examining data/android-platform-system-core-10.0.0+r36/libpackagelistparser/packagelistparser.c
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/buffer.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/buffer.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/clear.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/clear.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/ARMAssembler.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/ARMAssembler.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/ARMAssemblerInterface.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/ARMAssemblerInterface.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/ARMAssemblerProxy.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/ARMAssemblerProxy.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Assembler.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Assembler.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/CodeCache.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/CodeCache.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/GGLAssembler.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/GGLAssembler.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/MIPS64Assembler.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/MIPS64Assembler.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/MIPSAssembler.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/MIPSAssembler.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/armreg.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/blending.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/disassem.c
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/disassem.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/load_store.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips64_disassem.c
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips64_disassem.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips_disassem.c
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips_disassem.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips_opcode.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/texturing.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/tinyutils/smartpointer.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/fixed.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/format.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/include/pixelflinger/format.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/include/pixelflinger/pixelflinger.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/include/private/pixelflinger/ggl_context.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/include/private/pixelflinger/ggl_fixed.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/picker.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/picker.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/pixelflinger.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/raster.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/raster.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/scanline.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/scanline.h
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-arm64/assembler/arm64_assembler_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-arm64/col32cb16blend/col32cb16blend_test.c
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-arm64/disassembler/arm64_diassembler_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-arm64/t32cb16blend/t32cb16blend_test.c
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-mips/col32cb16blend/col32cb16blend_test.c
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-mips/t32cb16blend/t32cb16blend_test.c
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-mips64/assembler/mips64_assembler_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-mips64/col32cb16blend/col32cb16blend_test.c
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-mips64/disassembler/mips64_disassembler_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/codegen/codegen.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/gglmul/gglmul_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/trap.cpp
Examining data/android-platform-system-core-10.0.0+r36/libpixelflinger/trap.h
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/cgroup_map.cpp
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/cgroup_map.h
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/cgrouprc/cgroup_controller.cpp
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/cgrouprc/cgroup_file.cpp
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/cgrouprc/cgrouprc_internal.h
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/cgrouprc/include/android/cgrouprc.h
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/cgrouprc_format/cgroup_controller.cpp
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/cgrouprc_format/include/processgroup/format/cgroup_controller.h
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/cgrouprc_format/include/processgroup/format/cgroup_file.h
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/include/processgroup/processgroup.h
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/include/processgroup/sched_policy.h
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/processgroup.cpp
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/profiles/cgroups_test.h
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/profiles/task_profiles_test.h
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/profiles/test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/profiles/test_vendor.cpp
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/sched_policy.cpp
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/setup/cgroup_descriptor.h
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/setup/cgroup_map_write.cpp
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/setup/include/processgroup/setup.h
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/task_profiles.cpp
Examining data/android-platform-system-core-10.0.0+r36/libprocessgroup/task_profiles.h
Examining data/android-platform-system-core-10.0.0+r36/libprocinfo/include/procinfo/process.h
Examining data/android-platform-system-core-10.0.0+r36/libprocinfo/include/procinfo/process_map.h
Examining data/android-platform-system-core-10.0.0+r36/libprocinfo/process.cpp
Examining data/android-platform-system-core-10.0.0+r36/libprocinfo/process_map_benchmark.cpp
Examining data/android-platform-system-core-10.0.0+r36/libprocinfo/process_map_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libprocinfo/process_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libqtaguid/include/qtaguid/qtaguid.h
Examining data/android-platform-system-core-10.0.0+r36/libqtaguid/qtaguid.c
Examining data/android-platform-system-core-10.0.0+r36/libsparse/append2simg.cpp
Examining data/android-platform-system-core-10.0.0+r36/libsparse/backed_block.cpp
Examining data/android-platform-system-core-10.0.0+r36/libsparse/backed_block.h
Examining data/android-platform-system-core-10.0.0+r36/libsparse/defs.h
Examining data/android-platform-system-core-10.0.0+r36/libsparse/img2simg.cpp
Examining data/android-platform-system-core-10.0.0+r36/libsparse/include/sparse/sparse.h
Examining data/android-platform-system-core-10.0.0+r36/libsparse/output_file.cpp
Examining data/android-platform-system-core-10.0.0+r36/libsparse/output_file.h
Examining data/android-platform-system-core-10.0.0+r36/libsparse/simg2img.cpp
Examining data/android-platform-system-core-10.0.0+r36/libsparse/simg2simg.cpp
Examining data/android-platform-system-core-10.0.0+r36/libsparse/sparse.cpp
Examining data/android-platform-system-core-10.0.0+r36/libsparse/sparse_crc32.cpp
Examining data/android-platform-system-core-10.0.0+r36/libsparse/sparse_crc32.h
Examining data/android-platform-system-core-10.0.0+r36/libsparse/sparse_defs.h
Examining data/android-platform-system-core-10.0.0+r36/libsparse/sparse_err.cpp
Examining data/android-platform-system-core-10.0.0+r36/libsparse/sparse_file.h
Examining data/android-platform-system-core-10.0.0+r36/libsparse/sparse_format.h
Examining data/android-platform-system-core-10.0.0+r36/libsparse/sparse_read.cpp
Examining data/android-platform-system-core-10.0.0+r36/libstats/include/stats_event_list.h
Examining data/android-platform-system-core-10.0.0+r36/libstats/stats_event_list.c
Examining data/android-platform-system-core-10.0.0+r36/libstats/statsd_writer.c
Examining data/android-platform-system-core-10.0.0+r36/libstats/statsd_writer.h
Examining data/android-platform-system-core-10.0.0+r36/libsuspend/autosuspend.c
Examining data/android-platform-system-core-10.0.0+r36/libsuspend/autosuspend_ops.h
Examining data/android-platform-system-core-10.0.0+r36/libsuspend/autosuspend_wakeup_count.cpp
Examining data/android-platform-system-core-10.0.0+r36/libsuspend/include/suspend/autosuspend.h
Examining data/android-platform-system-core-10.0.0+r36/libsync/include/android/sync.h
Examining data/android-platform-system-core-10.0.0+r36/libsync/include/ndk/sync.h
Examining data/android-platform-system-core-10.0.0+r36/libsync/sw_sync.h
Examining data/android-platform-system-core-10.0.0+r36/libsync/sync.c
Examining data/android-platform-system-core-10.0.0+r36/libsync/tests/sync_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libsystem/include/system/camera.h
Examining data/android-platform-system-core-10.0.0+r36/libsystem/include/system/graphics-base-v1.0.h
Examining data/android-platform-system-core-10.0.0+r36/libsystem/include/system/graphics-base-v1.1.h
Examining data/android-platform-system-core-10.0.0+r36/libsystem/include/system/graphics-base-v1.2.h
Examining data/android-platform-system-core-10.0.0+r36/libsystem/include/system/graphics-base.h
Examining data/android-platform-system-core-10.0.0+r36/libsystem/include/system/graphics-sw.h
Examining data/android-platform-system-core-10.0.0+r36/libsystem/include/system/graphics.h
Examining data/android-platform-system-core-10.0.0+r36/libsystem/include/system/radio.h
Examining data/android-platform-system-core-10.0.0+r36/libsystem/include/system/thread_defs.h
Examining data/android-platform-system-core-10.0.0+r36/libsysutils/include/sysutils/FrameworkCommand.h
Examining data/android-platform-system-core-10.0.0+r36/libsysutils/include/sysutils/FrameworkListener.h
Examining data/android-platform-system-core-10.0.0+r36/libsysutils/include/sysutils/NetlinkEvent.h
Examining data/android-platform-system-core-10.0.0+r36/libsysutils/include/sysutils/NetlinkListener.h
Examining data/android-platform-system-core-10.0.0+r36/libsysutils/include/sysutils/ServiceManager.h
Examining data/android-platform-system-core-10.0.0+r36/libsysutils/include/sysutils/SocketClient.h
Examining data/android-platform-system-core-10.0.0+r36/libsysutils/include/sysutils/SocketClientCommand.h
Examining data/android-platform-system-core-10.0.0+r36/libsysutils/include/sysutils/SocketListener.h
Examining data/android-platform-system-core-10.0.0+r36/libsysutils/src/FrameworkCommand.cpp
Examining data/android-platform-system-core-10.0.0+r36/libsysutils/src/FrameworkListener.cpp
Examining data/android-platform-system-core-10.0.0+r36/libsysutils/src/NetlinkEvent.cpp
Examining data/android-platform-system-core-10.0.0+r36/libsysutils/src/NetlinkListener.cpp
Examining data/android-platform-system-core-10.0.0+r36/libsysutils/src/ServiceManager.cpp
Examining data/android-platform-system-core-10.0.0+r36/libsysutils/src/SocketClient.cpp
Examining data/android-platform-system-core-10.0.0+r36/libsysutils/src/SocketListener.cpp
Examining data/android-platform-system-core-10.0.0+r36/libsysutils/src/SocketListener_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/ArmExidx.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/ArmExidx.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/Check.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/DexFile.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/DexFile.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/DexFiles.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/DwarfCfa.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/DwarfCfa.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/DwarfDebugFrame.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/DwarfEhFrame.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/DwarfEhFrameWithHdr.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/DwarfEhFrameWithHdr.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/DwarfEncoding.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/DwarfMemory.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/DwarfOp.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/DwarfOp.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/DwarfSection.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/Elf.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/ElfInterface.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/ElfInterfaceArm.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/ElfInterfaceArm.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/Global.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/JitDebug.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/LocalUnwinder.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/Log.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/MapInfo.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/Maps.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/Memory.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/Regs.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/RegsArm.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/RegsArm64.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/RegsInfo.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/RegsMips.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/RegsMips64.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/RegsX86.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/RegsX86_64.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/Symbols.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/Symbols.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/Unwinder.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/benchmarks/unwind_benchmarks.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/DexFiles.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/DwarfError.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/DwarfLocation.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/DwarfMemory.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/DwarfSection.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/DwarfStructs.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/Elf.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/ElfInterface.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/Error.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/Global.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/JitDebug.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/LocalUnwinder.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/Log.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/MachineArm.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/MachineArm64.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/MachineMips.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/MachineMips64.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/MachineX86.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/MachineX86_64.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/MapInfo.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/Maps.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/Memory.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/Regs.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/RegsArm.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/RegsArm64.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/RegsGetLocal.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/RegsMips.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/RegsMips64.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/RegsX86.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/RegsX86_64.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/UcontextArm.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/UcontextArm64.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/UcontextMips.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/UcontextMips64.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/UcontextX86.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/UcontextX86_64.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/Unwinder.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/UserArm.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/UserArm64.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/UserMips.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/UserMips64.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/UserX86.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/UserX86_64.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ArmExidxDecodeTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ArmExidxExtractTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/DexFileData.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/DexFileTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/DexFilesTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/DwarfCfaLogTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/DwarfCfaTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/DwarfDebugFrameTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/DwarfEhFrameTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/DwarfEhFrameWithHdrTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/DwarfMemoryTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/DwarfOpLogTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/DwarfOpTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/DwarfSectionImplTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/DwarfSectionTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfCacheTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfFake.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfFake.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceArmTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfTestUtils.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfTestUtils.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/GenGnuDebugdata.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/JitDebugTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/LocalUnwinderTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/LogFake.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/LogFake.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MapInfoCreateMemoryTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MapInfoGetBuildIDTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MapInfoGetElfTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MapInfoGetLoadBiasTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MapInfoTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MapsTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MemoryBufferTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MemoryCacheTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MemoryFake.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MemoryFake.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MemoryFileTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MemoryLocalTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MemoryOfflineBufferTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MemoryOfflineTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MemoryRangeTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MemoryRangesTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MemoryRemoteTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MemoryTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/RegsFake.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/RegsInfoTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/RegsIterateTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/RegsStepIfSignalHandlerTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/RegsTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/SymbolsTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/TestLocal.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/TestUtils.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/TestUtils.h
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/UnwindOfflineTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/UnwindTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/UnwinderTest.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind_for_offline.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind_info.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind_reg_info.cpp
Examining data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind_symbols.cpp
Examining data/android-platform-system-core-10.0.0+r36/libusbhost/include/usbhost/usbhost.h
Examining data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c
Examining data/android-platform-system-core-10.0.0+r36/libutils/BitSet_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/CallStack.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/FileMap.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/FileMap_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/JenkinsHash.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/Looper.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/Looper_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/LruCache_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/Mutex_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/NativeHandle.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/Printer.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/ProcessCallStack.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/PropertyMap.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/RefBase.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/RefBase_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/SharedBuffer.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/SharedBuffer.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/SharedBuffer_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/Singleton_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/Singleton_test.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/Singleton_test1.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/Singleton_test2.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/StopWatch.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/String16.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/String8.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/String8_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/StrongPointer.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/StrongPointer_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/SystemClock.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/SystemClock_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/Threads.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/Timers.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/Tokenizer.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/Trace.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/Unicode.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/Unicode_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/VectorImpl.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/Vector_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/AndroidThreads.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Atomic.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/BitSet.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/ByteOrder.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/CallStack.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Compat.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Condition.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Debug.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Endian.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Errors.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/FastStrcmp.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/FileMap.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Flattenable.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Functor.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/JenkinsHash.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/KeyedVector.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/LightRefBase.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/List.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Log.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Looper.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/LruCache.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Mutex.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/NativeHandle.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Printer.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/ProcessCallStack.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/PropertyMap.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/RWLock.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/RefBase.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Singleton.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/SortedVector.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/StopWatch.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/String16.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/String8.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/StrongPointer.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/SystemClock.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Thread.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/ThreadDefs.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Timers.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Tokenizer.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Trace.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/TypeHelpers.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Unicode.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/VectorImpl.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/misc.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/threads.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Vector.h
Examining data/android-platform-system-core-10.0.0+r36/libutils/misc.cpp
Examining data/android-platform-system-core-10.0.0+r36/libvndksupport/include/vndksupport/linker.h
Examining data/android-platform-system-core-10.0.0+r36/libvndksupport/linker.c
Examining data/android-platform-system-core-10.0.0+r36/libvndksupport/tests/linker_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/libziparchive/entry_name_utils-inl.h
Examining data/android-platform-system-core-10.0.0+r36/libziparchive/entry_name_utils_test.cc
Examining data/android-platform-system-core-10.0.0+r36/libziparchive/include/ziparchive/zip_archive.h
Examining data/android-platform-system-core-10.0.0+r36/libziparchive/include/ziparchive/zip_archive_stream_entry.h
Examining data/android-platform-system-core-10.0.0+r36/libziparchive/include/ziparchive/zip_writer.h
Examining data/android-platform-system-core-10.0.0+r36/libziparchive/unzip.cpp
Examining data/android-platform-system-core-10.0.0+r36/libziparchive/zip_archive.cc
Examining data/android-platform-system-core-10.0.0+r36/libziparchive/zip_archive_benchmark.cpp
Examining data/android-platform-system-core-10.0.0+r36/libziparchive/zip_archive_common.h
Examining data/android-platform-system-core-10.0.0+r36/libziparchive/zip_archive_private.h
Examining data/android-platform-system-core-10.0.0+r36/libziparchive/zip_archive_stream_entry.cc
Examining data/android-platform-system-core-10.0.0+r36/libziparchive/zip_archive_test.cc
Examining data/android-platform-system-core-10.0.0+r36/libziparchive/zip_writer.cc
Examining data/android-platform-system-core-10.0.0+r36/libziparchive/zip_writer_test.cc
Examining data/android-platform-system-core-10.0.0+r36/llkd/include/llkd.h
Examining data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp
Examining data/android-platform-system-core-10.0.0+r36/llkd/llkd.cpp
Examining data/android-platform-system-core-10.0.0+r36/llkd/tests/llkd_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/lmkd/include/liblmkd_utils.h
Examining data/android-platform-system-core-10.0.0+r36/lmkd/include/lmkd.h
Examining data/android-platform-system-core-10.0.0+r36/lmkd/liblmkd_utils.c
Examining data/android-platform-system-core-10.0.0+r36/lmkd/libpsi/include/psi/psi.h
Examining data/android-platform-system-core-10.0.0+r36/lmkd/libpsi/psi.c
Examining data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c
Examining data/android-platform-system-core-10.0.0+r36/lmkd/statslog.c
Examining data/android-platform-system-core-10.0.0+r36/lmkd/statslog.h
Examining data/android-platform-system-core-10.0.0+r36/lmkd/tests/lmkd_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp
Examining data/android-platform-system-core-10.0.0+r36/logcat/logcat.h
Examining data/android-platform-system-core-10.0.0+r36/logcat/logcat_main.cpp
Examining data/android-platform-system-core-10.0.0+r36/logcat/logcatd_main.cpp
Examining data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_benchmark.cpp
Examining data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/logcat/tests/logcatd_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/logd/CommandListener.cpp
Examining data/android-platform-system-core-10.0.0+r36/logd/CommandListener.h
Examining data/android-platform-system-core-10.0.0+r36/logd/FlushCommand.cpp
Examining data/android-platform-system-core-10.0.0+r36/logd/FlushCommand.h
Examining data/android-platform-system-core-10.0.0+r36/logd/LogAudit.cpp
Examining data/android-platform-system-core-10.0.0+r36/logd/LogAudit.h
Examining data/android-platform-system-core-10.0.0+r36/logd/LogBuffer.cpp
Examining data/android-platform-system-core-10.0.0+r36/logd/LogBuffer.h
Examining data/android-platform-system-core-10.0.0+r36/logd/LogBufferElement.cpp
Examining data/android-platform-system-core-10.0.0+r36/logd/LogBufferElement.h
Examining data/android-platform-system-core-10.0.0+r36/logd/LogBufferInterface.cpp
Examining data/android-platform-system-core-10.0.0+r36/logd/LogBufferInterface.h
Examining data/android-platform-system-core-10.0.0+r36/logd/LogCommand.cpp
Examining data/android-platform-system-core-10.0.0+r36/logd/LogCommand.h
Examining data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp
Examining data/android-platform-system-core-10.0.0+r36/logd/LogKlog.h
Examining data/android-platform-system-core-10.0.0+r36/logd/LogListener.cpp
Examining data/android-platform-system-core-10.0.0+r36/logd/LogListener.h
Examining data/android-platform-system-core-10.0.0+r36/logd/LogReader.cpp
Examining data/android-platform-system-core-10.0.0+r36/logd/LogReader.h
Examining data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.cpp
Examining data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.h
Examining data/android-platform-system-core-10.0.0+r36/logd/LogTags.cpp
Examining data/android-platform-system-core-10.0.0+r36/logd/LogTags.h
Examining data/android-platform-system-core-10.0.0+r36/logd/LogTimes.cpp
Examining data/android-platform-system-core-10.0.0+r36/logd/LogTimes.h
Examining data/android-platform-system-core-10.0.0+r36/logd/LogUtils.h
Examining data/android-platform-system-core-10.0.0+r36/logd/LogWhiteBlackList.cpp
Examining data/android-platform-system-core-10.0.0+r36/logd/LogWhiteBlackList.h
Examining data/android-platform-system-core-10.0.0+r36/logd/auditctl.cpp
Examining data/android-platform-system-core-10.0.0+r36/logd/libaudit.c
Examining data/android-platform-system-core-10.0.0+r36/logd/libaudit.h
Examining data/android-platform-system-core-10.0.0+r36/logd/main.cpp
Examining data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/logwrapper/android_fork_execvp_ext_benchmark.cpp
Examining data/android-platform-system-core-10.0.0+r36/logwrapper/include/logwrap/logwrap.h
Examining data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c
Examining data/android-platform-system-core-10.0.0+r36/logwrapper/logwrapper.c
Examining data/android-platform-system-core-10.0.0+r36/mkbootimg/include/abi_check/mkbootimg_abi_check.h
Examining data/android-platform-system-core-10.0.0+r36/mkbootimg/include/bootimg/bootimg.h
Examining data/android-platform-system-core-10.0.0+r36/mkbootimg/mkbootimg_dummy.cpp
Examining data/android-platform-system-core-10.0.0+r36/property_service/libpropertyinfoparser/include/property_info_parser/property_info_parser.h
Examining data/android-platform-system-core-10.0.0+r36/property_service/libpropertyinfoparser/property_info_parser.cpp
Examining data/android-platform-system-core-10.0.0+r36/property_service/libpropertyinfoserializer/include/property_info_serializer/property_info_serializer.h
Examining data/android-platform-system-core-10.0.0+r36/property_service/libpropertyinfoserializer/property_info_file.cpp
Examining data/android-platform-system-core-10.0.0+r36/property_service/libpropertyinfoserializer/property_info_serializer.cpp
Examining data/android-platform-system-core-10.0.0+r36/property_service/libpropertyinfoserializer/property_info_serializer_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/property_service/libpropertyinfoserializer/space_tokenizer.h
Examining data/android-platform-system-core-10.0.0+r36/property_service/libpropertyinfoserializer/trie_builder.cpp
Examining data/android-platform-system-core-10.0.0+r36/property_service/libpropertyinfoserializer/trie_builder.h
Examining data/android-platform-system-core-10.0.0+r36/property_service/libpropertyinfoserializer/trie_builder_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/property_service/libpropertyinfoserializer/trie_node_arena.h
Examining data/android-platform-system-core-10.0.0+r36/property_service/libpropertyinfoserializer/trie_serializer.cpp
Examining data/android-platform-system-core-10.0.0+r36/property_service/libpropertyinfoserializer/trie_serializer.h
Examining data/android-platform-system-core-10.0.0+r36/property_service/property_info_checker/property_info_checker.cpp
Examining data/android-platform-system-core-10.0.0+r36/qemu_pipe/include/qemu_pipe.h
Examining data/android-platform-system-core-10.0.0+r36/qemu_pipe/qemu_pipe.cpp
Examining data/android-platform-system-core-10.0.0+r36/reboot/reboot.c
Examining data/android-platform-system-core-10.0.0+r36/run-as/run-as.cpp
Examining data/android-platform-system-core-10.0.0+r36/sdcard/sdcard.cpp
Examining data/android-platform-system-core-10.0.0+r36/storaged/include/storaged.h
Examining data/android-platform-system-core-10.0.0+r36/storaged/include/storaged_diskstats.h
Examining data/android-platform-system-core-10.0.0+r36/storaged/include/storaged_info.h
Examining data/android-platform-system-core-10.0.0+r36/storaged/include/storaged_service.h
Examining data/android-platform-system-core-10.0.0+r36/storaged/include/storaged_uid_monitor.h
Examining data/android-platform-system-core-10.0.0+r36/storaged/include/storaged_utils.h
Examining data/android-platform-system-core-10.0.0+r36/storaged/include/uid_info.h
Examining data/android-platform-system-core-10.0.0+r36/storaged/main.cpp
Examining data/android-platform-system-core-10.0.0+r36/storaged/storaged.cpp
Examining data/android-platform-system-core-10.0.0+r36/storaged/storaged_diskstats.cpp
Examining data/android-platform-system-core-10.0.0+r36/storaged/storaged_info.cpp
Examining data/android-platform-system-core-10.0.0+r36/storaged/storaged_service.cpp
Examining data/android-platform-system-core-10.0.0+r36/storaged/storaged_uid_monitor.cpp
Examining data/android-platform-system-core-10.0.0+r36/storaged/storaged_utils.cpp
Examining data/android-platform-system-core-10.0.0+r36/storaged/tests/storaged_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/storaged/uid_info.cpp
Examining data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c
Examining data/android-platform-system-core-10.0.0+r36/toolbox/getprop.cpp
Examining data/android-platform-system-core-10.0.0+r36/toolbox/r.c
Examining data/android-platform-system-core-10.0.0+r36/toolbox/toolbox.c
Examining data/android-platform-system-core-10.0.0+r36/toolbox/tools.h
Examining data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/fastgrep.c
Examining data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/file.c
Examining data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/grep.c
Examining data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/grep.h
Examining data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/queue.c
Examining data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/util.c
Examining data/android-platform-system-core-10.0.0+r36/trusty/gatekeeper/gatekeeper_ipc.h
Examining data/android-platform-system-core-10.0.0+r36/trusty/gatekeeper/module.cpp
Examining data/android-platform-system-core-10.0.0+r36/trusty/gatekeeper/trusty_gatekeeper.cpp
Examining data/android-platform-system-core-10.0.0+r36/trusty/gatekeeper/trusty_gatekeeper.h
Examining data/android-platform-system-core-10.0.0+r36/trusty/gatekeeper/trusty_gatekeeper_ipc.c
Examining data/android-platform-system-core-10.0.0+r36/trusty/gatekeeper/trusty_gatekeeper_ipc.h
Examining data/android-platform-system-core-10.0.0+r36/trusty/keymaster/3.0/TrustyKeymaster3Device.cpp
Examining data/android-platform-system-core-10.0.0+r36/trusty/keymaster/3.0/service.cpp
Examining data/android-platform-system-core-10.0.0+r36/trusty/keymaster/TrustyKeymaster.cpp
Examining data/android-platform-system-core-10.0.0+r36/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster.h
Examining data/android-platform-system-core-10.0.0+r36/trusty/keymaster/include/trusty_keymaster/TrustyKeymaster3Device.h
Examining data/android-platform-system-core-10.0.0+r36/trusty/keymaster/include/trusty_keymaster/ipc/keymaster_ipc.h
Examining data/android-platform-system-core-10.0.0+r36/trusty/keymaster/include/trusty_keymaster/ipc/trusty_keymaster_ipc.h
Examining data/android-platform-system-core-10.0.0+r36/trusty/keymaster/include/trusty_keymaster/legacy/trusty_keymaster_device.h
Examining data/android-platform-system-core-10.0.0+r36/trusty/keymaster/ipc/trusty_keymaster_ipc.cpp
Examining data/android-platform-system-core-10.0.0+r36/trusty/keymaster/legacy/module.cpp
Examining data/android-platform-system-core-10.0.0+r36/trusty/keymaster/legacy/trusty_keymaster_device.cpp
Examining data/android-platform-system-core-10.0.0+r36/trusty/keymaster/legacy/trusty_keymaster_device_test.cpp
Examining data/android-platform-system-core-10.0.0+r36/trusty/keymaster/legacy/trusty_keymaster_main.cpp
Examining data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/include/trusty/tipc.h
Examining data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c
Examining data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc_ioctl.h
Examining data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/trusty.c
Examining data/android-platform-system-core-10.0.0+r36/trusty/storage/interface/include/trusty/interface/storage.h
Examining data/android-platform-system-core-10.0.0+r36/trusty/storage/lib/include/trusty/lib/storage.h
Examining data/android-platform-system-core-10.0.0+r36/trusty/storage/lib/storage.c
Examining data/android-platform-system-core-10.0.0+r36/trusty/storage/proxy/ipc.c
Examining data/android-platform-system-core-10.0.0+r36/trusty/storage/proxy/ipc.h
Examining data/android-platform-system-core-10.0.0+r36/trusty/storage/proxy/log.h
Examining data/android-platform-system-core-10.0.0+r36/trusty/storage/proxy/proxy.c
Examining data/android-platform-system-core-10.0.0+r36/trusty/storage/proxy/rpmb.c
Examining data/android-platform-system-core-10.0.0+r36/trusty/storage/proxy/rpmb.h
Examining data/android-platform-system-core-10.0.0+r36/trusty/storage/proxy/storage.c
Examining data/android-platform-system-core-10.0.0+r36/trusty/storage/proxy/storage.h
Examining data/android-platform-system-core-10.0.0+r36/trusty/storage/tests/main.cpp
Examining data/android-platform-system-core-10.0.0+r36/trusty/utils/trusty-ut-ctrl/ut-ctrl.c
Examining data/android-platform-system-core-10.0.0+r36/usbd/usbd.cpp
Examining data/android-platform-system-core-10.0.0+r36/watchdogd/watchdogd.cpp

FINAL RESULTS:

data/android-platform-system-core-10.0.0+r36/adb/client/file_sync_client.cpp:694:31:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
        ssize_t data_length = readlink(lpath, buf, PATH_MAX - 1);
data/android-platform-system-core-10.0.0+r36/adb/client/file_sync_client.cpp:1115:14:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    int r2 = chmod(lpath.c_str(), mode & ~mask);
data/android-platform-system-core-10.0.0+r36/adb/client/usb_linux.cpp:277:48:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
                            ssize_t link_len = readlink(pathbuf, link, sizeof(link) - 1);
data/android-platform-system-core-10.0.0+r36/adb/daemon/file_sync_service.cpp:121:17:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
            if (chown(partial_path.c_str(), uid, gid) == -1) return false;
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:241:9:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
#define chmod adb_chmod
data/android-platform-system-core-10.0.0+r36/base/file.cpp:371:20:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
    ssize_t size = readlink(path.c_str(), &buf[0], buf.size());
data/android-platform-system-core-10.0.0+r36/base/file_test.cpp:159:15:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
  ASSERT_TRUE(chmod(td.path, S_IRUSR | S_IWUSR) == 0);
data/android-platform-system-core-10.0.0+r36/base/file_test.cpp:163:15:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
  ASSERT_TRUE(chmod(td.path, S_IRWXU) == 0);
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:267:16:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
        size = readlink(in, buf, 1024);
data/android-platform-system-core-10.0.0+r36/init/builtins.cpp:83:9:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
#define chmod DO_NOT_USE_CHMOD_USE_FCHMODAT_SYMLINK_NOFOLLOW
data/android-platform-system-core-10.0.0+r36/init/devices.cpp:185:13:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
        if (chown(attribute_file.c_str(), uid(), gid()) != 0) {
data/android-platform-system-core-10.0.0+r36/init/devices.cpp:189:13:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
        if (chmod(attribute_file.c_str(), perm()) != 0) {
data/android-platform-system-core-10.0.0+r36/init/devices.cpp:301:5:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
    chown(path.c_str(), uid, -1);
data/android-platform-system-core-10.0.0+r36/init/first_stage_init.cpp:128:15:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    CHECKCALL(chmod("/proc/cmdline", 0440));
data/android-platform-system-core-10.0.0+r36/init/keychords_test.cpp:146:23:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
        auto retval = readlink(devname.c_str(), buf, sizeof(buf) - 1);
data/android-platform-system-core-10.0.0+r36/libcutils/fs.cpp:103:28:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    if (TEMP_FAILURE_RETRY(chmod(path, mode)) == -1) {
data/android-platform-system-core-10.0.0+r36/libcutils/fs.cpp:107:28:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
    if (TEMP_FAILURE_RETRY(chown(path, uid, gid)) == -1) {
data/android-platform-system-core-10.0.0+r36/libprocessgroup/processgroup.cpp:249:9:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
    if (chown(path.c_str(), uid, gid) == -1) {
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:220:18:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
    auto ret = ::readlink((procdir + std::to_string(tid) + "/exe").c_str(), &c, sizeof(c));
data/android-platform-system-core-10.0.0+r36/lmkd/tests/lmkd_test.cpp:114:15:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
    int ret = readlink("/proc/self/exe", buf, sizeof(buf) - 1);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1143:9:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
        chmod(id_file, 0);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1155:9:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
        chmod(id_file,
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1158:9:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
        chmod(id_file, 0600);
data/android-platform-system-core-10.0.0+r36/adb/adb.cpp:882:22:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        int result = execl(path.c_str(), "adb", "-L", socket_spec.c_str(), "fork-server", "server",
data/android-platform-system-core-10.0.0+r36/adb/adb_utils.cpp:357:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, fmt, va);
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:1035:9:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        execvp("pppd", (char* const*)ppp_args);
data/android-platform-system-core-10.0.0+r36/adb/client/fastdeploy.cpp:266:22:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    int returnCode = system(generatePatchCommand.c_str());
data/android-platform-system-core-10.0.0+r36/adb/daemon/auth.cpp:59:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access(path, R_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/adb/daemon/framebuffer_service.cpp:81:9:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        execvp(command, (char**)args);
data/android-platform-system-core-10.0.0+r36/adb/daemon/main.cpp:236:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(USB_FFS_ADB_EP0, F_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/adb/daemon/reboot_service.cpp:46:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        access("/dev/socket/recovery", F_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/adb/daemon/remount_service.cpp:50:9:  [4] (shell) execl:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        execl(kRemountCmd, kRemountCmd, cmd.empty() ? nullptr : cmd.c_str(), nullptr);
data/android-platform-system-core-10.0.0+r36/adb/daemon/shell_service.cpp:365:13:  [4] (shell) execle:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
            execle(_PATH_BSHELL, "-" _PATH_BSHELL, nullptr, cenv.data());
data/android-platform-system-core-10.0.0+r36/adb/daemon/shell_service.cpp:367:13:  [4] (shell) execle:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
            execle(_PATH_BSHELL, _PATH_BSHELL, "-c", command_.c_str(), nullptr, cenv.data());
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:243:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define vfprintf adb_vfprintf
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:244:9:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define vprintf adb_vprintf
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:245:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define fprintf adb_fprintf
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:246:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define printf adb_printf
data/android-platform-system-core-10.0.0+r36/adb/sysdeps_win32.cpp:2269:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(ent->d_name, name_utf8.c_str());
data/android-platform-system-core-10.0.0+r36/adb/sysdeps_win32.cpp:2487:8:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#undef vfprintf
data/android-platform-system-core-10.0.0+r36/adb/sysdeps_win32.cpp:2488:16:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        return vfprintf(stream, format, ap);
data/android-platform-system-core-10.0.0+r36/adb/sysdeps_win32.cpp:2730:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buf, buf_utf8.c_str());
data/android-platform-system-core-10.0.0+r36/base/file.cpp:80:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (access(tmpdir, R_OK | W_OK | X_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/base/stringprintf.cpp:35:16:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  int result = vsnprintf(space, sizeof(space), format, backup_ap);
data/android-platform-system-core-10.0.0+r36/base/stringprintf.cpp:58:12:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  result = vsnprintf(buf, length, format, backup_ap);
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:32:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, why, ap);
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:280:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(in, start);
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:281:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(out, prefix);
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_handler.cpp:391:5:  [4] (shell) execle:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    execle(CRASH_DUMP_PATH, CRASH_DUMP_NAME, main_tid, pseudothread_tid, debuggerd_dump_type,
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/include/libdebuggerd/utility.h:73:82:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void _LOG(log_t* log, logtype ltype, const char* fmt, ...) __attribute__((format(printf, 3, 4)));
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/utility.cpp:236:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(buf, default_value);
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/adf.cpp:65:23:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
        int matched = sscanf(dirent->d_name, pattern, &id);
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/adf.cpp:89:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(filename, sizeof(filename), ADF_BASE_PATH "adf%u", id);
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/adf.cpp:306:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(filename, sizeof(filename), ADF_BASE_PATH "adf-interface%u.%u",
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/adf.cpp:522:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(filename, sizeof(filename),
data/android-platform-system-core-10.0.0+r36/fastboot/bootimg_utils.cpp:39:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(reinterpret_cast<char*>(h->cmdline), cmdline.c_str());
data/android-platform-system-core-10.0.0+r36/fastboot/device/utility.cpp:98:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(path.c_str(), W_OK) < 0) {
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:199:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(stderr, kStatusFormat, message.c_str());
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:351:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, fmt, ap);
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:360:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(stdout,
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:1564:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (path.empty() || access(path.c_str(), R_OK)) {
data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/test_utils.cpp:174:9:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        execvp(program.c_str(), const_cast<char* const*>(argv.data()));
data/android-platform-system-core-10.0.0+r36/fastboot/usb_linux.cpp:64:20:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DBG1(x...) fprintf(stderr, x)
data/android-platform-system-core-10.0.0+r36/fastboot/usb_linux.cpp:65:19:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DBG(x...) fprintf(stderr, x)
data/android-platform-system-core-10.0.0+r36/fastboot/usb_linux.cpp:370:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(usb->fname, devname);
data/android-platform-system-core-10.0.0+r36/fastboot/usb_linux.cpp:510:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(handle_->fname, F_OK)) return 0;
data/android-platform-system-core-10.0.0+r36/fastboot/usb_osx.cpp:48:20:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define WARN(x...) fprintf(stderr, x)
data/android-platform-system-core-10.0.0+r36/fastboot/usb_osx.cpp:53:19:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define ERR(x...) fprintf(stderr, "ERROR: " x)
data/android-platform-system-core-10.0.0+r36/fastboot/usb_windows.cpp:44:19:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DBG(x...) fprintf(stderr, x)
data/android-platform-system-core-10.0.0+r36/fastboot/util.cpp:50:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, fmt, ap);
data/android-platform-system-core-10.0.0+r36/fastboot/util.cpp:67:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        vfprintf(stderr, fmt, ap);
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:126:18:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        int rv = access(filename.c_str(), F_OK);
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:240:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access(E2FSCK_BIN, X_OK)) {
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:349:12:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    return access(TUNE2FS_BIN, X_OK) == 0;
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:652:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access(target.c_str(), F_OK)) {
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:654:20:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        } else if (access(source.c_str(), F_OK)) {
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:831:28:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
    if (entry.fs_mgr_flags.crypt) {
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:834:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access(convert_fde_name.c_str(), F_OK) == 0) return true;
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:839:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access(convert_fbe_name.c_str(), F_OK) != 0) return true;
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_fstab.cpp:455:17:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
            if (access(fstab_path.c_str(), F_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_fstab.cpp:661:29:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!is_proc_mounts && !access(android::gsi::kGsiBootedIndicatorFile, F_OK)) {
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_fstab.cpp:738:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access("/system/bin/recovery", F_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_fstab.cpp:803:5:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    system.fs_mgr_flags.wait = true;
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_fstab.cpp:804:5:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    system.fs_mgr_flags.logical = true;
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_fstab.cpp:805:5:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    system.fs_mgr_flags.first_stage_mount = true;
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_fstab.cpp:806:12:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    return system;
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_overlayfs.cpp:64:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    auto ret = access(path.c_str(), F_OK) == 0;
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_overlayfs.cpp:264:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    auto ret = access(path.c_str(), R_OK | W_OK) == 0;
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_overlayfs.cpp:782:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!access(kMkF2fs.c_str(), X_OK) && fs_mgr_overlayfs_filesystem_available("f2fs")) {
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_overlayfs.cpp:785:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!access(kMkExt4.c_str(), X_OK) && fs_mgr_overlayfs_filesystem_available("ext4")) {
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_overlayfs.cpp:828:16:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    auto ret = system(command.c_str());
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp:210:19:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            res = snprintf(buf, bufsize,
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp:215:19:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            res = snprintf(buf, bufsize,
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp:224:15:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        res = snprintf(buf, bufsize, "%s 1 " VERITY_TABLE_OPT_IGNZERO, params->table);
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp:362:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf(fp, METADATA_EOD " 0\n") < 0) {
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp:569:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    if (snprintf(tag, sizeof(tag), VERITY_LASTSIG_TAG "_%s", basename(entry.mount_point.c_str())) >=
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp:614:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    if (snprintf(tag, sizeof(tag), VERITY_STATE_TAG "_%s", basename(entry.mount_point.c_str())) >=
data/android-platform-system-core-10.0.0+r36/fs_mgr/include_fstab/fstab/fstab.h:63:14:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
        bool crypt : 1;
data/android-platform-system-core-10.0.0+r36/fs_mgr/include_fstab/fstab/fstab.h:90:29:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
        return fs_mgr_flags.crypt || fs_mgr_flags.force_crypt || fs_mgr_flags.force_fde_or_fbe;
data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/dm_test.cpp:81:18:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
            if (!access(path().c_str(), F_OK)) {
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer.cpp:571:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access(file_path.c_str(), F_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp:91:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    EXPECT_EQ(access(testfile.c_str(), F_OK), -1);
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp:108:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    EXPECT_EQ(access(testfile.c_str(), F_OK), 0);
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp:191:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    EXPECT_EQ(access(testfile.c_str(), F_OK), -1);
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp:266:19:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        EXPECT_EQ(access(path.c_str(), F_OK), 0);
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp:290:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    ASSERT_NE(access(first_file.c_str(), F_OK), 0);
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp:292:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    ASSERT_NE(access(testfile.c_str(), F_OK), 0);
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp:414:19:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        int ret = system(dd_cmd.c_str());
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp:420:15:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        ret = system(mkfs_cmd.c_str());
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp:456:19:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        int ret = system(dd_cmd.c_str());
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp:462:15:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        ret = system(mkfs_cmd.c_str());
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp:510:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(root_dir.c_str(), F_OK)) {
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp:538:5:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    system(cmd.c_str());
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/split_fiemap_writer.cpp:164:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(file_path.c_str(), F_OK) && errno == ENOENT) {
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/fs_avb.cpp:196:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access(expected_public_key_path.c_str(), F_OK) != 0) {
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/tests/fs_avb_test_util.h:40:18:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        int rc = system(base::StringPrintf(command_format, ##__VA_ARGS__).c_str()); \
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/util.cpp:91:18:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        int rv = access(filename.c_str(), F_OK);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:66:15:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_NE(system, nullptr);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:67:40:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_EQ(builder->ResizePartition(system, 65536), true);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:81:40:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_EQ(builder->ResizePartition(system, 65536), true);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:86:40:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_EQ(builder->ResizePartition(system, 0), true);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:90:30:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    builder->ResizePartition(system, 131072);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:95:30:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    builder->ResizePartition(system, 1024 * 256);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:101:30:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    builder->ResizePartition(system, 32768);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:110:30:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    builder->ResizePartition(system, 0);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:121:15:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_NE(system, nullptr);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:122:40:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_EQ(builder->ResizePartition(system, 10000), true);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:126:30:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    builder->ResizePartition(system, 7000);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:247:15:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_NE(system, nullptr);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:248:40:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_EQ(builder->ResizePartition(system, allocatable), true);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:252:40:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_EQ(builder->ResizePartition(system, allocatable + 1), false);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:263:15:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_NE(system, nullptr);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:265:40:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_EQ(builder->ResizePartition(system, 65536), true);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:267:40:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_EQ(builder->ResizePartition(system, 98304), true);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:316:15:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_NE(system, nullptr);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:318:40:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_EQ(builder->ResizePartition(system, 65536), true);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:320:40:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_EQ(builder->ResizePartition(system, 98304), true);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:370:15:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_NE(system, nullptr);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:372:40:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_EQ(builder->ResizePartition(system, 65536), true);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:374:40:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_EQ(builder->ResizePartition(system, 98304), true);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:382:15:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_NE(system, nullptr);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:408:15:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_NE(system, nullptr);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:564:15:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_NE(system, nullptr);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:571:37:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_THAT(groupA, ElementsAre(system, vendor));
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:586:15:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_NE(system, nullptr);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:590:48:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_FALSE(builder->ChangePartitionGroup(system, "groupXYZ"));
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:591:47:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_TRUE(builder->ChangePartitionGroup(system, "groupB"));
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:595:42:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_TRUE(builder->ResizePartition(system, 16384 + 4096));
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:596:47:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_TRUE(builder->ChangePartitionGroup(system, "groupA"));
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:713:15:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_NE(system, nullptr);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:715:40:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_EQ(builder->ResizePartition(system, 65536), true);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:717:40:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_EQ(builder->ResizePartition(system, 98304), true);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:753:15:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_NE(system, nullptr);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:755:40:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_EQ(builder->ResizePartition(system, 65536), true);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:757:40:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_EQ(builder->ResizePartition(system, 98304), true);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:819:15:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_NE(system, nullptr);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:822:42:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_TRUE(builder->ResizePartition(system, device_info.alignment + 4096));
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder_test.cpp:827:42:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_TRUE(builder->ResizePartition(system, device_info.alignment * 2));
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/io_test.cpp:93:10:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    if (!system) {
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/io_test.cpp:96:37:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    return builder->ResizePartition(system, 24 * 1024);
data/android-platform-system-core-10.0.0+r36/fs_mgr/tests/fs_mgr_test.cpp:285:29:  [4] (crypto) crypt:
  The crypt functions use a poor one-way hashing algorithm; since they only
  accept passwords of 8 characters or fewer and only a two-byte salt, they
  are excessively vulnerable to dictionary attacks given today's faster
  computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
  with a larger, non-repeating salt.
           lhs.crypt == rhs.crypt &&
data/android-platform-system-core-10.0.0+r36/gatekeeperd/gatekeeperd.cpp:105:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access(filename, F_OK) == -1) {
data/android-platform-system-core-10.0.0+r36/gatekeeperd/gatekeeperd.cpp:120:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access(filename, F_OK) == -1) {
data/android-platform-system-core-10.0.0+r36/healthd/AnimationParser.cpp:46:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    if (sscanf(str, format.c_str(), &start, &c) != 1) {
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:273:22:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                    (access(path.string(), R_OK) == 0) ? getIntField(path) : 0;
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:280:18:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                (access(path.string(), R_OK) == 0) ? getIntField(path) :
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:500:21:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                if (access(path.string(), R_OK) == 0)
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:511:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                    if (access(path, R_OK) == 0)
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:519:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                    if (access(path, R_OK) == 0)
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:527:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                    if (access(path, R_OK) == 0)
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:535:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                    if (access(path, R_OK) == 0)
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:543:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                    if (access(path, R_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:552:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                    if (access(path, R_OK) == 0)
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:560:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                    if (access(path, R_OK) == 0)
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:568:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                    if (access(path, R_OK) == 0)
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:576:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                    if (access(path, R_OK) == 0)
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:584:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                    if (access(path, R_OK) == 0)
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:592:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                    if (access(path, R_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:601:25:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                    if (access(path, R_OK) == 0)
data/android-platform-system-core-10.0.0+r36/healthd/charger_test.cpp:34:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(fmt "\n", ##__VA_ARGS__);
data/android-platform-system-core-10.0.0+r36/init/builtins.cpp:430:52:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
                    if (mount(tmp.c_str(), target, system, flags, options) < 0) {
data/android-platform-system-core-10.0.0+r36/init/builtins.cpp:443:35:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        if (mount(source, target, system, flags, options) < 0) {
data/android-platform-system-core-10.0.0+r36/init/devices.cpp:184:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(attribute_file.c_str(), F_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/init/devices.cpp:236:30:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!skip_restorecon_ && access(path.c_str(), F_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/init/firmware_handler.cpp:56:12:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    return access("/dev/.booting", F_OK) == 0;
data/android-platform-system-core-10.0.0+r36/init/first_stage_init.cpp:207:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access("/force_debuggable", F_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/init/first_stage_init.cpp:240:5:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    execv(path, const_cast<char**>(args));
data/android-platform-system-core-10.0.0+r36/init/first_stage_mount.cpp:609:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access("/dev/device-mapper", F_OK) && !InitDeviceMapper()) {
data/android-platform-system-core-10.0.0+r36/init/persistent_properties.cpp:144:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(temp_filename.c_str(), F_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/init/property_service.cpp:955:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access("/system/etc/selinux/plat_property_contexts", R_OK) != -1) {
data/android-platform-system-core-10.0.0+r36/init/property_service.cpp:969:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access("/product/etc/selinux/product_property_contexts", R_OK) != -1) {
data/android-platform-system-core-10.0.0+r36/init/property_service.cpp:973:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access("/odm/etc/selinux/odm_property_contexts", R_OK) != -1) {
data/android-platform-system-core-10.0.0+r36/init/security.cpp:167:17:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    bool h64 = !access(MMAP_RND_COMPAT_PATH, F_OK);
data/android-platform-system-core-10.0.0+r36/init/selinux.cpp:138:13:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        if (execv(filename, argv) == -1) {
data/android-platform-system-core-10.0.0+r36/init/selinux.cpp:217:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(odm_precompiled_sepolicy, R_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/init/selinux.cpp:219:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    } else if (access(vendor_precompiled_sepolicy, R_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/init/selinux.cpp:276:12:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    return access(plat_policy_cil_file, R_OK) != -1;
data/android-platform-system-core-10.0.0+r36/init/selinux.cpp:293:47:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
             AvbHandle::IsDeviceUnlocked() && access(kDebugRamdiskSEPolicy, F_OK) == 0);
data/android-platform-system-core-10.0.0+r36/init/selinux.cpp:334:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(product_policy_cil_file.c_str(), F_OK) == -1) {
data/android-platform-system-core-10.0.0+r36/init/selinux.cpp:339:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(product_mapping_file.c_str(), F_OK) == -1) {
data/android-platform-system-core-10.0.0+r36/init/selinux.cpp:348:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(vendor_policy_cil_file.c_str(), F_OK) == -1) {
data/android-platform-system-core-10.0.0+r36/init/selinux.cpp:353:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    } else if (access(plat_pub_versioned_cil_file.c_str(), F_OK) == -1) {
data/android-platform-system-core-10.0.0+r36/init/selinux.cpp:360:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(odm_policy_cil_file.c_str(), F_OK) == -1) {
data/android-platform-system-core-10.0.0+r36/init/selinux.cpp:482:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(buf, sizeof(buf), fmt, ap);
data/android-platform-system-core-10.0.0+r36/init/selinux.cpp:540:5:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    execv(path, const_cast<char**>(args));
data/android-platform-system-core-10.0.0+r36/init/service.cpp:208:12:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    return execv(c_strings[0], c_strings.data()) == 0;
data/android-platform-system-core-10.0.0+r36/init/subcontext.cpp:261:9:  [4] (shell) execv:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        execv(init_path.data(), const_cast<char**>(args));
data/android-platform-system-core-10.0.0+r36/init/ueventd.cpp:257:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(COLDBOOT_DONE, F_OK) != 0) {
data/android-platform-system-core-10.0.0+r36/init/util.cpp:104:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(addr.sun_path, sizeof(addr.sun_path), ANDROID_SOCKET_DIR"/%s",
data/android-platform-system-core-10.0.0+r36/init/util.cpp:476:12:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    return access("/system/bin/recovery", F_OK) == 0;
data/android-platform-system-core-10.0.0+r36/libbacktrace/BacktraceMap.cpp:112:14:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  FILE* fp = popen(cmd, "r");
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_test.cpp:1223:16:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  ASSERT_EQ(0, system(cp_cmd.c_str()));
data/android-platform-system-core-10.0.0+r36/libcutils/android_get_control_socket_test.cpp:54:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(addr.sun_path, sizeof(addr.sun_path), ANDROID_SOCKET_DIR"/%s", name);
data/android-platform-system-core-10.0.0+r36/libcutils/fs_config.cpp:398:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(p->prefix, pc->prefix);
data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/klog.h:29:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    __attribute__ ((format(printf, 2, 3)));
data/android-platform-system-core-10.0.0+r36/libcutils/klog.cpp:61:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(buf, sizeof(buf), fmt, ap);
data/android-platform-system-core-10.0.0+r36/libcutils/socket_local_client_unix.cpp:78:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(p_addr->sun_path, FILESYSTEM_SOCKET_PREFIX);
data/android-platform-system-core-10.0.0+r36/libcutils/socket_local_client_unix.cpp:79:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(p_addr->sun_path, name);
data/android-platform-system-core-10.0.0+r36/libcutils/socket_local_client_unix.cpp:91:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(p_addr->sun_path, ANDROID_RESERVED_SOCKET_PREFIX);
data/android-platform-system-core-10.0.0+r36/libcutils/socket_local_client_unix.cpp:92:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(p_addr->sun_path, name);
data/android-platform-system-core-10.0.0+r36/libcutils/socket_local_client_unix.cpp:103:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(p_addr->sun_path, name);
data/android-platform-system-core-10.0.0+r36/libcutils/trace-container.cpp:131:15:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    int len = snprintf( \
data/android-platform-system-core-10.0.0+r36/libcutils/trace-container.cpp:140:19:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            len = snprintf( \
data/android-platform-system-core-10.0.0+r36/liblog/event_tag_map.cpp:164:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf(stderr, errorFormat, it->first, (int)it->second.first.length(),
data/android-platform-system-core-10.0.0+r36/liblog/event_tag_map.cpp:181:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf(stderr, errorFormat, it->second, (int)it->first.first.length(),
data/android-platform-system-core-10.0.0+r36/liblog/event_tag_map.cpp:257:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      fprintf(stderr, OUT_TAG ": malformed tag number on line %d\n", lineNum);
data/android-platform-system-core-10.0.0+r36/liblog/event_tag_map.cpp:266:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      fprintf(stderr, OUT_TAG ": tag number too large on line %d\n", lineNum);
data/android-platform-system-core-10.0.0+r36/liblog/event_tag_map.cpp:277:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      fprintf(stderr, OUT_TAG ": missing tag string on line %d\n", lineNum);
data/android-platform-system-core-10.0.0+r36/liblog/event_tag_map.cpp:289:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      fprintf(stderr, OUT_TAG ": invalid tag char %c on line %d\n", *cp,
data/android-platform-system-core-10.0.0+r36/liblog/event_tag_map.cpp:358:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(stderr, OUT_TAG ": map file %zu[%zu] missing EOL on last line\n",
data/android-platform-system-core-10.0.0+r36/liblog/event_tag_map.cpp:390:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf(stderr,
data/android-platform-system-core-10.0.0+r36/liblog/event_tag_map.cpp:426:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf(stderr, OUT_TAG ": unable to open map '%s': %s\n", tagfile,
data/android-platform-system-core-10.0.0+r36/liblog/event_tag_map.cpp:436:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      fprintf(stderr, OUT_TAG ": unable to seek map '%s' %s\n", tagfile,
data/android-platform-system-core-10.0.0+r36/liblog/event_tag_map.cpp:463:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf(stderr, OUT_TAG ": mmap(%s) failed: %s\n", tagfile,
data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.cpp:44:20:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define TRACE(...) printf("fake_log_device: " __VA_ARGS__)
data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.cpp:272:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(logState->tagSet[entry].tag, tagName);
data/android-platform-system-core-10.0.0+r36/liblog/include/android/log.h:100:31:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    __attribute__((__format__(printf, 3, 4)))
data/android-platform-system-core-10.0.0+r36/liblog/include/android/log.h:110:31:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    __attribute__((__format__(printf, 3, 0)))
data/android-platform-system-core-10.0.0+r36/liblog/include/android/log.h:133:31:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    __attribute__((__format__(printf, 3, 4)))
data/android-platform-system-core-10.0.0+r36/liblog/include/android/log.h:187:31:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    __attribute__((__format__(printf, 4, 5)))
data/android-platform-system-core-10.0.0+r36/liblog/include/log/log_id.h:51:31:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    __attribute__((__format__(printf, 4, 5)))
data/android-platform-system-core-10.0.0+r36/liblog/log_time.cpp:51:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(fmt, format);
data/android-platform-system-core-10.0.0+r36/liblog/logd_reader.cpp:97:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (access("/dev/socket/logdw", W_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/liblog/logd_reader.cpp:140:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(buf, buf_size, msg, logger ? logger->logId : (unsigned)-1);
data/android-platform-system-core-10.0.0+r36/liblog/logd_reader.cpp:358:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(buffer, (logger_list->mode & ANDROID_LOG_NONBLOCK) ? "dumpAndClose" : "stream");
data/android-platform-system-core-10.0.0+r36/liblog/logd_reader.cpp:388:11:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    ret = snprintf(cp, remaining, " start=%" PRIu32 ".%09" PRIu32, logger_list->start.tv_sec,
data/android-platform-system-core-10.0.0+r36/liblog/logd_writer.cpp:118:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access("/dev/socket/logdw", W_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:479:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  vsnprintf(buf, LOG_BUF_SIZE, fmt, ap);
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:489:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  vsnprintf(buf, LOG_BUF_SIZE, fmt, ap);
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:500:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  vsnprintf(buf, LOG_BUF_SIZE, fmt, ap);
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:512:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(buf, LOG_BUF_SIZE, fmt, ap);
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:761:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      outCount = snprintf(outBuf, outBufLen, "%" PRId64, lval);
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:935:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                snprintf(outBuf, outBufLen, (val >= hour) ? "%02" PRIu64 ":" : "%" PRIu64 ":",
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:941:22:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
          outCount = snprintf(outBuf, outBufLen, (val >= minute) ? "%02" PRIu64 : "%" PRIu64 "s",
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1207:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
      snprintf(buf, sizeof(buf), ((messageLen > 1) && isdigit(message[1])) ? "\\%03o" : "\\%o",
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1237:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(p, buf);
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1307:15:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    FILE* p = popen("/system/bin/dmesg", "re");
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1574:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(timeBuf, sizeof(timeBuf), p_format->monotonic_output ? "%6lld" : "%19lld",
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1605:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(suffixBuf, suffixContents);
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1769:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(p, prefixBuf);
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1777:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(p, suffixBuf);
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1789:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(p, prefixBuf);
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1797:7:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
      strcat(p, suffixBuf);
data/android-platform-system-core-10.0.0+r36/liblog/pmsg_reader.cpp:62:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (access("/dev/pmsg0", W_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/liblog/pmsg_reader.cpp:419:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(names->name, msg + sizeof(prio));
data/android-platform-system-core-10.0.0+r36/liblog/pmsg_writer.cpp:83:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access("/dev/pmsg0", W_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/liblog/properties.cpp:123:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(key, log_namespace);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:553:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  vsnprintf(buf, sizeof(buf), fmt, ap);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:1006:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(name, sizeof(name), "a%" PRIu64, now.nsec());
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:1034:3:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  system("stop logd ; start logd");
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:96:14:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  FILE* fp = popen(command.c_str(), "re");
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:665:13:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
  if (15 != sscanf(buffer,
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1283:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(buffer, sizeof(buffer), fmt, i);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1446:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(key, log_namespace);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1555:7:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
      strcpy(key, log_namespace);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1616:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(key, log_namespace);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1696:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(key, log_namespace);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1786:3:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  system((getuid() == AID_ROOT) ? "stop logd" : "su 0 stop logd");
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1810:3:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  system((getuid() == AID_ROOT) ? "start logd" : "su 0 start logd");
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:2448:20:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        outCount = snprintf(strOut, strOutLen + 1, "%" PRId32, elem.data.int32);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:2463:20:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        outCount = snprintf(strOut, strOutLen + 1, "%" PRId64, elem.data.int64);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:3172:18:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  if (tag == -1) system("tail -3 /dev/event-log-tags >&2");
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_radio_test.cpp:94:14:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  FILE* fp = popen(buf.c_str(), "re");
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_system_test.cpp:94:14:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  FILE* fp = popen(buf.c_str(), "re");
data/android-platform-system-core-10.0.0+r36/libmeminfo/include/meminfo/pageacct.h:35:17:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        return (access("/sys/kernel/mm/page_idle/bitmap", R_OK | W_OK) == 0);
data/android-platform-system-core-10.0.0+r36/libmeminfo/libmeminfo_benchmark.cpp:254:23:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
        int matched = fscanf(f, "%" SCNu64, &mem_used_total);
data/android-platform-system-core-10.0.0+r36/libmeminfo/libmeminfo_test.cpp:89:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    EXPECT_EQ(!access(path.c_str(), F_OK | R_OK), supported);
data/android-platform-system-core-10.0.0+r36/libmeminfo/procmeminfo.cpp:456:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(rollup_file.c_str(), F_OK | R_OK)) {
data/android-platform-system-core-10.0.0+r36/libmeminfo/sysmeminfo.cpp:192:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access(zram_dev.c_str(), F_OK)) {
data/android-platform-system-core-10.0.0+r36/libmeminfo/sysmeminfo.cpp:215:13:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
        if (fscanf(mmstat_fp.get(), "%*" SCNu64 " %*" SCNu64 " %" SCNu64, mem_zram_dev) != 1) {
data/android-platform-system-core-10.0.0+r36/libmeminfo/tools/procrank.cpp:465:17:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
            if (access(procdir.c_str(), F_OK | R_OK)) return true;
data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/PreInitializeNativeBridge_test.cpp:44:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf(cpuinfo, kTestData);
data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpclient.c:68:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(errmsg, sizeof(errmsg), fmt, ap);
data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpclient.c:154:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(addr, ipaddr(info->ipaddr));
data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpclient.c:155:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(gway, ipaddr(info->gateway));
data/android-platform-system-core-10.0.0+r36/libnetutils/ifc_utils.c:44:15:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define ALOGD printf
data/android-platform-system-core-10.0.0+r36/libnetutils/ifc_utils.c:45:15:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define ALOGW printf
data/android-platform-system-core-10.0.0+r36/libnetutils/packet.c:34:15:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define ALOGD printf
data/android-platform-system-core-10.0.0+r36/libnetutils/packet.c:35:15:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define ALOGW printf
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/ARMAssembler.cpp:183:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(format, name, int(pc()-base()), base(), pc(), duration);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Assembler.cpp:325:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(format, name, int(pc()-base()), base(), pc(), duration);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:129:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(instr_part, "%s%s", prefix, "zr");
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:131:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(instr_part, "%s%d", prefix, reg);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:145:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(instr_part, "%s", shift2_table[bits_unsigned(code, 23,22)]);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:160:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(instr_part, "%s", amt5_table[bits_unsigned(code, 12,12)]);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:173:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(instr_part, "%s", token_cc_table[bits_unsigned(code, 15,12)]);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:175:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(instr_part, "%s", token_cc_table[bits_unsigned(code, 4,0)]);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:183:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(instr_part, "%s", token_r1_table[bits_unsigned(code, 15,13)]);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:191:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(instr_part, "%s", token_r2_table[bits_unsigned(code, 15,13)]);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:197:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(instr_part, "%s", "zr");
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:208:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(instr_part, "%s", token_ext1_table[bits_unsigned(code, 15,13)]);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:217:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(instr_part, "%s", token_ext2_table[bits_unsigned(code, 15,13)]);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:231:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(instr_part, "%s", "sp");
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:239:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(instr_part, "%s", "sp");
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:306:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                strcat(instr, instr_part);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:310:17:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
                strcat(instr, token);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/MIPSAssembler.cpp:1319:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(os, temp);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/disassem.c:704:47:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	disassemble_readword, disassemble_printaddr, printf
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips64_disassem.c:554:15:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        cnt = vsnprintf(sprintf_buffer, sprintf_buf_len, fmt, argp);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips64_disassem.c:558:9:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        vprintf(fmt, argp);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips_disassem.c:560:15:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        cnt = vsnprintf(sprintf_buffer, sprintf_buf_len, fmt, argp);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips_disassem.c:564:9:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        vprintf(fmt, argp);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-mips64/disassembler/mips64_disassembler_test.cpp:175:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(temp, test->instr);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-mips64/disassembler/mips64_disassembler_test.cpp:177:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(temp, address);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-mips64/disassembler/mips64_disassembler_test.cpp:196:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(temp, test->instr);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-mips64/disassembler/mips64_disassembler_test.cpp:198:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(temp, address);
data/android-platform-system-core-10.0.0+r36/libprocessgroup/cgroup_map.cpp:74:18:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        state_ = access(GetProcsFilePath("", 0, 0).c_str(), F_OK) == 0 ? USABLE : MISSING;
data/android-platform-system-core-10.0.0+r36/libprocessgroup/processgroup.cpp:341:15:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
            (!access(ConvertUidPidToPath(cpuacct_path.c_str(), uid, initialPid).c_str(), F_OK))
data/android-platform-system-core-10.0.0+r36/libprocessgroup/setup/cgroup_map_write.cpp:181:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!access(CGROUPS_DESC_VENDOR_FILE, F_OK) &&
data/android-platform-system-core-10.0.0+r36/libprocessgroup/setup/cgroup_map_write.cpp:298:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(CGROUPS_RC_PATH, F_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/libprocessgroup/task_profiles.cpp:84:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    return (access(file.c_str(), W_OK) == 0);
data/android-platform-system-core-10.0.0+r36/libprocessgroup/task_profiles.cpp:160:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(tasks_path.c_str(), W_OK) != 0) {
data/android-platform-system-core-10.0.0+r36/libprocessgroup/task_profiles.cpp:309:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!access(TASK_PROFILE_DB_VENDOR_FILE, F_OK) &&
data/android-platform-system-core-10.0.0+r36/libsparse/sparse_err.cpp:27:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf(stderr, fmt, argp);
data/android-platform-system-core-10.0.0+r36/libstats/statsd_writer.c:161:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access("/dev/socket/statsdw", W_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/libsysutils/src/NetlinkEvent.cpp:490:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(buf, kServerTag);
data/android-platform-system-core-10.0.0+r36/libunwindstack/Log.cpp:50:5:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vprintf(real_format.c_str(), args);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/UnwindOfflineTest.cpp:137:20:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
      ASSERT_EQ(2, fscanf(fp, "%s %" SCNx64 "\n", reg_name, &value));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind_info.cpp:53:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf("  PC 0x%" PRIx64, pc + load_bias);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind_info.cpp:91:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf("\n  PC 0x%" PRIx64 "-0x%" PRIx64, fde->pc_start, fde->pc_end);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind_reg_info.cpp:45:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf("- %" PRId64, -value);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind_reg_info.cpp:47:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf("+ %" PRId64, value);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind_reg_info.cpp:193:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  printf("PC 0x%" PRIx64, pc);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind_symbols.cpp:107:7:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      printf("+%" PRId64, func_offset);
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:29:11:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define D printf
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:135:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(busname, sizeof(busname), USB_FS_DIR "/%s", de->d_name);
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:156:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(path, sizeof(path), USB_FS_DIR "/%03d", i);
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:268:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                snprintf(path, sizeof(path), USB_FS_DIR "/%s", event->name);
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:288:25:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                        snprintf(path, sizeof(path), USB_FS_DIR "/%03d/%s", i, event->name);
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:335:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access(dev_name, R_OK | W_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:339:17:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
            if (access(dev_name, R_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:341:30:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                writeable = (access(dev_name, R_OK | W_OK) == 0);
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:430:5:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    sscanf(device->dev_name, USB_FS_ID_SCANNER, &bus, &dev);
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:437:5:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
    sscanf(name, USB_FS_ID_SCANNER, &bus, &dev);
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:446:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(result, strlen(USB_FS_ID_FORMAT) - 1, USB_FS_ID_FORMAT, bus, dev);
data/android-platform-system-core-10.0.0+r36/libutils/ProcessCallStack.cpp:83:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(path, sizeof(path), PATH_THREAD_NAME, tid);
data/android-platform-system-core-10.0.0+r36/libutils/RefBase.cpp:291:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf(name, sizeof(name), DEBUG_REFS_CALLSTACK_PATH "/%p.stack",
data/android-platform-system-core-10.0.0+r36/libutils/String8.cpp:322:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    n = vsnprintf(nullptr, 0, fmt, tmp_args);
data/android-platform-system-core-10.0.0+r36/libutils/String8.cpp:329:13:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            vsnprintf(buf + oldLength, n + 1, fmt, args);
data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Printer.h:33:82:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    virtual void printFormatLine(const char* format, ...) __attribute__((format (printf, 2, 3)));
data/android-platform-system-core-10.0.0+r36/libutils/include/utils/String8.h:65:85:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    static String8              format(const char* fmt, ...) __attribute__((format (printf, 1, 2)));
data/android-platform-system-core-10.0.0+r36/libutils/include/utils/String8.h:95:44:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                    __attribute__((format (printf, 2, 3)));
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:553:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(piddir.c_str(), F_OK) != 0) {
data/android-platform-system-core-10.0.0+r36/llkd/tests/llkd_test.cpp:64:21:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    if (getuid() || system(command)) {
data/android-platform-system-core-10.0.0+r36/llkd/tests/llkd_test.cpp:65:9:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        system((std::string("su root ") + command).c_str());
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:669:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(path, sizeof(path), MEMCG_SYSFS_PATH
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1066:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(buf, sizeof(buf), MEMCG_PROCESS_MEMORY_STAT_PATH, uid, pid);
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1088:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(path, sizeof(path), PROC_STAT_FILE_PATH, pid);
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1584:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(buf, F_OK) == 0) {
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1968:28:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    has_inkernel_module = !access(INKERNEL_MINFREE_PATH, W_OK);
data/android-platform-system-core-10.0.0+r36/lmkd/tests/lmkd_test.cpp:60:16:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    FILE* fp = popen(command.c_str(), "r");
data/android-platform-system-core-10.0.0+r36/lmkd/tests/lmkd_test.cpp:219:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!access(INKERNEL_MINFREE_PATH, W_OK)) {
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:607:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(context->error, fmt, args);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_benchmark.cpp:30:10:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    fp = popen(
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:88:31:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_TRUE(NULL != (fp = popen(logcat_executable
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:131:31:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_TRUE(NULL != (fp = popen(command.c_str(), "r")));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:201:27:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
                    (fp = popen(logcat_executable " -v long -v year -b all -t 3 2>/dev/null", "r")));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:263:35:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        ASSERT_TRUE(NULL != (fp = popen(logcat_executable
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:290:23:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
                (fp = popen(logcat_executable
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:322:35:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        ASSERT_TRUE(NULL != (fp = popen(buffer, "r")));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:368:35:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        ASSERT_TRUE(NULL != (fp = popen(buffer, "r")));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:391:31:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_TRUE(NULL != (fp = popen(buffer, "r")));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:473:23:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
                (fp = popen(logcat_executable " -v brief -b events -t 100 2>/dev/null", "r")));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:510:40:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        EXPECT_TRUE(NULL != (fp[num] = popen(logcat_executable " -v brief -b events -t 100", "r")));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:550:31:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_TRUE(NULL != (fp = popen(cmd, "r")));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:664:15:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        (fp = popen("( trap exit HUP QUIT INT PIPE KILL ; sleep 6; echo DONE )&"
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:732:15:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        (fp = popen("( trap exit HUP QUIT INT PIPE KILL ; sleep 6; echo DONE )&"
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:790:33:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    ASSERT_TRUE(NULL != mkdtemp(strcpy(buf, form)));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:796:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(command, sizeof(command), comm, buf);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:799:32:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_FALSE(IsFalse(ret = system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:804:35:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        EXPECT_TRUE(NULL != (fp = popen(command, "r")));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:829:26:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_FALSE(IsFalse(system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:836:33:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    ASSERT_TRUE(NULL != mkdtemp(strcpy(tmp_out_dir, tmp_out_dir_form)));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:842:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(command, sizeof(command), logcat_cmd, tmp_out_dir);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:845:32:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_FALSE(IsFalse(ret = system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:850:35:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        EXPECT_TRUE(NULL != (fp = popen(command, "r")));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:887:26:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_FALSE(IsFalse(system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:894:33:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    ASSERT_TRUE(NULL != mkdtemp(strcpy(tmp_out_dir, tmp_out_dir_form)));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:901:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(command, sizeof(command), logcat_cmd, tmp_out_dir, log_filename);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:904:32:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_FALSE(IsFalse(ret = system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:906:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(command, sizeof(command), cleanup_cmd, tmp_out_dir);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:907:30:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        EXPECT_FALSE(IsFalse(system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:914:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(command, sizeof(command), cleanup_cmd, tmp_out_dir);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:915:30:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        EXPECT_FALSE(IsFalse(system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:945:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(command, sizeof(command), cleanup_cmd, tmp_out_dir);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:946:30:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        EXPECT_FALSE(IsFalse(system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:952:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(command, sizeof(command), logcat_cmd, tmp_out_dir, log_filename);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:953:32:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_FALSE(IsFalse(ret = system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:955:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(command, sizeof(command), cleanup_cmd, tmp_out_dir);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:956:30:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        EXPECT_FALSE(IsFalse(system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:965:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(command, sizeof(command), cleanup_cmd, tmp_out_dir);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:966:30:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        EXPECT_FALSE(IsFalse(system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1011:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(command, sizeof(command), cleanup_cmd, tmp_out_dir);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1012:26:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_FALSE(IsFalse(system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1019:33:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    ASSERT_TRUE(NULL != mkdtemp(strcpy(tmp_out_dir, tmp_out_dir_form)));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1032:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(command, sizeof(command) - sizeof(clear_cmd), logcat_cmd,
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1036:36:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        EXPECT_FALSE(IsFalse(ret = system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1038:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf(command, sizeof(command), cleanup_cmd, tmp_out_dir);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1039:34:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
            EXPECT_FALSE(IsFalse(system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1046:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf(command, sizeof(command), cleanup_cmd, tmp_out_dir);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1047:34:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
            EXPECT_FALSE(IsFalse(system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1063:9:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
        strcat(command, clear_cmd);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1066:36:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        EXPECT_FALSE(IsFalse(ret = system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1068:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf(command, sizeof(command), cleanup_cmd, tmp_out_dir);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1069:26:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
            EXPECT_FALSE(system(command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1070:34:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
            EXPECT_FALSE(IsFalse(system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1077:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf(command, sizeof(command), cleanup_cmd, tmp_out_dir);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1078:34:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
            EXPECT_FALSE(IsFalse(system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1093:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(command, sizeof(command), cleanup_cmd, tmp_out_dir);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1094:26:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_FALSE(IsFalse(system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1102:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(command, sizeof(command), logcat_cmd, tmp_out_dir, log_filename);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1104:15:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    int ret = system(command);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1135:33:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    ASSERT_TRUE(NULL != mkdtemp(strcpy(tmp_out_dir, tmp_out_dir_form)));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1168:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(command, sizeof(command), cleanup_cmd, tmp_out_dir);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1169:26:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_FALSE(IsFalse(system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1178:31:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    EXPECT_FALSE(IsFalse(0 == system(command), command));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1203:15:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        (fp = popen("( trap exit HUP QUIT INT PIPE KILL ; sleep 6; echo DONE )&"
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1312:16:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    FILE* fp = popen(logcat_executable " -p 2>/dev/null", "r");
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1346:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(buffer, sizeof(buffer), logcat_executable " -P '%s' 2>&1",
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1348:16:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    FILE* fp = popen(buffer, "r");
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1410:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(buffer, sizeof(buffer),
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1425:31:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_TRUE(NULL != (fp = popen(buffer, "r")));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1448:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(buffer, sizeof(buffer),
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1462:31:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    ASSERT_TRUE(NULL != (fp = popen(buffer, "r")));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1479:31:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    __attribute__((__format__(printf, 2, 3)))
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1484:16:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    FILE* fp = popen(logcat_executable " -v brief -b events -v descriptive -t 100 2>/dev/null", "r");
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1494:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(buffer, sizeof(buffer), fmt, ap);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1510:19:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
        int ret = sscanf(buffer, expect.c_str(), &p, &space, &newline);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1709:16:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    FILE* fp = popen(command, "r");
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1729:16:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    FILE* fp = popen(command, "r");
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1753:14:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  FILE* fp = popen("logcat -b foo 2>&1", "r");
data/android-platform-system-core-10.0.0+r36/logd/LogBufferElement.cpp:201:18:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    size_t len = snprintf(nullptr, 0, format_uid, mUid, name ? name : "",
data/android-platform-system-core-10.0.0+r36/logd/LogBufferElement.cpp:230:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(buffer + 1, tag);
data/android-platform-system-core-10.0.0+r36/logd/LogBufferElement.cpp:233:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(buffer + hdrLen, len + 1, format_uid, mUid, name ? name : "",
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:216:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(buffer, sizeof(buffer), klogd_message, priority_message, klogdStr,
data/android-platform-system-core-10.0.0+r36/logd/main.cpp:195:13:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    int n = vsnprintf(buffer + sizeof(message),
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:463:15:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
        (fp = popen("/data/nativetest/liblog-benchmarks/liblog-benchmarks"
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:925:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(name, sizeof(name), "a%" PRIu64, now.nsec());
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:42:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(stderr, fmt, ## args);                                            \
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:469:9:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    if (execvp(argv_child[0], argv_child)) {
data/android-platform-system-core-10.0.0+r36/property_service/libpropertyinfoserializer/trie_node_arena.h:67:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(data, string.c_str());
data/android-platform-system-core-10.0.0+r36/run-as/run-as.cpp:271:8:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
      (execvp(argv[cmd_argv_offset], argv+cmd_argv_offset) == -1)) {
data/android-platform-system-core-10.0.0+r36/run-as/run-as.cpp:276:3:  [4] (shell) execlp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  execlp(_PATH_BSHELL, "sh", NULL);
data/android-platform-system-core-10.0.0+r36/storaged/include/storaged_diskstats.h:181:20:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                : (access(MMC_DISK_STATS_PATH, R_OK) == 0
data/android-platform-system-core-10.0.0+r36/storaged/include/storaged_diskstats.h:183:27:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                       : (access(SDA_DISK_STATS_PATH, R_OK) == 0 ? SDA_DISK_STATS_PATH : nullptr))),
data/android-platform-system-core-10.0.0+r36/storaged/storaged_uid_monitor.cpp:542:17:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    : enabled_(!access(UID_IO_STATS_PATH, R_OK)) {
data/android-platform-system-core-10.0.0+r36/storaged/tests/storaged_test.cpp:72:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (access(MMC_DISK_STATS_PATH, R_OK) >= 0) {
data/android-platform-system-core-10.0.0+r36/storaged/tests/storaged_test.cpp:74:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    } else if (access(SDA_DISK_STATS_PATH, R_OK) >= 0) {
data/android-platform-system-core-10.0.0+r36/storaged/tests/storaged_test.cpp:243:45:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    ASSERT_TRUE(healthService != nullptr || access(MMC_DISK_STATS_PATH, R_OK) >= 0 ||
data/android-platform-system-core-10.0.0+r36/storaged/tests/storaged_test.cpp:244:17:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                access(SDA_DISK_STATS_PATH, R_OK) >= 0);
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:450:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(devname, dirname);
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:458:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(filename, event->name);
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:482:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(devname, dirname);
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:490:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(filename, de->d_name);
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/grep.c:160:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf(stderr, getstr(4), __progname);
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/grep.c:559:4:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
			printf(getstr(9), __progname, VERSION);
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/util.c:223:2:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
	strcpy(ln.file, fn);
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/util.c:270:3:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		printf(getstr(8), fn);
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:97:2:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	fprintf (stderr, usage, prog);
data/android-platform-system-core-10.0.0+r36/trusty/storage/tests/main.cpp:544:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(filename, sizeof(filename), fname_fmt, i);
data/android-platform-system-core-10.0.0+r36/trusty/storage/tests/main.cpp:564:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(filename, sizeof(filename), fname_fmt, i);
data/android-platform-system-core-10.0.0+r36/trusty/storage/tests/main.cpp:579:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(filename, sizeof(filename), fname_fmt, i);
data/android-platform-system-core-10.0.0+r36/trusty/utils/trusty-ut-ctrl/ut-ctrl.c:53:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(stderr, usage, prog);
data/android-platform-system-core-10.0.0+r36/adb/adb_trace.cpp:93:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char* setting = getenv("ADB_TRACE");
data/android-platform-system-core-10.0.0+r36/adb/adb_trace.cpp:176:30:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char* ANDROID_LOG_TAGS = getenv("ANDROID_LOG_TAGS");
data/android-platform-system-core-10.0.0+r36/adb/adb_utils.cpp:289:34:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (const char* const home = getenv("HOME")) {
data/android-platform-system-core-10.0.0+r36/adb/adb_utils.cpp:347:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char* tmp_dir = getenv("TMPDIR");
data/android-platform-system-core-10.0.0+r36/adb/client/auth.cpp:241:33:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char* adb_keys_path = getenv("ADB_VENDOR_KEYS");
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:72:39:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char* ANDROID_PRODUCT_OUT = getenv("ANDROID_PRODUCT_OUT");
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:568:37:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        const char* terminal_type = getenv("TERM");
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:685:19:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((opt = getopt(argc, const_cast<char**>(argv), "+e:ntTx")) != -1) {
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:1192:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char* log_tags = getenv("ANDROID_LOG_TAGS");
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:1518:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        server_socket_str = getenv("ADB_SERVER_SOCKET");
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:1523:63:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        server_host_str = server_host_str ? server_host_str : getenv("ANDROID_ADB_SERVER_ADDRESS");
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:1526:63:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        server_port_str = server_port_str ? server_port_str : getenv("ANDROID_ADB_SERVER_PORT");
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:1553:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        serial = getenv("ANDROID_SERIAL");
data/android-platform-system-core-10.0.0+r36/adb/client/fastdeploy.cpp:82:35:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        const char* product_out = getenv("ANDROID_PRODUCT_OUT");
data/android-platform-system-core-10.0.0+r36/adb/client/fastdeploy.cpp:244:32:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        const char* host_out = getenv("ANDROID_HOST_OUT");
data/android-platform-system-core-10.0.0+r36/adb/client/line_printer.cpp:50:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char* term = getenv("TERM");
data/android-platform-system-core-10.0.0+r36/adb/client/main.cpp:106:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char* leak = getenv("ADB_LEAK");
data/android-platform-system-core-10.0.0+r36/adb/client/main.cpp:121:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (!getenv("ADB_MDNS") || strcmp(getenv("ADB_MDNS"), "0") != 0) {
data/android-platform-system-core-10.0.0+r36/adb/client/main.cpp:121:39:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (!getenv("ADB_MDNS") || strcmp(getenv("ADB_MDNS"), "0") != 0) {
data/android-platform-system-core-10.0.0+r36/adb/client/main.cpp:125:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (!getenv("ADB_USB") || strcmp(getenv("ADB_USB"), "0") != 0) {
data/android-platform-system-core-10.0.0+r36/adb/client/main.cpp:125:38:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (!getenv("ADB_USB") || strcmp(getenv("ADB_USB"), "0") != 0) {
data/android-platform-system-core-10.0.0+r36/adb/client/main.cpp:131:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (!getenv("ADB_EMU") || strcmp(getenv("ADB_EMU"), "0") != 0) {
data/android-platform-system-core-10.0.0+r36/adb/client/main.cpp:131:38:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (!getenv("ADB_EMU") || strcmp(getenv("ADB_EMU"), "0") != 0) {
data/android-platform-system-core-10.0.0+r36/adb/daemon/main.cpp:221:40:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char* adb_external_storage = getenv("ADB_EXTERNAL_STORAGE");
data/android-platform-system-core-10.0.0+r36/adb/daemon/main.cpp:285:17:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
        int c = getopt_long(argc, argv, "", opts, &option_index);
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:259:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
#define getenv adb_getenv
data/android-platform-system-core-10.0.0+r36/adb/sysdeps_win32.cpp:2798:8:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
#undef getenv
data/android-platform-system-core-10.0.0+r36/adb/sysdeps_win32.cpp:2801:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("TERM") == nullptr) {
data/android-platform-system-core-10.0.0+r36/adb/transport.cpp:919:41:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                char* ADB_VENDOR_KEYS = getenv("ADB_VENDOR_KEYS");
data/android-platform-system-core-10.0.0+r36/adb/transport_local.cpp:63:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char* env_max_s = getenv("ADB_LOCAL_TRANSPORT_MAX_PORT");
data/android-platform-system-core-10.0.0+r36/adb/transport_local.cpp:160:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char *host = getenv("ADBHOST");
data/android-platform-system-core-10.0.0+r36/adb/transport_usb.cpp:199:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    static bool enable = getenv("ADB_LIBUSB") && strcmp(getenv("ADB_LIBUSB"), "1") == 0;
data/android-platform-system-core-10.0.0+r36/adb/transport_usb.cpp:199:57:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    static bool enable = getenv("ADB_LIBUSB") && strcmp(getenv("ADB_LIBUSB"), "1") == 0;
data/android-platform-system-core-10.0.0+r36/base/file.cpp:78:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const auto* tmpdir = getenv("TMPDIR");
data/android-platform-system-core-10.0.0+r36/base/file.cpp:98:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const auto* tmpdir = getenv("TMPDIR");
data/android-platform-system-core-10.0.0+r36/base/file.cpp:392:20:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
    realpath_buf = realpath(path.c_str(), nullptr);
data/android-platform-system-core-10.0.0+r36/base/logging.cpp:106:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const auto val = getenv("ANDROID_FILE__dev_kmsg");
data/android-platform-system-core-10.0.0+r36/base/logging.cpp:299:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char* tags = getenv("ANDROID_LOG_TAGS");
data/android-platform-system-core-10.0.0+r36/bootstat/bootstat.cpp:1322:17:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
  while ((opt = getopt_long(argc, argv, "hlpr:", long_options, &option_index)) != -1) {
data/android-platform-system-core-10.0.0+r36/demangle/demangle.cpp:112:22:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
  while ((opt_char = getopt(argc, argv, "c")) != -1) {
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:169:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char* dir = getenv("ANDROID_PRODUCT_OUT");
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:540:9:  [3] (tmpfile) GetTempFileName:
  Temporary file race condition in certain cases (e.g., if run as SYSTEM in
  many versions of Windows) (CWE-377).
    if (GetTempFileName(temp_path, "fastboot", 0, filename) == 0) {
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:561:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char* tmpdir = getenv("TMPDIR");
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:1638:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    serial = getenv("ANDROID_SERIAL");
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:1641:17:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt_long(argc, argv, "a::hls:S:vw", longopts, &longindex)) != -1) {
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:160:20:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
static std::string realpath(const std::string& blk_device) {
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:241:64:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
            LINFO << "Not running " << E2FSCK_BIN << " on " << realpath(blk_device)
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:244:60:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
            LINFO << "Running " << E2FSCK_BIN << " on " << realpath(blk_device);
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:269:63:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
            LINFO << "Running " << F2FS_FSCK_BIN << " -f " << realpath(blk_device);
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:274:63:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
            LINFO << "Running " << F2FS_FSCK_BIN << " -a " << realpath(blk_device);
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:727:38:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
                   << " blk_dev=" << realpath(fstab[i].blk_device) << " rec[" << i
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:1237:49:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
            LERROR << __FUNCTION__ << "(): " << realpath(current_entry.blk_device)
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_remount.cpp:144:28:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    for (int opt; (opt = ::getopt_long(argc, argv, "hRT:", longopts, nullptr)) != -1;) {
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp:402:31:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        fs_path = std::string(getenv("TMPDIR")) + "/ext4_2G.img";
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp:411:32:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        mntpoint = std::string(getenv("TMPDIR")) + "/fiemap_mnt";
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp:444:31:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        fs_path = std::string(getenv("TMPDIR")) + "/f2fs_2G.img";
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp:453:32:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        mntpoint = std::string(getenv("TMPDIR")) + "/fiemap_mnt";
data/android-platform-system-core-10.0.0+r36/gatekeeperd/SoftGateKeeper.h:82:34:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    virtual void GetRandom(void *random, uint32_t requested_length) const {
data/android-platform-system-core-10.0.0+r36/gatekeeperd/SoftGateKeeper.h:84:39:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        RAND_pseudo_bytes((uint8_t *) random, requested_length);
data/android-platform-system-core-10.0.0+r36/healthd/healthd_mode_charger.cpp:750:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((ch = getopt(argc, argv, "cr")) != -1) {
data/android-platform-system-core-10.0.0+r36/init/init.cpp:655:38:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    property_set("ro.boottime.init", getenv("INIT_STARTED_AT"));
data/android-platform-system-core-10.0.0+r36/init/init.cpp:656:46:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    property_set("ro.boottime.init.selinux", getenv("INIT_SELINUX_TOOK"));
data/android-platform-system-core-10.0.0+r36/init/init.cpp:659:31:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char* avb_version = getenv("INIT_AVB_VERSION");
data/android-platform-system-core-10.0.0+r36/init/init.cpp:663:40:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char* force_debuggable_env = getenv("INIT_FORCE_DEBUGGABLE");
data/android-platform-system-core-10.0.0+r36/init/selinux.cpp:290:40:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char* force_debuggable_env = getenv("INIT_FORCE_DEBUGGABLE");
data/android-platform-system-core-10.0.0+r36/init/switch_root.cpp:93:9:  [3] (misc) chroot:
  chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
  Make sure the program immediately chdir("/"), closes file descriptors, and
  drops root privileges, and that all necessary files (and no more!) are in
  the new root.
    if (chroot(".") != 0) {
data/android-platform-system-core-10.0.0+r36/libcutils/android_get_control_file.cpp:62:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char* val = getenv(key);
data/android-platform-system-core-10.0.0+r36/libcutils/threads.cpp:92:9:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
        InitializeCriticalSection( &store->lock );
data/android-platform-system-core-10.0.0+r36/libcutils/threads.cpp:98:5:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
    EnterCriticalSection( &store->lock );
data/android-platform-system-core-10.0.0+r36/libion/ion_test.c:232:13:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
        c = getopt_long(argc, argv, "af:h:l:mr:st", opts, &i);
data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.cpp:195:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char* tags = getenv("ANDROID_LOG_TAGS");
data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.cpp:283:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char* fstr = getenv("ANDROID_PRINTF_LOG");
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:329:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char* cp = getenv(tz);
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1378:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
          cp = getenv(tz);
data/android-platform-system-core-10.0.0+r36/liblog/stderr_write.cpp:90:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  envStr = getenv("ANDROID_PRINTF_LOG");
data/android-platform-system-core-10.0.0+r36/liblog/stderr_write.cpp:114:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  envStr = getenv("ANDROID_LOG_TAGS");
data/android-platform-system-core-10.0.0+r36/libmeminfo/libdmabufinfo/tools/dmabuf_dump.cpp:218:19:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((opt = getopt_long(argc, argv, "ah", longopts, nullptr)) != -1) {
data/android-platform-system-core-10.0.0+r36/libmeminfo/tools/librank.cpp:258:19:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((opt = getopt(argc, argv, "acChkm:pP:uvrsR")) != -1) {
data/android-platform-system-core-10.0.0+r36/libmeminfo/tools/procmem.cpp:131:19:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((opt = getopt(argc, argv, "himpuWw")) != -1) {
data/android-platform-system-core-10.0.0+r36/libmeminfo/tools/procrank.cpp:378:19:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((opt = getopt(argc, argv, "cChkoprRsuvwW")) != -1) {
data/android-platform-system-core-10.0.0+r36/libmeminfo/tools/showmap.cpp:224:19:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((opt = getopt_long(argc, argv, "tvaqf:h", longopts, nullptr)) != -1) {
data/android-platform-system-core-10.0.0+r36/libmeminfo/tools/wsstop.cpp:187:19:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((opt = getopt_long(argc, argv, "d:n:h", longopts, nullptr)) != -1) {
data/android-platform-system-core-10.0.0+r36/libnativeloader/native_loader.cpp:450:36:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char* android_root_env = getenv("ANDROID_ROOT");
data/android-platform-system-core-10.0.0+r36/libnativeloader/native_loader.cpp:470:37:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      const char* additional_libs = getenv("ANDROID_ADDITIONAL_PUBLIC_LIBRARIES");
data/android-platform-system-core-10.0.0+r36/libutils/LruCache_test.cpp:227:5:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srandom(12345);
data/android-platform-system-core-10.0.0+r36/libutils/LruCache_test.cpp:230:21:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        int index = random() % kNumKeys;
data/android-platform-system-core-10.0.0+r36/libutils/Threads.cpp:455:9:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
        EnterCriticalSection(&condState->waitersCountLock);
data/android-platform-system-core-10.0.0+r36/libutils/Threads.cpp:476:9:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
        EnterCriticalSection(&condState->waitersCountLock);
data/android-platform-system-core-10.0.0+r36/libutils/Threads.cpp:524:5:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
    InitializeCriticalSection(&condState->waitersCountLock);
data/android-platform-system-core-10.0.0+r36/libutils/Threads.cpp:575:5:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
    EnterCriticalSection(&condState->waitersCountLock);
data/android-platform-system-core-10.0.0+r36/libutils/Threads.cpp:603:5:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
    EnterCriticalSection(&condState->waitersCountLock);
data/android-platform-system-core-10.0.0+r36/libziparchive/unzip.cpp:282:17:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
  while ((opt = getopt_long(argc, argv, "-d:hlnopqvx", opts, nullptr)) != -1) {
data/android-platform-system-core-10.0.0+r36/lmkd/tests/lmkd_test.cpp:299:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv(LMKDTEST_RESPAWN_FLAG) != NULL) {
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:702:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
const char* getenv(android_logcat_context_internal* context, const char* name) {
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:893:17:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
        int c = getopt_long(argc, argv, ":cdDhLt:T:gG:sQf:r:n:v:b:BSpP:m:e:", long_options,
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:1339:42:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        const char* logFormat = android::getenv(context, "ANDROID_PRINTF_LOG");
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:1372:46:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        const char* env_tags_orig = android::getenv(context, "ANDROID_LOG_TAGS");
data/android-platform-system-core-10.0.0+r36/logd/auditctl.cpp:46:19:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((opt = getopt(argc, argv, "r:")) != -1) {
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrapper.c:58:18:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((ch = getopt(argc, argv, "adk")) != -1) {
data/android-platform-system-core-10.0.0+r36/reboot/reboot.c:36:13:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
        c = getopt(argc, argv, "p");
data/android-platform-system-core-10.0.0+r36/sdcard/sdcard.cpp:254:19:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((opt = getopt(argc, argv, "u:g:U:mwGio")) != -1) {
data/android-platform-system-core-10.0.0+r36/storaged/main.cpp:88:15:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
        opt = getopt_long(argc, argv, ":pstu", long_options, &opt_idx);
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:538:13:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
        c = getopt(argc, argv, "tns:Sv::dpilqc:rh");
data/android-platform-system-core-10.0.0+r36/toolbox/getprop.cpp:102:19:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
        int arg = getopt_long(argc, argv, "TZ", long_options, nullptr);
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/grep.c:313:6:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	c = getenv("GREP_COLOR");
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/grep.c:368:10:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
	eopts = getenv("GREP_OPTIONS");
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/grep.c:402:15:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while (((c = getopt_long(aargc, aargv, optstr, long_options, NULL)) !=
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/grep.c:594:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
				term = getenv("TERM");
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:110:7:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
		c = getopt_long (argc, argv, _sopts, _lopts, &oidx);
data/android-platform-system-core-10.0.0+r36/trusty/storage/proxy/proxy.c:198:19:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((opt = getopt_long(argc, argv, _sopts, _lopts, &oidx)) != -1) {
data/android-platform-system-core-10.0.0+r36/trusty/utils/trusty-ut-ctrl/ut-ctrl.c:65:13:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
        c = getopt_long(argc, argv, _sopts, _lopts, &oidx);
data/android-platform-system-core-10.0.0+r36/adb/adb.cpp:570:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char    buf[64 * 1024];
data/android-platform-system-core-10.0.0+r36/adb/adb.cpp:799:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char    temp[3];
data/android-platform-system-core-10.0.0+r36/adb/adb.cpp:879:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char reply_fd[30];
data/android-platform-system-core-10.0.0+r36/adb/adb.cpp:888:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char temp[3] = {};
data/android-platform-system-core-10.0.0+r36/adb/adb_io.cpp:51:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[5];
data/android-platform-system-core-10.0.0+r36/adb/adb_io.cpp:152:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[16];
data/android-platform-system-core-10.0.0+r36/adb/adb_io_test.cpp:54:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[sizeof(expected)] = {};
data/android-platform-system-core-10.0.0+r36/adb/adb_io_test.cpp:68:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[sizeof(expected) + 1] = {};
data/android-platform-system-core-10.0.0+r36/adb/adb_io_test.cpp:82:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[sizeof(input) - 1] = {};
data/android-platform-system-core-10.0.0+r36/adb/adb_io_test.cpp:123:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open("/dev/full", O_WRONLY);
data/android-platform-system-core-10.0.0+r36/adb/adb_trace.cpp:69:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char timestamp[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/adb/adb_utils.cpp:192:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cmd[9];
data/android-platform-system-core-10.0.0+r36/adb/adb_utils.cpp:193:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char arg0[12], arg1[12];
data/android-platform-system-core-10.0.0+r36/adb/adb_utils_test.cpp:47:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char profiles_dir[MAX_PATH];
data/android-platform-system-core-10.0.0+r36/adb/adb_utils_test.cpp:64:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char profiles_dir[MAX_PATH];
data/android-platform-system-core-10.0.0+r36/adb/client/adb_client.cpp:132:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[5];
data/android-platform-system-core-10.0.0+r36/adb/client/adb_client.cpp:207:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[4];
data/android-platform-system-core-10.0.0+r36/adb/client/adb_install.cpp:175:30:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        FILE* metadataFile = fopen(metadataTmpFile.path, "wb");
data/android-platform-system-core-10.0.0+r36/adb/client/adb_install.cpp:225:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[BUFSIZ];
data/android-platform-system-core-10.0.0+r36/adb/client/adb_install.cpp:267:30:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        FILE* metadataFile = fopen(metadataTmpFile.path, "wb");
data/android-platform-system-core-10.0.0+r36/adb/client/adb_install.cpp:436:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[BUFSIZ];
data/android-platform-system-core-10.0.0+r36/adb/client/adb_install.cpp:563:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[BUFSIZ];
data/android-platform-system-core-10.0.0+r36/adb/client/adb_install.cpp:607:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[BUFSIZ];
data/android-platform-system-core-10.0.0+r36/adb/client/auth.cpp:97:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(file.c_str(), "w");
data/android-platform-system-core-10.0.0+r36/adb/client/auth.cpp:137:49:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    std::unique_ptr<FILE, decltype(&fclose)> fp(fopen(file.c_str(), "r"), fclose);
data/android-platform-system-core-10.0.0+r36/adb/client/auth.cpp:334:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[sizeof(struct inotify_event) + NAME_MAX + 1];
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:273:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char raw_buffer[BUFSIZ];
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:480:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char raw_buffer[BUFSIZ];
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:811:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[CHUNK_SIZE];
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:896:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[SIDELOAD_HOST_BLOCK_SIZE];
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:1106:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:1364:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[4096];
data/android-platform-system-core-10.0.0+r36/adb/client/console.cpp:139:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[BUFSIZ];
data/android-platform-system-core-10.0.0+r36/adb/client/fastdeploy.cpp:160:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#undef open
data/android-platform-system-core-10.0.0+r36/adb/client/fastdeploy.cpp:161:69:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    std::unique_ptr<android::ZipFileRO> zipFile(android::ZipFileRO::open(apkPath));
data/android-platform-system-core-10.0.0+r36/adb/client/fastdeploy.cpp:162:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define open ___xxx_unix_open
data/android-platform-system-core-10.0.0+r36/adb/client/file_sync_client.cpp:58:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char data[SYNC_DATA_MAX];
data/android-platform-system-core-10.0.0+r36/adb/client/file_sync_client.cpp:151:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char overall_percentage_str[5] = "?";
data/android-platform-system-core-10.0.0+r36/adb/client/file_sync_client.cpp:299:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(data, path_and_mode, path_length);
data/android-platform-system-core-10.0.0+r36/adb/client/file_sync_client.cpp:397:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(p, path_and_mode, path_length);
data/android-platform-system-core-10.0.0+r36/adb/client/file_sync_client.cpp:404:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(p, data, data_length);
data/android-platform-system-core-10.0.0+r36/adb/client/file_sync_client.cpp:628:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[257];
data/android-platform-system-core-10.0.0+r36/adb/client/file_sync_client.cpp:693:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/adb/client/file_sync_client.cpp:764:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[SYNC_DATA_MAX];
data/android-platform-system-core-10.0.0+r36/adb/client/transport_mdns.cpp:122:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ip_addr[INET6_ADDRSTRLEN];
data/android-platform-system-core-10.0.0+r36/adb/client/usb_linux.cpp:142:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char devdesc[4096];
data/android-platform-system-core-10.0.0+r36/adb/client/usb_linux.cpp:219:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char pathbuf[128];
data/android-platform-system-core-10.0.0+r36/adb/client/usb_linux.cpp:220:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char link[256];
data/android-platform-system-core-10.0.0+r36/adb/client/usb_osx.cpp:148:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                     serial[256];
data/android-platform-system-core-10.0.0+r36/adb/client/usb_windows.cpp:542:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char entry_buffer[2048];
data/android-platform-system-core-10.0.0+r36/adb/client/usb_windows.cpp:572:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char serial_number[512];
data/android-platform-system-core-10.0.0+r36/adb/daemon/auth.cpp:123:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* fp = fopen("/dev/urandom", "re");
data/android-platform-system-core-10.0.0+r36/adb/daemon/auth.cpp:157:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char response[2];
data/android-platform-system-core-10.0.0+r36/adb/daemon/file_sync_service.cpp:320:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char id[5];
data/android-platform-system-core-10.0.0+r36/adb/daemon/file_sync_service.cpp:321:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(id, &msg.data.id, sizeof(msg.data.id));
data/android-platform-system-core-10.0.0+r36/adb/daemon/file_sync_service.cpp:526:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[1025];
data/android-platform-system-core-10.0.0+r36/adb/daemon/framebuffer_service.cpp:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[640];
data/android-platform-system-core-10.0.0+r36/adb/daemon/framebuffer_service.cpp:80:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        const char *args[2] = {command, nullptr};
data/android-platform-system-core-10.0.0+r36/adb/daemon/jdwp_service.cpp:197:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, temp.data(), temp.length());
data/android-platform-system-core-10.0.0+r36/adb/daemon/jdwp_service.cpp:208:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char head[header_len + 1];
data/android-platform-system-core-10.0.0+r36/adb/daemon/jdwp_service.cpp:211:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, head, header_len);
data/android-platform-system-core-10.0.0+r36/adb/daemon/jdwp_service.cpp:318:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(addr.sun_path, sockname, socknamelen);
data/android-platform-system-core-10.0.0+r36/adb/daemon/shell_service.cpp:118:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[512];
data/android-platform-system-core-10.0.0+r36/adb/daemon/shell_service.cpp:216:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[HOST_NAME_MAX];
data/android-platform-system-core-10.0.0+r36/adb/daemon/shell_service.cpp:225:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pts_name[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/adb/daemon/shell_service_test.cpp:81:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[1024];
data/android-platform-system-core-10.0.0+r36/adb/daemon/shell_service_test.cpp:215:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(protocol->data(), command.data(), command.length());
data/android-platform-system-core-10.0.0+r36/adb/daemon/shell_service_test.cpp:238:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(protocol->data(), input.data(), input.length());
data/android-platform-system-core-10.0.0+r36/adb/daemon/shell_service_test.cpp:279:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                          char input[10];
data/android-platform-system-core-10.0.0+r36/adb/daemon/shell_service_test.cpp:299:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                          char input[10];
data/android-platform-system-core-10.0.0+r36/adb/daemon/shell_service_test.cpp:311:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(write_protocol->data(), "in", 2);
data/android-platform-system-core-10.0.0+r36/adb/daemon/transport_qemu.cpp:66:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[256];
data/android-platform-system-core-10.0.0+r36/adb/daemon/transport_qemu.cpp:67:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char con_name[32];
data/android-platform-system-core-10.0.0+r36/adb/daemon/usb.cpp:106:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&result, this, sizeof(*this));
data/android-platform-system-core-10.0.0+r36/adb/daemon/usb.cpp:115:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&result, &value, sizeof(value));
data/android-platform-system-core-10.0.0+r36/adb/daemon/usb.cpp:212:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(header.data(), &packet->msg, sizeof(packet->msg));
data/android-platform-system-core-10.0.0+r36/adb/daemon/usb.cpp:548:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&msg, block->payload->data(), sizeof(amessage));
data/android-platform-system-core-10.0.0+r36/adb/daemon/usb_ffs.cpp:195:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        const char str1[sizeof(STR_INTERFACE_)];
data/android-platform-system-core-10.0.0+r36/adb/fdevent.cpp:400:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/android-platform-system-core-10.0.0+r36/adb/fdevent_test.cpp:290:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char buf[2];
data/android-platform-system-core-10.0.0+r36/adb/shell_protocol.h:107:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer_[kBufferSize];
data/android-platform-system-core-10.0.0+r36/adb/shell_service_protocol.cpp:59:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&buffer_[1], &typed_length, sizeof(typed_length));
data/android-platform-system-core-10.0.0+r36/adb/shell_service_protocol_test.cpp:105:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(write_protocol_->data(), data, sizeof(data));
data/android-platform-system-core-10.0.0+r36/adb/shell_service_protocol_test.cpp:116:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(write_protocol_->data(), "1234567890", 10);
data/android-platform-system-core-10.0.0+r36/adb/shell_service_protocol_test.cpp:134:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1];
data/android-platform-system-core-10.0.0+r36/adb/shell_service_protocol_test.cpp:187:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(write_protocol_->data(), data, sizeof(data));
data/android-platform-system-core-10.0.0+r36/adb/socket_test.cpp:256:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[6];
data/android-platform-system-core-10.0.0+r36/adb/sockets.cpp:263:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[BUFSIZ];
data/android-platform-system-core-10.0.0+r36/adb/sockets.cpp:513:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p->payload.data(), destination.data(), destination.size());
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:145:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define  open    ___xxx_unix_open
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:256:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define fopen adb_fopen
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:365:35:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        return TEMP_FAILURE_RETRY(open(zero_terminated.c_str(), options));
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:372:35:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        return TEMP_FAILURE_RETRY(open(zero_terminated.c_str(), options, mode));
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:380:32:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    return TEMP_FAILURE_RETRY( open( pathname, options, mode ) );
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:393:35:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int  fd = TEMP_FAILURE_RETRY( open( pathname, options ) );
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:399:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#undef   open
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:400:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define  open    ___xxx_open
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:539:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[16];  // MAX_TASK_COMM_LEN, but that's not exported by the kernel headers.
data/android-platform-system-core-10.0.0+r36/adb/sysdeps/vm_sockets.h:41:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char svm_zero[sizeof(struct sockaddr) - sizeof(sa_family_t) - sizeof(unsigned short) -
data/android-platform-system-core-10.0.0+r36/adb/sysdeps/win32/stat.cpp:64:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(s, &st, sizeof(st));
data/android-platform-system-core-10.0.0+r36/adb/sysdeps_test.cpp:34:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[4];
data/android-platform-system-core-10.0.0+r36/adb/sysdeps_win32.cpp:135:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  name[32];
data/android-platform-system-core-10.0.0+r36/adb/sysdeps_win32.cpp:908:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char port_str[16];
data/android-platform-system-core-10.0.0+r36/adb/sysdeps_win32.cpp:1577:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, normal, len);
data/android-platform-system-core-10.0.0+r36/adb/sysdeps_win32.cpp:1675:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(buf, g_console_input_buffer.data(), bytes_read);
data/android-platform-system-core-10.0.0+r36/adb/sysdeps_win32.cpp:1698:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char seqbuf[16];
data/android-platform-system-core-10.0.0+r36/adb/transport.cpp:531:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[5];
data/android-platform-system-core-10.0.0+r36/adb/transport.cpp:533:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&data[0], buf, 4);
data/android-platform-system-core-10.0.0+r36/adb/transport.cpp:534:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&data[4], string.data(), string.size());
data/android-platform-system-core-10.0.0+r36/adb/transport.h:287:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char token[TOKEN_SIZE] = {};
data/android-platform-system-core-10.0.0+r36/adb/transport_fd.cpp:112:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(read_header_.get(), header_buf.data(), sizeof(amessage));
data/android-platform-system-core-10.0.0+r36/adb/transport_usb.cpp:48:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[4096];
data/android-platform-system-core-10.0.0+r36/adb/transport_usb.cpp:54:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(msg, buffer, sizeof(*msg));
data/android-platform-system-core-10.0.0+r36/adb/types.h:238:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(copy->data(), first_block->data() + begin_offset_, copy->size());
data/android-platform-system-core-10.0.0+r36/adb/types.h:303:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&result[offset], data, len);
data/android-platform-system-core-10.0.0+r36/base/cmsg.cpp:42:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  alignas(struct cmsghdr) char cmsg_buf[cmsg_space];
data/android-platform-system-core-10.0.0+r36/base/cmsg.cpp:85:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  alignas(struct cmsghdr) char cmsg_buf[cmsg_space];
data/android-platform-system-core-10.0.0+r36/base/cmsg_test.cpp:73:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[2];
data/android-platform-system-core-10.0.0+r36/base/cmsg_test.cpp:85:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[2];
data/android-platform-system-core-10.0.0+r36/base/cmsg_test.cpp:107:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[2];
data/android-platform-system-core-10.0.0+r36/base/cmsg_test.cpp:117:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[2];
data/android-platform-system-core-10.0.0+r36/base/cmsg_test.cpp:135:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[2];
data/android-platform-system-core-10.0.0+r36/base/cmsg_test.cpp:155:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[2];
data/android-platform-system-core-10.0.0+r36/base/cmsg_test.cpp:170:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[2];
data/android-platform-system-core-10.0.0+r36/base/cmsg_test.cpp:189:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[2];
data/android-platform-system-core-10.0.0+r36/base/file.cpp:54:5:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
int mkstemp(char* template_name) {
data/android-platform-system-core-10.0.0+r36/base/file.cpp:60:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  return open(template_name, O_CREAT | O_EXCL | O_RDWR | O_BINARY, S_IRUSR | S_IWUSR);
data/android-platform-system-core-10.0.0+r36/base/file.cpp:87:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp_dir[MAX_PATH];
data/android-platform-system-core-10.0.0+r36/base/file.cpp:131:8:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
  fd = mkstemp(path);
data/android-platform-system-core-10.0.0+r36/base/file.cpp:191:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[BUFSIZ];
data/android-platform-system-core-10.0.0+r36/base/file.cpp:203:50:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(path.c_str(), flags)));
data/android-platform-system-core-10.0.0+r36/base/file.cpp:238:50:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(path.c_str(), flags, mode)));
data/android-platform-system-core-10.0.0+r36/base/file.cpp:266:50:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(path.c_str(), flags, 0666)));
data/android-platform-system-core-10.0.0+r36/base/file.cpp:410:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[PATH_MAX + 1];
data/android-platform-system-core-10.0.0+r36/base/file.cpp:420:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[PATH_MAX + 1];
data/android-platform-system-core-10.0.0+r36/base/include/android-base/file.h:50:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[1024];
data/android-platform-system-core-10.0.0+r36/base/include/android-base/file.h:67:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[1024];
data/android-platform-system-core-10.0.0+r36/base/include/android-base/memory.h:28:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&result, address, sizeof(T));
data/android-platform-system-core-10.0.0+r36/base/include/android-base/memory.h:34:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(address, &v, sizeof(T));
data/android-platform-system-core-10.0.0+r36/base/include/android-base/utf8.h:91:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
FILE* fopen(const char* name, const char* mode);
data/android-platform-system-core-10.0.0+r36/base/include/android-base/utf8.h:93:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
int open(const char* name, int flags, ...);
data/android-platform-system-core-10.0.0+r36/base/include/android-base/utf8.h:96:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
using ::fopen;
data/android-platform-system-core-10.0.0+r36/base/include/android-base/utf8.h:98:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
using ::open;
data/android-platform-system-core-10.0.0+r36/base/logging.cpp:73:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char progname[MAX_PATH] = {};
data/android-platform-system-core-10.0.0+r36/base/logging.cpp:115:29:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  return TEMP_FAILURE_RETRY(open("/dev/kmsg", O_WRONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/base/logging.cpp:190:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1024];
data/android-platform-system-core-10.0.0+r36/base/logging.cpp:215:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char timestamp[32];
data/android-platform-system-core-10.0.0+r36/base/stringprintf.cpp:28:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char space[1024];
data/android-platform-system-core-10.0.0+r36/base/utf8.cpp:109:30:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  const int chars_required = MultiByteToWideChar(CP_UTF8, flags, utf8, size,
data/android-platform-system-core-10.0.0+r36/base/utf8.cpp:119:22:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  const int result = MultiByteToWideChar(CP_UTF8, flags, utf8, size,
data/android-platform-system-core-10.0.0+r36/base/utf8.cpp:184:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
FILE* fopen(const char* name, const char* mode) {
data/android-platform-system-core-10.0.0+r36/base/utf8.cpp:207:5:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
int open(const char* name, int flags, ...) {
data/android-platform-system-core-10.0.0+r36/base/utf8_test.cpp:327:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(WriteInto(&multistring16, arraysize(multi16)), multi16,
data/android-platform-system-core-10.0.0+r36/base/utf8_test.cpp:331:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(WriteInto(&expected, arraysize(multi)), multi, sizeof(multi));
data/android-platform-system-core-10.0.0+r36/base/utf8_test.cpp:467:31:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  android::base::unique_fd fd(open(utf8.c_str(), flags, mode));
data/android-platform-system-core-10.0.0+r36/base/utf8_test.cpp:475:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE* file = fopen(utf8.c_str(), "rb");
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:211:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(in + ilen + 1, names[i], t + 1);
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:215:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(out + olen + 1, names[i], t + 1);
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:218:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(out, names[i], t + 1);
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:247:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fd = open(in, O_RDONLY);
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:265:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[1024];
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:277:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char in[8192];
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:278:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char out[8192];
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:294:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[CANNED_LINE_LENGTH];
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:295:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* f = fopen(filename, "r");
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:311:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            cc->uid = atoi(strtok(line, " \n"));
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:314:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            cc->uid = atoi(strtok(NULL, " \n"));
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:316:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        cc->gid = atoi(strtok(NULL, " \n"));
data/android-platform-system-core-10.0.0+r36/debuggerd/client/debuggerd_client.cpp:233:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/android-platform-system-core-10.0.0+r36/debuggerd/crash_dump.cpp:377:24:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int target_proc_fd = open(target_proc_path.c_str(), O_DIRECTORY | O_RDONLY);
data/android-platform-system-core-10.0.0+r36/debuggerd/crash_dump.cpp:549:42:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd devnull(TEMP_FAILURE_RETRY(open("/dev/null", O_RDWR)));
data/android-platform-system-core-10.0.0+r36/debuggerd/crasher/crasher.cpp:83:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128];
data/android-platform-system-core-10.0.0+r36/debuggerd/crasher/crasher.cpp:138:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[16];
data/android-platform-system-core-10.0.0+r36/debuggerd/crasher/crasher.cpp:226:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[1];
data/android-platform-system-core-10.0.0+r36/debuggerd/crasher/crasher.cpp:232:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        open("/dev/null", O_RDONLY);
data/android-platform-system-core-10.0.0+r36/debuggerd/crasher/crasher.cpp:265:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[10];
data/android-platform-system-core-10.0.0+r36/debuggerd/crasher/crasher.cpp:270:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      FILE* f = fopen("/dev/null", "r");
data/android-platform-system-core-10.0.0+r36/debuggerd/crasher/crasher.cpp:349:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char msg[32];
data/android-platform-system-core-10.0.0+r36/debuggerd/crasher/crasher.cpp:353:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(msg.msg, "dummy abort message", strlen("dummy abort message"));
data/android-platform-system-core-10.0.0+r36/debuggerd/debuggerd.cpp:47:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[BUFSIZ];
data/android-platform-system-core-10.0.0+r36/debuggerd/debuggerd_benchmark.cpp:82:40:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    android::base::unique_fd output_fd(open("/dev/null", O_WRONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/debuggerd/debuggerd_test.cpp:375:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[4045 + 1];
data/android-platform-system-core-10.0.0+r36/debuggerd/debuggerd_test.cpp:606:20:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
  FILE* tmp_file = tmpfile();
data/android-platform-system-core-10.0.0+r36/debuggerd/debuggerd_test.cpp:853:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd fd(open("/dev/null", O_RDONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/debuggerd/debuggerd_test.cpp:1027:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char outbuf[sizeof(java)];
data/android-platform-system-core-10.0.0+r36/debuggerd/debuggerd_test.cpp:1058:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char outbuf[sizeof(any)];
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_fallback.cpp:112:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[BUFSIZ];
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_fallback.cpp:160:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[512];
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_fallback.cpp:185:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&result, &packed, sizeof(packed));
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_fallback.cpp:191:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&result, &value, sizeof(value));
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_handler.cpp:135:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[256];
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_handler.cpp:141:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  unique_fd fd(open("/proc/self/comm", O_RDONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_handler.cpp:169:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char thread_name[MAX_TASK_NAME_LEN + 1];  // one more for termination
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_handler.cpp:171:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(thread_name, "<name unknown>");
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_handler.cpp:185:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char addr_desc[32] = "";  // ", fault addr 0x1234"
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_handler.cpp:190:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sender_desc[32] = {};  // " from pid 1234, uid 666"
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_handler.cpp:195:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char main_thread_name[MAX_TASK_NAME_LEN + 1];
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_handler.cpp:326:36:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int devnull = TEMP_FAILURE_RETRY(open("/dev/null", O_RDWR));
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_handler.cpp:382:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char main_tid[10];
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_handler.cpp:383:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pseudothread_tid[10];
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_handler.cpp:384:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char debuggerd_dump_type[10];
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_handler.cpp:403:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[4];
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/backtrace.cpp:48:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char timestr[64];
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/backtrace.cpp:109:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char process_name[128];
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/open_files_list.cpp:55:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int fd = atoi(de->d_name);
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/dump_memory_test.cpp:126:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buffer, buffer_.data() + offset, bytes);
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/dump_memory_test.cpp:135:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer_.data(), buffer, bytes);
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/dump_memory_test.cpp:160:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp_file[256];
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/dump_memory_test.cpp:162:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tmp_file, data_template, sizeof(data_template));
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/dump_memory_test.cpp:163:24:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
    int tombstone_fd = mkstemp(tmp_file);
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/dump_memory_test.cpp:166:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(tmp_file, tmp_template, sizeof(tmp_template));
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/dump_memory_test.cpp:167:22:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
      tombstone_fd = mkstemp(tmp_file);
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/tombstone_test.cpp:41:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp_file[256];
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/tombstone_test.cpp:43:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(tmp_file, data_template, sizeof(data_template));
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/tombstone_test.cpp:44:24:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
    int tombstone_fd = mkstemp(tmp_file);
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/tombstone_test.cpp:47:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(tmp_file, tmp_template, sizeof(tmp_template));
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/test/tombstone_test.cpp:48:22:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
      tombstone_fd = mkstemp(tmp_file);
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/tombstone.cpp:84:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[strlen("1970-01-01 00:00:00+0830") + 1];
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/tombstone.cpp:120:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char addr_desc[64];  // ", fault addr 0x1234"
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/tombstone.cpp:134:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char sender_desc[32] = {};  // " from pid 1234, uid 666"
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/tombstone.cpp:548:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char timeBuf[32];
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/tombstone.cpp:560:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[512];
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/tombstone.cpp:629:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char thread_name[16];
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/tombstone.cpp:630:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char process_name[128];
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/utility.cpp:96:25:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      unique_fd kmsg_fd(open("/dev/kmsg_debug", O_WRONLY | O_APPEND | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/utility.cpp:223:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  unique_fd fd(open(path, O_RDONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/debuggerd/protocol.h:80:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char error_message[127];  // always null-terminated
data/android-platform-system-core-10.0.0+r36/debuggerd/tombstoned/tombstoned.cpp:81:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        dir_fd_(open(dir_path.c_str(), O_DIRECTORY | O_RDONLY | O_CLOEXEC)),
data/android-platform-system-core-10.0.0+r36/debuggerd/tombstoned/tombstoned.cpp:219:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      output_fd.reset(open("/dev/null", O_WRONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/demangle/demangle_fuzzer.cpp:28:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(data_str.data(), data, size);
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/adf.cpp:85:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[64];
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/adf.cpp:90:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    dev->fd = open(filename, flags);
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/adf.cpp:227:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pattern[64];
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/adf.cpp:304:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[64];
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/adf.cpp:309:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open(filename, flags);
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/adf.cpp:442:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pattern[64];
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/adf.cpp:520:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[64];
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/adf.cpp:525:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open(filename, flags);
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/adf.cpp:626:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(event_ret.get(), &header, sizeof(header));
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/adf.cpp:637:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void adf_format_str(__u32 format, char buf[ADF_FORMAT_STR_SIZE])
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/include/adf/adf.h:277:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void adf_format_str(__u32 format, char buf[ADF_FORMAT_STR_SIZE]);
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/include/video/adf.h:147:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[ADF_NAME_LEN];
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/include/video/adf.h:160:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[ADF_NAME_LEN];
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/include/video/adf.h:180:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[ADF_NAME_LEN];
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/original-kernel-headers/video/adf.h:284:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[ADF_NAME_LEN];
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/original-kernel-headers/video/adf.h:316:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[ADF_NAME_LEN];
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/original-kernel-headers/video/adf.h:347:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[ADF_NAME_LEN];
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/tests/adf_test.cpp:56:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    void get8888Format(uint32_t &fmt, char fmt_str[ADF_FORMAT_STR_SIZE]) {
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/tests/adf_test.cpp:128:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char format_str[ADF_FORMAT_STR_SIZE], int &buf_fd, uint32_t &offset,
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/tests/adf_test.cpp:311:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format_str[ADF_FORMAT_STR_SIZE];
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/tests/adf_test.cpp:334:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format_str[ADF_FORMAT_STR_SIZE];
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/tests/adf_test.cpp:352:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format_str[ADF_FORMAT_STR_SIZE];
data/android-platform-system-core-10.0.0+r36/fastboot/bootimg_utils.cpp:60:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(hdr->magic, BOOT_MAGIC, BOOT_MAGIC_SIZE);
data/android-platform-system-core-10.0.0+r36/fastboot/bootimg_utils.cpp:79:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(hdr->magic + hdr->page_size, kernel.data(), kernel.size());
data/android-platform-system-core-10.0.0+r36/fastboot/bootimg_utils.cpp:80:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(hdr->magic + hdr->page_size + kernel_actual, ramdisk.data(), ramdisk.size());
data/android-platform-system-core-10.0.0+r36/fastboot/bootimg_utils.cpp:81:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(hdr->magic + hdr->page_size + kernel_actual + ramdisk_actual, second.data(),
data/android-platform-system-core-10.0.0+r36/fastboot/bootimg_utils.cpp:83:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(hdr->magic + hdr->page_size + kernel_actual + ramdisk_actual + second_actual, dtb.data(),
data/android-platform-system-core-10.0.0+r36/fastboot/device/fastboot_device.cpp:92:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[FB_RESPONSE_SZ];
data/android-platform-system-core-10.0.0+r36/fastboot/device/fastboot_device.cpp:103:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, kResultStrings[static_cast<size_t>(result)], kResponseReasonSize);
data/android-platform-system-core-10.0.0+r36/fastboot/device/fastboot_device.cpp:104:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf + kResponseReasonSize, message.c_str(), msg_len);
data/android-platform-system-core-10.0.0+r36/fastboot/device/fastboot_device.cpp:126:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char command[FB_RESPONSE_SZ + 1];
data/android-platform-system-core-10.0.0+r36/fastboot/device/usb_client.cpp:155:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        const char str1[sizeof(STR_INTERFACE_)];
data/android-platform-system-core-10.0.0+r36/fastboot/device/usb_client.cpp:200:26:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        h->control.reset(open(kUsbFfsFastbootEp0, O_RDWR));
data/android-platform-system-core-10.0.0+r36/fastboot/device/usb_client.cpp:221:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    h->bulk_out.reset(open(kUsbFfsFastbootOut, O_RDONLY));
data/android-platform-system-core-10.0.0+r36/fastboot/device/usb_client.cpp:227:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    h->bulk_in.reset(open(kUsbFfsFastbootIn, O_WRONLY));
data/android-platform-system-core-10.0.0+r36/fastboot/device/utility.cpp:83:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd fd(TEMP_FAILURE_RETRY(open(handle->path().c_str(), O_WRONLY | O_EXCL)));
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:228:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd fd(TEMP_FAILURE_RETRY(open(file.c_str(), O_RDONLY | O_CLOEXEC | O_BINARY)));
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:533:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp_path[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:539:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:544:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    return fopen(filename, "w+bTD");
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:547:9:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
#define tmpfile win32_tmpfile
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:555:19:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
    return fileno(tmpfile());
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:577:14:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
    int fd = mkstemp(&path_template[0]);
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:591:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open(marker_file.c_str(), O_CREAT | O_WRONLY | O_CLOEXEC, 0666);
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:901:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd fd(TEMP_FAILURE_RETRY(open(fname, O_RDONLY | O_BINARY)));
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:1414:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    return open(path.c_str(), O_RDONLY | O_BINARY);
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:1538:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd.reset(open(output.path, O_RDONLY));
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot_driver.cpp:313:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    ofs.open(outfile, std::ofstream::out | std::ofstream::binary);
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot_driver.cpp:405:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char status[FB_RESPONSE_SZ + 1];
data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/main.cpp:1339:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        FILE* to_flash = fopen((SEARCH_PATH + fname).c_str(), "rb");
data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/main.cpp:1464:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        FILE* to_flash = fopen((SEARCH_PATH + packed_image).c_str(), "rb");
data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/main.cpp:1505:26:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        FILE* to_stage = fopen((SEARCH_PATH + test.input).c_str(), "rb");
data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/test_utils.cpp:113:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open(port.c_str(), O_RDONLY | O_NOCTTY | O_NONBLOCK);
data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/test_utils.cpp:190:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/android-platform-system-core-10.0.0+r36/fastboot/socket_mock.cpp:98:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(data, message.data(), message.length());
data/android-platform-system-core-10.0.0+r36/fastboot/socket_test.cpp:93:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[16];
data/android-platform-system-core-10.0.0+r36/fastboot/socket_test.cpp:114:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[16];
data/android-platform-system-core-10.0.0+r36/fastboot/socket_test.cpp:164:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[5];
data/android-platform-system-core-10.0.0+r36/fastboot/tcp.cpp:102:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[kHandshakeLength + 1];
data/android-platform-system-core-10.0.0+r36/fastboot/tcp.cpp:134:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[8];
data/android-platform-system-core-10.0.0+r36/fastboot/tcp.cpp:161:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char header[8];
data/android-platform-system-core-10.0.0+r36/fastboot/tcp_test.cpp:201:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[16];
data/android-platform-system-core-10.0.0+r36/fastboot/tcp_test.cpp:209:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[16];
data/android-platform-system-core-10.0.0+r36/fastboot/tcp_test.cpp:224:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[16];
data/android-platform-system-core-10.0.0+r36/fastboot/udp.cpp:294:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(rx_data, rx_packet_.data() + kHeaderSize, rx_data_bytes);
data/android-platform-system-core-10.0.0+r36/fastboot/udp_test.cpp:494:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[3];
data/android-platform-system-core-10.0.0+r36/fastboot/udp_test.cpp:527:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[32];
data/android-platform-system-core-10.0.0+r36/fastboot/usb.h:51:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char serial_number[256];
data/android-platform-system-core-10.0.0+r36/fastboot/usb.h:52:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char device_path[256];
data/android-platform-system-core-10.0.0+r36/fastboot/usb_linux.cpp:88:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[64];
data/android-platform-system-core-10.0.0+r36/fastboot/usb_linux.cpp:185:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char path[80];
data/android-platform-system-core-10.0.0+r36/fastboot/usb_linux.cpp:192:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fd = open(path, O_RDONLY);
data/android-platform-system-core-10.0.0+r36/fastboot/usb_linux.cpp:280:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[80];
data/android-platform-system-core-10.0.0+r36/fastboot/usb_linux.cpp:287:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(path, O_RDONLY);
data/android-platform-system-core-10.0.0+r36/fastboot/usb_linux.cpp:304:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[16];
data/android-platform-system-core-10.0.0+r36/fastboot/usb_linux.cpp:339:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char devname[64];
data/android-platform-system-core-10.0.0+r36/fastboot/usb_linux.cpp:340:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char desc[1024];
data/android-platform-system-core-10.0.0+r36/fastboot/usb_linux.cpp:357:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if ((fd = open(devname, O_RDWR)) < 0) {
data/android-platform-system-core-10.0.0+r36/fastboot/usb_linux.cpp:361:27:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                if ((fd = open(devname, O_RDONLY)) < 0) {
data/android-platform-system-core-10.0.0+r36/fastboot/usb_osx.cpp:444:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(handle->get(), &h, sizeof(usb_handle));
data/android-platform-system-core-10.0.0+r36/fastboot/usb_windows.cpp:335:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char entry_buffer[2048];
data/android-platform-system-core-10.0.0+r36/fastboot/usb_windows.cpp:336:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char interf_name[2048];
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:145:52:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(FSCK_LOG_FILE, O_WRONLY | O_CLOEXEC |
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:309:52:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(blk_device.c_str(), O_RDONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:338:52:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(blk_device.c_str(), O_RDONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:506:52:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(blk_device.c_str(), O_RDONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:535:52:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(blk_device.c_str(), O_RDONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:606:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd fd(TEMP_FAILURE_RETRY(open(blockdev.c_str(), O_RDONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:992:44:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                        TEMP_FAILURE_RETRY(open(entry->blk_device.c_str(), O_RDONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:1245:25:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                        open(current_entry.key_loc.c_str(), O_WRONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:1544:42:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd loop_fd(TEMP_FAILURE_RETRY(open("/dev/loop-control", O_RDWR | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:1557:44:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd target_fd(TEMP_FAILURE_RETRY(open(loop.c_str(), O_RDWR | O_CREAT | O_CLOEXEC, 0600)));
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:1569:44:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd device_fd(TEMP_FAILURE_RETRY(open(device.c_str(), O_RDWR | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:1610:25:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                        fopen(ZRAM_CONF_MCS, "re"), fclose};
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:1620:62:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                    std::unique_ptr<FILE, decltype(&fclose)>{fopen(ZRAM_CONF_DEV, "re+"), fclose};
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_format.cpp:44:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd fd(TEMP_FAILURE_RETRY(open(fs_blkdev.c_str(), O_RDONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_fstab.cpp:649:64:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    auto fstab_file = std::unique_ptr<FILE, decltype(&fclose)>{fopen(path.c_str(), "re"), fclose};
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_overlayfs.cpp:547:58:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    auto file = std::unique_ptr<FILE, decltype(&fclose)>{fopen(path.c_str(), "re"), fclose};
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_overlayfs.cpp:1187:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    android::base::unique_fd fd(open(dev.c_str(), O_RDONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp:96:55:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    auto f = std::unique_ptr<FILE, decltype(&fclose)>{fopen(path, "re"), fclose};
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp:260:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[DM_BUF_SIZE];
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp:280:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[VERITY_KMSG_BUFSIZE + 1];
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp:286:29:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = TEMP_FAILURE_RETRY(open(fname, O_RDONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp:372:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tag[METADATA_TAG_MAX_LENGTH + 1];
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp:383:56:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    auto fp = std::unique_ptr<FILE, decltype(&fclose)>{fopen(fname, "re+"), fclose};
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp:449:29:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = TEMP_FAILURE_RETRY(open(fname, O_WRONLY | O_SYNC | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp:478:29:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = TEMP_FAILURE_RETRY(open(fname, O_RDONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp:522:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[READ_BUF_SIZE];
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp:524:52:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(path, O_RDONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp:544:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tag[METADATA_TAG_MAX_LENGTH + 1];
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp:579:29:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = TEMP_FAILURE_RETRY(open(entry.verity_loc.c_str(), O_RDWR | O_SYNC | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp:612:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tag[METADATA_TAG_MAX_LENGTH + 1];
data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/dm.cpp:30:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd_ = TEMP_FAILURE_RETRY(open("/dev/device-mapper", O_RDWR | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/dm_test.cpp:152:26:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        unique_fd dev_fd(open(dev.path().c_str(), O_RDWR));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/dm_test.cpp:157:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char sector[512];
data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/loop_control.cpp:34:42:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    control_fd_.reset(TEMP_FAILURE_RETRY(open(kLoopControlDevice, O_RDWR | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/loop_control.cpp:46:57:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    android::base::unique_fd loop_fd(TEMP_FAILURE_RETRY(open(loopdev->c_str(), O_RDWR | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/loop_control.cpp:66:57:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    android::base::unique_fd loop_fd(TEMP_FAILURE_RETRY(open(loopdev.c_str(), O_RDWR | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/loop_control.cpp:99:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd_.reset(open(path.c_str(), O_RDWR | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/loop_control_test.cpp:59:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[6];
data/android-platform-system-core-10.0.0+r36/fs_mgr/libdm/loop_control_test.cpp:60:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd loop_fd(open(loop.device().c_str(), O_RDWR));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer.cpp:445:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    android::base::unique_fd fd(open(file_path.c_str(), O_NOFOLLOW | O_CLOEXEC | O_RDONLY));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer.cpp:577:32:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            TEMP_FAILURE_RETRY(open(file_path.c_str(), open_flags, S_IRUSR | S_IWUSR)));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer.cpp:598:32:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            TEMP_FAILURE_RETRY(open(bdev_path.c_str(), O_RDONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp:157:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd fd(open(testfile.c_str(), O_RDONLY));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp:232:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        unique_fd fd(open(testfile.c_str(), O_WRONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/fiemap_writer_test.cpp:241:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd bdev(open(fptr->bdev_path().c_str(), O_RDONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/split_fiemap_writer.cpp:104:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd fd(open(out->list_file_.c_str(), O_CREAT | O_WRONLY | O_CLOEXEC, 0660));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/split_fiemap_writer.cpp:223:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            cursor_fd_.reset(open(file->file_path().c_str(), O_CLOEXEC | O_WRONLY));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfiemap_writer/split_fiemap_writer.cpp:255:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        unique_fd fd(open(file->file_path().c_str(), O_RDONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/avb_ops.cpp:189:52:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(path.c_str(), O_RDONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/avb_util.cpp:510:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd fd(TEMP_FAILURE_RETRY(open(image_path.c_str(), O_RDONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/include/fs_avb/types.h:75:14:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        std::memcpy(vbmeta_ptr_.get(), data, size * sizeof(uint8_t));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/tests/avb_util_test.cpp:74:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    android::base::unique_fd fd(open(image_path.value().c_str(), O_RDWR | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/tests/avb_util_test.cpp:657:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    android::base::unique_fd fd(open(vbmeta_path.value().c_str(), O_RDONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/tests/avb_util_test.cpp:685:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    android::base::unique_fd fd(open(system_path.value().c_str(), O_RDONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/tests/avb_util_test.cpp:742:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    android::base::unique_fd fd(open(system_path.value().c_str(), O_RDONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/tests/avb_util_test.cpp:768:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            open(system_path.value().c_str(), O_RDONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/tests/avb_util_test.cpp:783:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            open(system_path.value().c_str(), O_RDONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/tests/avb_util_test.cpp:794:36:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    android::base::unique_fd ok_fd(open(system_path.value().c_str(), O_RDONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/tests/fs_avb_test.cpp:54:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    android::base::unique_fd fd(open(vbmeta_image_path.value().c_str(), O_RDWR | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/tests/fs_avb_test_util.h:63:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    return android::base::unique_fd(open(file_path.value().c_str(), O_RDONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/fs_mgr/libfs_avb/util.cpp:116:52:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(blockdev.c_str(), O_RDONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/images.cpp:93:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd fd(open(file, O_CREAT | O_RDWR | O_TRUNC | O_CLOEXEC, 0644));
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/images.cpp:153:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd fd(open(file, O_CREAT | O_RDWR | O_TRUNC | O_CLOEXEC, 0644));
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/images.cpp:178:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        unique_fd fd(open(file_path.c_str(), kOpenFlags, 0644));
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/include/liblp/metadata_format.h:211:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[36];
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/include/liblp/metadata_format.h:268:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[36];
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/include/liblp/metadata_format.h:322:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char partition_name[36];
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/io_test.cpp:241:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char expected[LP_SECTOR_SIZE];
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/io_test.cpp:244:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[LP_SECTOR_SIZE];
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/io_test.cpp:324:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char corruption[LP_METADATA_GEOMETRY_SIZE];
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/io_test.cpp:346:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char corruption[kMetadataSize];
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/io_test.cpp:410:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char expected[LP_SECTOR_SIZE];
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/io_test.cpp:412:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[LP_SECTOR_SIZE];
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/reader.cpp:60:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(out, buffer_ + pos_, length);
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/reader.cpp:73:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(geometry, buffer, sizeof(*geometry));
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/utility.cpp:189:28:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    return base::unique_fd(open(path, flags));
data/android-platform-system-core-10.0.0+r36/gatekeeperd/IGateKeeperService.cpp:65:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(buf, out, outSize);
data/android-platform-system-core-10.0.0+r36/gatekeeperd/IGateKeeperService.cpp:136:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(buf, out, outSize);
data/android-platform-system-core-10.0.0+r36/gatekeeperd/SoftGateKeeper.h:112:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(record, stored, sizeof(*record));
data/android-platform-system-core-10.0.0+r36/gatekeeperd/SoftGateKeeper.h:133:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(digest.get(), &salt, sizeof(salt));
data/android-platform-system-core-10.0.0+r36/gatekeeperd/SoftGateKeeper.h:134:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(digest.get() + sizeof(salt), password.buffer.get(), password.length);
data/android-platform-system-core-10.0.0+r36/gatekeeperd/SoftGateKeeperDevice.cpp:41:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(desired_password_buffer.buffer.get(), desired_password, desired_password_length);
data/android-platform-system-core-10.0.0+r36/gatekeeperd/SoftGateKeeperDevice.cpp:45:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(current_password_handle_buffer.buffer.get(), current_password_handle,
data/android-platform-system-core-10.0.0+r36/gatekeeperd/SoftGateKeeperDevice.cpp:51:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(current_password_buffer.buffer.get(), current_password, current_password_length);
data/android-platform-system-core-10.0.0+r36/gatekeeperd/SoftGateKeeperDevice.cpp:83:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(password_handle_buffer.buffer.get(), enrolled_password_handle,
data/android-platform-system-core-10.0.0+r36/gatekeeperd/SoftGateKeeperDevice.cpp:86:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(provided_password_buffer.buffer.get(), provided_password, provided_password_length);
data/android-platform-system-core-10.0.0+r36/gatekeeperd/gatekeeperd.cpp:77:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char filename[21];
data/android-platform-system-core-10.0.0+r36/gatekeeperd/gatekeeperd.cpp:79:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        int fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);
data/android-platform-system-core-10.0.0+r36/gatekeeperd/gatekeeperd.cpp:106:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            int fd = open(filename, O_WRONLY | O_TRUNC | O_CREAT, S_IRUSR | S_IWUSR);
data/android-platform-system-core-10.0.0+r36/gatekeeperd/gatekeeperd.cpp:118:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char filename[21];
data/android-platform-system-core-10.0.0+r36/gatekeeperd/gatekeeperd.cpp:126:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char filename[21];
data/android-platform-system-core-10.0.0+r36/gatekeeperd/gatekeeperd.cpp:129:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        int fd = open(filename, O_RDONLY);
data/android-platform-system-core-10.0.0+r36/gatekeeperd/gatekeeperd.cpp:137:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char filename[21];
data/android-platform-system-core-10.0.0+r36/gatekeeperd/gatekeeperd.cpp:210:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(*enrolled_password_handle, rsp.data.data(),
data/android-platform-system-core-10.0.0+r36/gatekeeperd/gatekeeperd.cpp:302:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(*auth_token, rsp.data.data(), *auth_token_length);
data/android-platform-system-core-10.0.0+r36/gatekeeperd/tests/gatekeeper_test.cpp:109:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(password_handle.buffer.get(), enroll_response.enrolled_password_handle.buffer.get(),
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:296:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char dmesgline[256];
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:419:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vs[128];
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:470:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pval[PROPERTY_VALUE_MAX];
data/android-platform-system-core-10.0.0+r36/healthd/healthd_draw.cpp:155:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char clock_str[CLOCK_LENGTH];
data/android-platform-system-core-10.0.0+r36/init/bootchart.cpp:62:51:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  std::unique_ptr<FILE, decltype(&fclose)> result(fopen(filename, mode), fclose);
data/android-platform-system-core-10.0.0+r36/init/bootchart.cpp:68:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char date[32];
data/android-platform-system-core-10.0.0+r36/init/bootchart.cpp:113:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int pid = atoi(entry->d_name);
data/android-platform-system-core-10.0.0+r36/init/bootchart.cpp:129:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if (open != std::string::npos && close != std::string::npos) {
data/android-platform-system-core-10.0.0+r36/init/builtins.cpp:269:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd fd(TEMP_FAILURE_RETRY(open(filename.c_str(), O_RDONLY | O_NOFOLLOW | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/init/builtins.cpp:417:41:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        unique_fd fd(TEMP_FAILURE_RETRY(open(source + 5, mode | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/init/builtins.cpp:422:47:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            unique_fd loop(TEMP_FAILURE_RETRY(open(tmp.c_str(), mode | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/init/builtins.cpp:844:52:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(filename.c_str(), O_RDONLY)));
data/android-platform-system-core-10.0.0+r36/init/builtins.cpp:855:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[BUFSIZ];
data/android-platform-system-core-10.0.0+r36/init/descriptors.cpp:110:50:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(name().c_str(),
data/android-platform-system-core-10.0.0+r36/init/firmware_handler.cpp:71:26:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd loading_fd(open(loading.c_str(), O_WRONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/init/firmware_handler.cpp:77:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd data_fd(open(data.c_str(), O_WRONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/init/firmware_handler.cpp:86:25:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        unique_fd fw_fd(open(file.c_str(), O_RDONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/init/host_init_verifier.cpp:75:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char static_name[32] = "";
data/android-platform-system-core-10.0.0+r36/init/host_init_verifier.cpp:76:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char static_dir[32] = "/";
data/android-platform-system-core-10.0.0+r36/init/host_init_verifier.cpp:77:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char static_shell[32] = "/system/bin/sh";
data/android-platform-system-core-10.0.0+r36/init/init.cpp:86:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char qemu[32];
data/android-platform-system-core-10.0.0+r36/init/init.cpp:641:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    close(open("/dev/.booting", O_WRONLY | O_CREAT | O_CLOEXEC, 0000));
data/android-platform-system-core-10.0.0+r36/init/keychords.cpp:199:36:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    auto fd = TEMP_FAILURE_RETRY(::open(device.c_str(), O_RDONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/init/keychords.cpp:221:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[512];  // History shows 32-64 bytes typical
data/android-platform-system-core-10.0.0+r36/init/keychords_test.cpp:85:36:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    auto fd = TEMP_FAILURE_RETRY(::open("/dev/uinput", O_WRONLY | O_NONBLOCK | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/init/keychords_test.cpp:145:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[256];
data/android-platform-system-core-10.0.0+r36/init/modalias_handler.cpp:105:32:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            TEMP_FAILURE_RETRY(open(path_name.c_str(), O_RDONLY | O_NOFOLLOW | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/init/mount_handler.cpp:116:63:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
MountHandler::MountHandler(Epoll* epoll) : epoll_(epoll), fp_(fopen("/proc/mounts", "re"), fclose) {
data/android-platform-system-core-10.0.0+r36/init/mount_namespace.cpp:61:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open("/proc/self/ns/mnt", O_RDONLY | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/init/persistent_properties.cpp:175:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        open(temp_filename.c_str(), O_WRONLY | O_CREAT | O_NOFOLLOW | O_TRUNC | O_CLOEXEC, 0600)));
data/android-platform-system-core-10.0.0+r36/init/property_service.cpp:544:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char prop_name[PROP_NAME_MAX];
data/android-platform-system-core-10.0.0+r36/init/property_service.cpp:545:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char prop_value[PROP_VALUE_MAX];
data/android-platform-system-core-10.0.0+r36/init/reboot.cpp:320:39:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd loop(TEMP_FAILURE_RETRY(open(backing_dev.c_str(), O_RDWR | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/init/security.cpp:48:28:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        TEMP_FAILURE_RETRY(open("/dev/hw_random", O_RDONLY | O_NOFOLLOW | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/init/security.cpp:59:28:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        TEMP_FAILURE_RETRY(open("/dev/urandom", O_WRONLY | O_NOFOLLOW | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/init/security.cpp:64:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[512];
data/android-platform-system-core-10.0.0+r36/init/selinux.cpp:304:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        unique_fd fd(open(precompiled_sepolicy_file.c_str(), O_RDONLY | O_CLOEXEC | O_BINARY));
data/android-platform-system-core-10.0.0+r36/init/selinux.cpp:479:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/android-platform-system-core-10.0.0+r36/init/service.cpp:179:29:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        auto fd = unique_fd{open(path.c_str(), O_RDONLY | O_CLOEXEC)};
data/android-platform-system-core-10.0.0+r36/init/service.cpp:922:26:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        int console_fd = open(console_.c_str(), O_RDWR | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/init/service.cpp:1247:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open("/dev/null", O_RDWR);
data/android-platform-system-core-10.0.0+r36/init/service.cpp:1255:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open(console_.c_str(), O_RDWR);
data/android-platform-system-core-10.0.0+r36/init/service.cpp:1256:24:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (fd == -1) fd = open("/dev/null", O_RDWR);
data/android-platform-system-core-10.0.0+r36/init/service_test.cpp:33:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    alignas(alignof(Service)) char old_memory[memory_size];
data/android-platform-system-core-10.0.0+r36/init/subcontext.cpp:63:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[kBufferSize] = {};
data/android-platform-system-core-10.0.0+r36/init/subcontext.cpp:221:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    auto init_fd = std::atoi(argv[3]);
data/android-platform-system-core-10.0.0+r36/init/uevent_listener.cpp:59:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            uevent->major = atoi(msg);
data/android-platform-system-core-10.0.0+r36/init/uevent_listener.cpp:62:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            uevent->minor = atoi(msg);
data/android-platform-system-core-10.0.0+r36/init/uevent_listener.cpp:65:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            uevent->partition_num = atoi(msg);
data/android-platform-system-core-10.0.0+r36/init/uevent_listener.cpp:99:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[UEVENT_MSG_LEN + 2];
data/android-platform-system-core-10.0.0+r36/init/ueventd.cpp:216:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    close(open(COLDBOOT_DONE, O_WRONLY | O_CREAT | O_CLOEXEC, 0000));
data/android-platform-system-core-10.0.0+r36/init/util.cpp:161:28:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        TEMP_FAILURE_RETRY(open(path.c_str(), O_RDONLY | O_NOFOLLOW | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/init/util.cpp:189:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int rc = open(path.c_str(), flags, mode);
data/android-platform-system-core-10.0.0+r36/init/util.cpp:457:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open("/dev/null", O_RDWR);
data/android-platform-system-core-10.0.0+r36/init/util_test.cpp:106:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open(path.c_str(), O_RDONLY | O_NOFOLLOW | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/libappfuse/FuseAppLoop.cc:47:50:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    const uint64_t inode = static_cast<uint64_t>(atol(buffer->request.lookup_name));
data/android-platform-system-core-10.0.0+r36/libappfuse/include/libappfuse/FuseBuffer.h:59:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char write_data[kFuseMaxWrite];
data/android-platform-system-core-10.0.0+r36/libappfuse/include/libappfuse/FuseBuffer.h:68:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lookup_name[kFuseMaxWrite];
data/android-platform-system-core-10.0.0+r36/libappfuse/include/libappfuse/FuseBuffer.h:88:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char read_data[N];
data/android-platform-system-core-10.0.0+r36/libappfuse/tests/FuseAppLoopTest.cc:138:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(request_.lookup_name, "10");
data/android-platform-system-core-10.0.0+r36/libappfuse/tests/FuseAppLoopTest.cc:176:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(request_.lookup_name, "aa");
data/android-platform-system-core-10.0.0+r36/libappfuse/tests/FuseAppLoopTest.cc:189:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(request_.lookup_name, "18446744073709551616");
data/android-platform-system-core-10.0.0+r36/libappfuse/tests/FuseBufferTest.cc:34:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fd->reset(open(kTempFile, O_CREAT | O_RDWR, 0600));
data/android-platform-system-core-10.0.0+r36/libappfuse/tests/FuseBufferTest.cc:44:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[std::max(headerSize, sizeof(FuseRequest))];
data/android-platform-system-core-10.0.0+r36/libappfuse/tests/FuseBufferTest.cc:57:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[std::max(size, sizeof(FuseRequest))];
data/android-platform-system-core-10.0.0+r36/libappfuse/tests/FuseBufferTest.cc:77:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(request.lookup_name, "test");
data/android-platform-system-core-10.0.0+r36/libbacktrace/BacktraceCurrent.cpp:63:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, reinterpret_cast<uint8_t*>(addr), bytes);
data/android-platform-system-core-10.0.0+r36/libbacktrace/BacktraceMap.cpp:68:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char permissions[5];
data/android-platform-system-core-10.0.0+r36/libbacktrace/BacktraceMap.cpp:107:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char
data/android-platform-system-core-10.0.0+r36/libbacktrace/BacktraceMap.cpp:109:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line[1024];
data/android-platform-system-core-10.0.0+r36/libbacktrace/BacktracePtrace.cpp:84:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, reinterpret_cast<uint8_t*>(&data_word) + align_bytes, copy_bytes);
data/android-platform-system-core-10.0.0+r36/libbacktrace/BacktracePtrace.cpp:96:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, &data_word, sizeof(word_t));
data/android-platform-system-core-10.0.0+r36/libbacktrace/BacktracePtrace.cpp:107:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, &data_word, left_over);
data/android-platform-system-core-10.0.0+r36/libbacktrace/ThreadEntry.cpp:130:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&ucontext_.uc_mcontext, &ucontext->uc_mcontext, sizeof(ucontext->uc_mcontext));
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_benchmarks.cpp:45:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      open((std::string("/proc/") + std::to_string(pid) + "/maps").c_str(), O_RDONLY | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_benchmarks.cpp:52:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[2048];
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_read_benchmarks.cpp:100:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, &data, sizeof(long));
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_read_benchmarks.cpp:111:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, &data, left_over);
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_test.cpp:490:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char task_path[128];
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_test.cpp:956:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[4096];
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_test.cpp:959:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE* map_file = fopen(buffer, "r");
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_test.cpp:1235:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int fd = open(tmp_so_name.c_str(), O_RDONLY);
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_test.cpp:1281:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open(tmp_so_name.c_str(), O_RDONLY);
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_test.cpp:1570:38:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  android::base::unique_fd device_fd(open("/dev/zero", O_RDONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_testlib.cpp:88:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&ucontext.uc_mcontext, regs->RawData(), sizeof(uint32_t) * 16);
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_testlib.cpp:90:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&ucontext.uc_mcontext, regs->RawData(), sizeof(uint64_t) * 33);
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_testlib.cpp:129:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(arg->ucontext->data(), &ucontext, sizeof(ucontext));
data/android-platform-system-core-10.0.0+r36/libcutils/android_get_control_socket_test.cpp:60:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char val[32];
data/android-platform-system-core-10.0.0+r36/libcutils/ashmem-dev.cpp:235:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fd = TEMP_FAILURE_RETRY(open(ASHMEM_DEVICE, O_RDWR | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/libcutils/ashmem-dev.cpp:390:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[ASHMEM_NAME_LEN] = {0};
data/android-platform-system-core-10.0.0+r36/libcutils/ashmem-host.cpp:38:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pattern[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/libcutils/ashmem-host.cpp:40:14:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
    int fd = mkstemp(pattern);
data/android-platform-system-core-10.0.0+r36/libcutils/ashmem_test.cpp:76:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(region1, &data, size);
data/android-platform-system-core-10.0.0+r36/libcutils/ashmem_test.cpp:98:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(region1, &data, size);
data/android-platform-system-core-10.0.0+r36/libcutils/ashmem_test.cpp:140:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(region, data, dataSize);
data/android-platform-system-core-10.0.0+r36/libcutils/ashmem_test.cpp:246:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(region, &data, size);
data/android-platform-system-core-10.0.0+r36/libcutils/canned_fs_config.cpp:45:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[PATH_MAX + 200];
data/android-platform-system-core-10.0.0+r36/libcutils/canned_fs_config.cpp:48:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(fn, "r");
data/android-platform-system-core-10.0.0+r36/libcutils/canned_fs_config.cpp:68:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        p->uid = atoi(strtok(rootdir ? line : NULL, " "));
data/android-platform-system-core-10.0.0+r36/libcutils/canned_fs_config.cpp:69:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        p->gid = atoi(strtok(NULL, " "));
data/android-platform-system-core-10.0.0+r36/libcutils/fs.cpp:89:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        : TEMP_FAILURE_RETRY(open(path, O_CREAT | O_CLOEXEC | O_NOFOLLOW | O_RDONLY, 0644));
data/android-platform-system-core-10.0.0+r36/libcutils/fs.cpp:128:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = TEMP_FAILURE_RETRY(open(path, O_RDONLY));
data/android-platform-system-core-10.0.0+r36/libcutils/fs.cpp:134:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[BUF_SIZE];
data/android-platform-system-core-10.0.0+r36/libcutils/fs.cpp:153:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/libcutils/fs.cpp:159:33:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
    int fd = TEMP_FAILURE_RETRY(mkstemp(temp));
data/android-platform-system-core-10.0.0+r36/libcutils/fs.cpp:165:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[BUF_SIZE];
data/android-platform-system-core-10.0.0+r36/libcutils/fs.cpp:202:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open("/", 0);
data/android-platform-system-core-10.0.0+r36/libcutils/fs_config.cpp:252:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            fd = TEMP_FAILURE_RETRY(open(name, O_RDONLY | O_BINARY));
data/android-platform-system-core-10.0.0+r36/libcutils/fs_config.cpp:257:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fd = TEMP_FAILURE_RETRY(open(conf[which][dir], O_RDONLY | O_BINARY));
data/android-platform-system-core-10.0.0+r36/libcutils/include/cutils/native_handle.h:31:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    alignas(native_handle_t) char (name)[                            \
data/android-platform-system-core-10.0.0+r36/libcutils/klog.cpp:42:31:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    return TEMP_FAILURE_RETRY(open(kmsg_device, O_WRONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/libcutils/klog.cpp:58:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[LOG_BUF_MAX];
data/android-platform-system-core-10.0.0+r36/libcutils/load_file.cpp:31:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(fn, O_RDONLY);
data/android-platform-system-core-10.0.0+r36/libcutils/native_handle.cpp:69:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&clone->data[handle->numFds], &handle->data[handle->numFds],
data/android-platform-system-core-10.0.0+r36/libcutils/partition_utils.cpp:46:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(source, O_RDONLY)) < 0) {
data/android-platform-system-core-10.0.0+r36/libcutils/properties.cpp:39:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[PROPERTY_VALUE_MAX] = {'\0'};
data/android-platform-system-core-10.0.0+r36/libcutils/properties.cpp:68:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[PROPERTY_VALUE_MAX] = {'\0'};
data/android-platform-system-core-10.0.0+r36/libcutils/properties.cpp:121:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(value, default_value, len);
data/android-platform-system-core-10.0.0+r36/libcutils/properties_test.cpp:73:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mValue[PROPERTY_VALUE_MAX];
data/android-platform-system-core-10.0.0+r36/libcutils/socket_local_client_unix.cpp:67:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(p_addr->sun_path + 1, name, namelen);
data/android-platform-system-core-10.0.0+r36/libcutils/socket_network_client_unix.cpp:53:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char port_str[16];
data/android-platform-system-core-10.0.0+r36/libcutils/socket_network_client_windows.cpp:44:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char port_str[16];
data/android-platform-system-core-10.0.0+r36/libcutils/sockets_test.cpp:39:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[128];
data/android-platform-system-core-10.0.0+r36/libcutils/sockets_test.cpp:80:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[32];
data/android-platform-system-core-10.0.0+r36/libcutils/str_parms.cpp:256:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char val_str[12];
data/android-platform-system-core-10.0.0+r36/libcutils/str_parms.cpp:270:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char val_str[23];
data/android-platform-system-core-10.0.0+r36/libcutils/strdup8to16.cpp:120:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static const unsigned char leaderMask[4] = {0xff, 0x1f, 0x0f, 0x07};
data/android-platform-system-core-10.0.0+r36/libcutils/trace-container.cpp:85:24:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    atrace_marker_fd = open("/sys/kernel/debug/tracing/trace_marker", O_WRONLY | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/libcutils/trace-container.cpp:126:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[CONTAINER_ATRACE_MESSAGE_LENGTH]; \
data/android-platform-system-core-10.0.0+r36/libcutils/trace-dev.cpp:33:24:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    atrace_marker_fd = open("/sys/kernel/debug/tracing/trace_marker", O_WRONLY | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/libcutils/uevent.cpp:56:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char control[CMSG_SPACE(sizeof(struct ucred))];
data/android-platform-system-core-10.0.0+r36/libdiskconfig/diskconfig.c:39:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[64];
data/android-platform-system-core-10.0.0+r36/libdiskconfig/diskconfig.c:282:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(dinfo->device, O_RDWR)) < 0) {
data/android-platform-system-core-10.0.0+r36/libdiskconfig/diskutils.c:45:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((src_fd = open(src, O_RDONLY)) < 0) {
data/android-platform-system-core-10.0.0+r36/libdiskconfig/diskutils.c:51:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if ((dst_fd = open(dst, O_RDWR)) < 0) {
data/android-platform-system-core-10.0.0+r36/libion/ion.c:57:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open("/dev/ion", O_RDONLY | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/libion/ion_4.12.h:61:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[MAX_HEAP_NAME];
data/android-platform-system-core-10.0.0+r36/libion/ion_test.c:125:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[CMSG_SPACE(sizeof(int))];
data/android-platform-system-core-10.0.0+r36/libion/ion_test.c:148:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(ptr, "master");
data/android-platform-system-core-10.0.0+r36/libion/ion_test.c:206:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(ptr, "child");
data/android-platform-system-core-10.0.0+r36/libion/ion_test.c:238:19:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            len = atol(optarg);
data/android-platform-system-core-10.0.0+r36/libion/ion_test.c:241:21:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            align = atol(optarg);
data/android-platform-system-core-10.0.0+r36/libion/ion_test.c:256:27:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            alloc_flags = atol(optarg);
data/android-platform-system-core-10.0.0+r36/libion/ion_test.c:259:25:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            heap_mask = atol(optarg);
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:49:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    m_deviceFd = open("/dev/ion-test", O_RDONLY);
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:121:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf2, buf1, bigger_than_cache);
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:130:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        ((volatile char *)ptr)[i];
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:131:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        ((char *)ptr)[i] = i;
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:153:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ((char *)ptr)[i] = i;
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:160:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ASSERT_EQ((char)i, ((char *)buf)[i]);
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:173:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        ((char *)buf)[i] = i;
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:192:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ASSERT_EQ((char)i, ((char *)ptr)[i]) << i;
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:217:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ((char *)ptr)[i] = i;
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:222:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ASSERT_EQ((char)i, ((char *)buf)[i]);
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:235:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        ((char *)buf)[i] = i;
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:254:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ASSERT_EQ((char)i, ((char *)ptr)[i]) << i;
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:279:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ((char *)ptr)[i] = i;
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:286:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ASSERT_EQ((char)i, ((char *)buf)[i]);
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:299:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        ((char *)buf)[i] = i;
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:318:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ASSERT_EQ((char)i, ((char *)ptr)[i]) << i;
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:343:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ((char *)ptr)[i] = i;
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:350:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ASSERT_EQ((char)i, ((char *)buf)[i]);
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:363:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        ((char *)buf)[i] = i;
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:384:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ASSERT_EQ((char)i, ((char *)ptr)[i]) << i;
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:408:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ((char *)ptr)[i] = i;
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:415:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ASSERT_EQ((char)i, ((char *)buf)[i]);
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:428:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        ((char *)buf)[i] = i;
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:447:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ASSERT_EQ((char)i, ((char *)ptr)[i]) << i;
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:472:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ((char *)ptr)[i] = i;
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:477:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ASSERT_EQ((char)i, ((char *)buf)[i]);
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:490:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        ((char *)buf)[i] = i;
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:509:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            ASSERT_EQ((char)i, ((char *)ptr)[i]) << i;
data/android-platform-system-core-10.0.0+r36/libion/tests/device_test.cpp:539:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            if (((char *)buf)[i] != i)
data/android-platform-system-core-10.0.0+r36/liblog/event_tag_map.cpp:422:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd[which] = open(tagfile, O_RDONLY | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.cpp:70:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char debugName[sizeof("/dev/log/security")];
data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.cpp:83:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tag[kMaxTagLen];
data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.cpp:201:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char tagName[kMaxTagLen];
data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.cpp:303:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      format = (LogFormat)atoi(fstr);  // really?!
data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.cpp:356:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char timeBuf[32];
data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.cpp:357:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char prefixBuf[128], suffixBuf[128];
data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.cpp:429:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(suffixBuf, "\n\n");
data/android-platform-system-core-10.0.0+r36/liblog/fake_writer.cpp:51:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[sizeof("/dev/log_security") + 8];
data/android-platform-system-core-10.0.0+r36/liblog/include/log/log_read.h:65:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char msg[0]; /* the entry's payload */
data/android-platform-system-core-10.0.0+r36/liblog/include/log/log_read.h:82:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char msg[0]; /* the entry's payload */
data/android-platform-system-core-10.0.0+r36/liblog/include/log/log_read.h:99:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char msg[0]; /* the entry's payload */
data/android-platform-system-core-10.0.0+r36/liblog/include/log/log_read.h:117:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char msg[0]; /* the entry's payload */
data/android-platform-system-core-10.0.0+r36/liblog/include/log/log_read.h:140:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[LOGGER_ENTRY_MAX_LEN + 1];
data/android-platform-system-core-10.0.0+r36/liblog/log_event_list.cpp:72:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(context->storage, msg, len);
data/android-platform-system-core-10.0.0+r36/liblog/log_event_list.cpp:273:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&context->storage[context->pos + 5], value, len);
data/android-platform-system-core-10.0.0+r36/liblog/log_time.cpp:50:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fmt[strlen(format) + 1];
data/android-platform-system-core-10.0.0+r36/liblog/logd_reader.cpp:212:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[512];
data/android-platform-system-core-10.0.0+r36/liblog/logd_reader.cpp:220:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[512];
data/android-platform-system-core-10.0.0+r36/liblog/logd_reader.cpp:231:10:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  return atol(buf);
data/android-platform-system-core-10.0.0+r36/liblog/logd_reader.cpp:236:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[512];
data/android-platform-system-core-10.0.0+r36/liblog/logd_reader.cpp:249:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[512];
data/android-platform-system-core-10.0.0+r36/liblog/logd_reader.cpp:260:10:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  return atol(buf);
data/android-platform-system-core-10.0.0+r36/liblog/logd_reader.cpp:319:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, cmd, cmdlen);
data/android-platform-system-core-10.0.0+r36/liblog/logd_reader.cpp:332:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[256], *cp, c;
data/android-platform-system-core-10.0.0+r36/liblog/logd_reader.cpp:361:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(cp, " lids");
data/android-platform-system-core-10.0.0+r36/liblog/logd_writer.cpp:74:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(un.sun_path, "/dev/socket/logdw");
data/android-platform-system-core-10.0.0+r36/liblog/logger.h:52:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int (*open)();   /* can be called multiple times, reusing current resources */
data/android-platform-system-core-10.0.0+r36/liblog/logger_read.cpp:423:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(log_msg, &oldest->logMsg, ret);
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:200:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!transport->open || ((*transport->open)() < 0)) {
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:200:43:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!transport->open || ((*transport->open)() < 0)) {
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:215:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!transport->open || ((*transport->open)() < 0)) {
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:215:43:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!transport->open || ((*transport->open)() < 0)) {
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:410:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp_tag[32];
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:477:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[LOG_BUF_SIZE];
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:486:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[LOG_BUF_SIZE];
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:497:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[LOG_BUF_SIZE];
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:507:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[LOG_BUF_SIZE];
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:522:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(buf, "Unspecified assertion failed");
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:813:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(outBuf, eventData, strLen);
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:819:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(outBuf, eventData, outBufLen);
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1199:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[6];
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1214:11:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
          strcpy(buf, "\\a");
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1216:11:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
          strcpy(buf, "\\b");
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1220:11:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
          strcpy(buf, "\\v");
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1222:11:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
          strcpy(buf, "\\f");
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1224:11:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
          strcpy(buf, "\\r");
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1226:11:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
          strcpy(buf, "\\\\");
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1532:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char timeBuf[64];
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1533:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char prefixBuf[128], suffixBuf[128];
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1609:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char uid[16];
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1685:7:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
      strcpy(suffixBuf + suffixLen, "\n\n");
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1819:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char defaultBuffer[512];
data/android-platform-system-core-10.0.0+r36/liblog/pmsg_reader.cpp:147:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int i, fd = open("/sys/fs/pstore/pmsg-ramoops-0", O_RDONLY | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/liblog/pmsg_reader.cpp:153:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      fd = open("/sys/fs/pstore/pmsg-ramoops-0", O_RDONLY | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/liblog/pmsg_reader.cpp:486:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&content->entry, &transp.logMsg.entry, hdr_size + transp.logMsg.entry.len);
data/android-platform-system-core-10.0.0+r36/liblog/pmsg_reader.cpp:558:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buf + len, (char*)&content->entry + content->entry.hdr_size + tag_len + sizeof(prio),
data/android-platform-system-core-10.0.0+r36/liblog/pmsg_writer.cpp:58:29:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = TEMP_FAILURE_RETRY(open("/dev/pmsg0", O_WRONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/liblog/properties.cpp:68:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[PROP_VALUE_MAX];
data/android-platform-system-core-10.0.0+r36/liblog/properties.cpp:99:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char key[sizeof(log_namespace) + taglen];
data/android-platform-system-core-10.0.0+r36/liblog/properties.cpp:415:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char property[PROP_VALUE_MAX];
data/android-platform-system-core-10.0.0+r36/liblog/properties.cpp:433:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char newkey[strlen("persist.") + strlen(key) + 1];
data/android-platform-system-core-10.0.0+r36/liblog/properties.cpp:596:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char key_persist[strlen(global_tunable) + strlen(".security") + 1];
data/android-platform-system-core-10.0.0+r36/liblog/properties.cpp:597:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char key_ro[strlen(global_default) + strlen(".security") + 1];
data/android-platform-system-core-10.0.0+r36/liblog/stderr_write.cpp:151:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char binaryMsgBuf[1024];
data/android-platform-system-core-10.0.0+r36/liblog/stderr_write.cpp:178:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(log_msg.entry.msg + log_msg.entry.len, vec[i].iov_base, len);
data/android-platform-system-core-10.0.0+r36/liblog/tests/libc_test.cpp:26:29:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  ASSERT_TRUE(NULL != (fp = fopen("/dev/pmsg0", "ae")));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:175:38:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int pstore_fd = TEMP_FAILURE_RETRY(open("/dev/pmsg0", O_WRONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:251:38:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int pstore_fd = TEMP_FAILURE_RETRY(open("/dev/pmsg0", O_WRONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:285:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  alignas(8) char buf[sizeof(struct packet) + 8];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:326:38:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int pstore_fd = TEMP_FAILURE_RETRY(open("/dev/pmsg0", O_WRONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:360:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  alignas(8) char buf[sizeof(struct packet) + 8];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:401:38:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int pstore_fd = TEMP_FAILURE_RETRY(open("/dev/pmsg0", O_WRONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:435:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  alignas(8) char buf[sizeof(struct packet) + 8 + LOGGER_ENTRY_MAX_PAYLOAD];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:474:38:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int pstore_fd = TEMP_FAILURE_RETRY(open("/dev/pmsg0", O_WRONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:508:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  alignas(8) char buf[sizeof(struct packet) + 8 + LOGGER_ENTRY_MAX_PAYLOAD];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:550:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1024];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:1002:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:1005:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[64];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:1050:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:465:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char msgBuf[1024];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:645:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[512];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:648:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE* fp = fopen(buffer, "re");
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:660:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char s[sizeof(buffer)];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1069:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tag[sizeof(max_payload_tag)];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1206:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tag[sizeof(big_payload_tag)];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1282:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[sizeof(fmt) + 8];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1403:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char defaultBuffer[512];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1423:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char key[sizeof(log_namespace) + sizeof(tag) - 1];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1424:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char hold[4][PROP_VALUE_MAX];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1493:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[2];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1626:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[2];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1837:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char persist[PROP_VALUE_MAX];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1838:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char persist_hold[PROP_VALUE_MAX];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1839:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char readonly[PROP_VALUE_MAX];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1944:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char persist[PROP_VALUE_MAX];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:2502:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(strOut, elem.data.string, elem.len);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:2507:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(strOut, elem.data.string, strOutLen);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:2860:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msgBuf[1024];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:3015:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char msgBuf[1024];
data/android-platform-system-core-10.0.0+r36/libmeminfo/libdmabufinfo/dmabufinfo.cpp:49:56:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    auto fp = std::unique_ptr<FILE, decltype(&fclose)>{fopen(fdinfo.c_str(), "re"), fclose};
data/android-platform-system-core-10.0.0+r36/libmeminfo/libdmabufinfo/dmabufinfo.cpp:169:56:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    auto fp = std::unique_ptr<FILE, decltype(&fclose)>{fopen(mapspath.c_str(), "re"), fclose};
data/android-platform-system-core-10.0.0+r36/libmeminfo/libdmabufinfo/dmabufinfo.cpp:212:56:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    auto fp = std::unique_ptr<FILE, decltype(&fclose)>{fopen(path.c_str(), "re"), fclose};
data/android-platform-system-core-10.0.0+r36/libmeminfo/libdmabufinfo/dmabufinfo_test.cpp:44:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[MAX_HEAP_NAME];
data/android-platform-system-core-10.0.0+r36/libmeminfo/libdmabufinfo/dmabufinfo_test.cpp:103:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char cmsg_buf[CMSG_SPACE(sizeof(fd))];
data/android-platform-system-core-10.0.0+r36/libmeminfo/libdmabufinfo/dmabufinfo_test.cpp:131:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cmsg_buf[CMSG_SPACE(sizeof(fd))];
data/android-platform-system-core-10.0.0+r36/libmeminfo/libdmabufinfo/tools/dmabuf_dump.cpp:196:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        int pid = atoi(dent->d_name);
data/android-platform-system-core-10.0.0+r36/libmeminfo/libdmabufinfo/tools/dmabuf_dump.cpp:240:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        pid = atoi(argv[optind]);
data/android-platform-system-core-10.0.0+r36/libmeminfo/libmeminfo_benchmark.cpp:60:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[4096];
data/android-platform-system-core-10.0.0+r36/libmeminfo/libmeminfo_benchmark.cpp:63:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open(file, O_RDONLY);
data/android-platform-system-core-10.0.0+r36/libmeminfo/libmeminfo_benchmark.cpp:238:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* f = fopen((zram_dir + "mm_stat").c_str(), "r");
data/android-platform-system-core-10.0.0+r36/libmeminfo/libmeminfo_benchmark.cpp:250:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen((zram_dir + "mem_used_total").c_str(), "r");
data/android-platform-system-core-10.0.0+r36/libmeminfo/libmeminfo_benchmark.cpp:411:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[1024];
data/android-platform-system-core-10.0.0+r36/libmeminfo/libmeminfo_benchmark.cpp:414:56:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    auto fp = std::unique_ptr<FILE, decltype(&fclose)>{fopen(vm_file.c_str(), "re"), fclose};
data/android-platform-system-core-10.0.0+r36/libmeminfo/libmeminfo_benchmark.cpp:466:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lineBuffer[1024];
data/android-platform-system-core-10.0.0+r36/libmeminfo/libmeminfo_benchmark.cpp:467:56:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    auto fp = std::unique_ptr<FILE, decltype(&fclose)>{fopen(path.c_str(), "re"), fclose};
data/android-platform-system-core-10.0.0+r36/libmeminfo/libmeminfo_benchmark.cpp:483:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        rollup->pss += atoi(c);
data/android-platform-system-core-10.0.0+r36/libmeminfo/libmeminfo_benchmark.cpp:490:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        rollup->uss += atoi(c);
data/android-platform-system-core-10.0.0+r36/libmeminfo/libmeminfo_benchmark.cpp:499:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        rollup->rss += atoi(c);
data/android-platform-system-core-10.0.0+r36/libmeminfo/libmeminfo_benchmark.cpp:509:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                        lSwapPss = atoi(c);
data/android-platform-system-core-10.0.0+r36/libmeminfo/pageacct.cpp:47:47:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        unique_fd count_fd(TEMP_FAILURE_RETRY(open("/proc/kpagecount", O_RDONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/libmeminfo/pageacct.cpp:56:47:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        unique_fd flags_fd(TEMP_FAILURE_RETRY(open("/proc/kpageflags", O_RDONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/libmeminfo/pageacct.cpp:66:36:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                TEMP_FAILURE_RETRY(open("/sys/kernel/mm/page_idle/bitmap", O_RDWR | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/libmeminfo/procmeminfo.cpp:61:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char field[64];
data/android-platform-system-core-10.0.0+r36/libmeminfo/procmeminfo.cpp:215:32:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            TEMP_FAILURE_RETRY(open(pagemap_file.c_str(), O_RDONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/libmeminfo/procmeminfo.cpp:261:32:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            TEMP_FAILURE_RETRY(open(pagemap_file.c_str(), O_RDONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/libmeminfo/procmeminfo.cpp:390:56:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    auto fp = std::unique_ptr<FILE, decltype(&fclose)>{fopen(path.c_str(), "re"), fclose};
data/android-platform-system-core-10.0.0+r36/libmeminfo/procmeminfo.cpp:469:56:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    auto fp = std::unique_ptr<FILE, decltype(&fclose)>{fopen(path.c_str(), "re"), fclose};
data/android-platform-system-core-10.0.0+r36/libmeminfo/procmeminfo.cpp:516:56:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    auto fp = std::unique_ptr<FILE, decltype(&fclose)>{fopen(path.c_str(), "re"), fclose};
data/android-platform-system-core-10.0.0+r36/libmeminfo/sysmeminfo.cpp:124:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[4096];
data/android-platform-system-core-10.0.0+r36/libmeminfo/sysmeminfo.cpp:125:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open(path.c_str(), O_RDONLY | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/libmeminfo/sysmeminfo.cpp:211:63:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    auto mmstat_fp = std::unique_ptr<FILE, decltype(&fclose)>{fopen(mmstat.c_str(), "re"), fclose};
data/android-platform-system-core-10.0.0+r36/libmeminfo/sysmeminfo.cpp:241:56:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    auto fp = std::unique_ptr<FILE, decltype(&fclose)>{fopen(path.c_str(), "re"), fclose};
data/android-platform-system-core-10.0.0+r36/libmeminfo/tools/procmem.cpp:170:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    pid_t pid = atoi(argv[optind]);
data/android-platform-system-core-10.0.0+r36/libmeminfo/tools/procrank.cpp:59:58:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                std::unique_ptr<FILE, decltype(&fclose)>{fopen(fname.c_str(), "re"), fclose};
data/android-platform-system-core-10.0.0+r36/libmeminfo/tools/showmap.cpp:254:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        g_pid = atoi(argv[optind]);
data/android-platform-system-core-10.0.0+r36/libmeminfo/tools/wsstop.cpp:190:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                g_delay = atoi(optarg);
data/android-platform-system-core-10.0.0+r36/libmeminfo/tools/wsstop.cpp:193:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                g_total = atoi(optarg);
data/android-platform-system-core-10.0.0+r36/libmeminfo/tools/wsstop.cpp:207:13:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    g_pid = atoi(argv[optind]);
data/android-platform-system-core-10.0.0+r36/libmemunreachable/Allocator.cpp:203:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char data_[0];
data/android-platform-system-core-10.0.0+r36/libmemunreachable/LeakPipe.cpp:30:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  alignas(struct cmsghdr) char cmsgbuf[CMSG_SPACE(sizeof(int))];
data/android-platform-system-core-10.0.0+r36/libmemunreachable/LeakPipe.cpp:64:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  alignas(struct cmsghdr) char cmsgbuf[CMSG_SPACE(sizeof(int))];
data/android-platform-system-core-10.0.0+r36/libmemunreachable/MemUnreachable.cpp:199:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(leak->contents, reinterpret_cast<void*>(it.range.begin),
data/android-platform-system-core-10.0.0+r36/libmemunreachable/ProcessMappings.cpp:44:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char map_buffer[1024];
data/android-platform-system-core-10.0.0+r36/libmemunreachable/ProcessMappings.cpp:46:31:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  android::base::unique_fd fd(open(map_buffer, O_RDONLY));
data/android-platform-system-core-10.0.0+r36/libmemunreachable/ProcessMappings.h:32:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[96];
data/android-platform-system-core-10.0.0+r36/libmemunreachable/ThreadCapture.cpp:104:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pid_buf[11];
data/android-platform-system-core-10.0.0+r36/libmemunreachable/ThreadCapture.cpp:105:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[256] = "/proc/";
data/android-platform-system-core-10.0.0+r36/libmemunreachable/ThreadCapture.cpp:113:31:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  android::base::unique_fd fd(open(path, O_CLOEXEC | O_DIRECTORY | O_RDONLY));
data/android-platform-system-core-10.0.0+r36/libmemunreachable/ThreadCapture.cpp:126:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dirent_buf[4096];
data/android-platform-system-core-10.0.0+r36/libmemunreachable/ThreadCapture.cpp:138:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        pid_t tid = atoi(dirent->d_name);
data/android-platform-system-core-10.0.0+r36/libmemunreachable/include/memunreachable/memunreachable.h:45:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char contents[contents_length];
data/android-platform-system-core-10.0.0+r36/libmemunreachable/tests/HeapWalker_test.cpp:99:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer2[16]{};
data/android-platform-system-core-10.0.0+r36/libmemunreachable/tests/HeapWalker_test.cpp:127:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer2[to_buffer_bytes]{};
data/android-platform-system-core-10.0.0+r36/libmemunreachable/tests/HeapWalker_test.cpp:152:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer2[to_buffer_bytes]{};
data/android-platform-system-core-10.0.0+r36/libnativebridge/native_bridge.cc:303:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cpuinfo_path[1024];
data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/PreInitializeNativeBridge_test.cpp:42:25:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        FILE* cpuinfo = fopen("./cpuinfo", "w");
data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/PreInitializeNativeBridge_test.cpp:50:30:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        FILE* proc_cpuinfo = fopen("/proc/cpuinfo", "r");
data/android-platform-system-core-10.0.0+r36/libnativebridge/tests/PreInitializeNativeBridge_test.cpp:52:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[1024];
data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpclient.c:44:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char errmsg[2048];
data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpclient.c:151:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char addr[20], gway[20];
data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpclient.c:200:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&mask, x, 4);
data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpclient.c:205:30:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            if (optlen >= 4) memcpy(&info->gateway, x, 4);
data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpclient.c:208:30:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            if (optlen >= 4) memcpy(&info->dns1, x + 0, 4);
data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpclient.c:209:30:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            if (optlen >= 8) memcpy(&info->dns2, x + 4, 4);
data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpclient.c:213:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(&info->lease, x, 4);
data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpclient.c:218:30:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            if (optlen >= 4) memcpy(&info->serveraddr, x, 4);
data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpclient.c:253:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[2048];
data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpclient.c:325:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(buf, &x[2], n);
data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpclient.c:397:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hwaddr[6];
data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpmsg.c:39:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(msg->chaddr, hwaddr, 6);
data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpmsg.c:89:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(x, &ipaddr, 4);
data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpmsg.c:94:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(x, &serveraddr, 4);
data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpmsg.h:54:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sname[64];      /* asciiz server hostname     */
data/android-platform-system-core-10.0.0+r36/libnetutils/dhcpmsg.h:55:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char file[128];      /* asciiz boot file name      */
data/android-platform-system-core-10.0.0+r36/libnetutils/ifc_utils.c:114:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ss, ai->ai_addr, ai->ai_addrlen);
data/android-platform-system-core-10.0.0+r36/libnetutils/ifc_utils.c:185:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, &ifr.ifr_hwaddr.sa_data, ETH_ALEN);
data/android-platform-system-core-10.0.0+r36/libnetutils/ifc_utils.c:267:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char attrbuf[NLMSG_ALIGN(sizeof(struct nlmsghdr)) +
data/android-platform-system-core-10.0.0+r36/libnetutils/ifc_utils.c:276:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[NLMSG_ALIGN(sizeof(struct nlmsghdr)) +
data/android-platform-system-core-10.0.0+r36/libnetutils/ifc_utils.c:324:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(RTA_DATA(rta), addr, addrlen);
data/android-platform-system-core-10.0.0+r36/libnetutils/ifc_utils.c:333:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(RTA_DATA(rta), addr, addrlen);
data/android-platform-system-core-10.0.0+r36/libnetutils/ifc_utils.c:377:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rawaddrstr[INET6_ADDRSTRLEN], addrstr[INET6_ADDRSTRLEN];
data/android-platform-system-core-10.0.0+r36/libnetutils/ifc_utils.c:380:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ifname[64];  // Currently, IFNAMSIZ = 16.
data/android-platform-system-core-10.0.0+r36/libnetutils/ifc_utils.c:381:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *f = fopen("/proc/net/if_inet6", "r");
data/android-platform-system-core-10.0.0+r36/libnetutils/ifc_utils.c:451:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&ifr.ifr_hwaddr.sa_data, ptr, ETH_ALEN);
data/android-platform-system-core-10.0.0+r36/libnetutils/ifc_utils.c:694:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dns_prop_name[PROPERTY_KEY_MAX];
data/android-platform-system-core-10.0.0+r36/libnetutils/packet.c:55:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(bindaddr.sll_addr, hwaddr, ETH_ALEN);
data/android-platform-system-core-10.0.0+r36/libnetutils/packet.c:144:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(destaddr.sll_addr, "\xff\xff\xff\xff\xff\xff", ETH_ALEN);
data/android-platform-system-core-10.0.0+r36/libnetutils/packet.c:253:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(msg, &packet.dhcp, dhcp_size);
data/android-platform-system-core-10.0.0+r36/libpackagelistparser/packagelistparser.c:107:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(PACKAGES_LIST_FILE, "re");
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/ARMAssembler.cpp:180:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char value[PROPERTY_VALUE_MAX];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/ARMAssembler.cpp:182:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (atoi(value) != 0) {
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Assembler.cpp:247:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char instr[256];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Assembler.cpp:321:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char value[PROPERTY_VALUE_MAX];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Assembler.cpp:323:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (atoi(value) != 0)
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:137:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(instr_part, "0x%x", bits_unsigned(code, 21,10));
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:139:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(instr_part, "0x%x", bits_unsigned(code, 20,5));
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:141:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(instr_part, "lsl #%d", bits_unsigned(code, 23,22) * 12);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:148:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(instr_part, "%d", bits_unsigned(code, 22,21) * 16);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:150:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(instr_part, "%d", bits_unsigned(code, 15,10));
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:152:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(instr_part, "%d", bits_unsigned(code, 12,12) * 2);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:154:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(instr_part, "%d", bits_unsigned(code, 12,12) * 3);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:156:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(instr_part, "%d", bits_unsigned(code, 12,10));
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:163:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(instr_part, "%d", bits_unsigned(code, 12,12));
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:165:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(instr_part, "%d", bits_signed(code, 20,12));
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:167:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(instr_part, "%d", bits_unsigned(code, 21,16));
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:169:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(instr_part, "%d", bits_unsigned(code, 15,10));
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:171:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(instr_part, "%d", bits_unsigned(code, 15,10));
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:199:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(instr_part, "%d", reg);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:223:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(instr_part, "#.+%d", offset);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:225:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(instr_part, "#.-%d", -offset);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:233:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(instr_part, "x%d", reg);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:241:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(instr_part, "x%d", reg);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:265:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(instr_part, "error");
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:273:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char token[256];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:274:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char instr_part[256];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:292:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(instr, "Unknown Instruction");
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/GGLAssembler.cpp:81:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[64];    
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/GGLAssembler.cpp:82:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(name,
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/GGLAssembler.cpp:1121:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char priorityList[14] = {  0,  1, 2, 3, 
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/MIPS64Assembler.cpp:126:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(cond.label[i], "cond_%d", i);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/MIPS64Assembler.cpp:1332:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char di_buf[140];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/MIPS64Assembler.cpp:1336:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    typedef char dstr[40];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/MIPS64Assembler.h:237:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char        label[100][10];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/MIPSAssembler.cpp:149:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(cond.label[i], "cond_%d", i);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/MIPSAssembler.cpp:1302:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[100];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/MIPSAssembler.cpp:1336:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char di_buf[140];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/MIPSAssembler.cpp:1344:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    typedef char dstr[40];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/MIPSAssembler.cpp:1415:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char value[PROPERTY_VALUE_MAX];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/MIPSAssembler.cpp:1420:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (atoi(value) != 0) {
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/MIPSAssembler.h:226:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char        label[100][10];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips64_disassem.c:56:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const op_name[64] = {
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips64_disassem.c:67:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const spec_name[64] = {
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips64_disassem.c:78:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const bcond_name[32] = {
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips64_disassem.c:85:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const cop1_name[64] = {
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips64_disassem.c:98:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const fmt_name[16] = {
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips64_disassem.c:105:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char * const mips_reg_name[32] = {
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips64_disassem.c:112:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char * alt_arm_reg_name[32] = {  // hacked names for comparison with ARM code
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips64_disassem.c:121:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const c0_opname[64] = {
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips64_disassem.c:132:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const c0_reg[32] = {
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips_disassem.c:69:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const op_name[64] = {
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips_disassem.c:80:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const spec_name[64] = {
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips_disassem.c:91:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const spec2_name[64] = {     /* QED RM4650, R5000, etc. */
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips_disassem.c:102:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const bcond_name[32] = {
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips_disassem.c:109:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const cop1_name[64] = {
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips_disassem.c:122:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const fmt_name[16] = {
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips_disassem.c:130:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char * const reg_name[32] = {
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips_disassem.c:138:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char * alt_arm_reg_name[32] = {  // hacked names for comparison with ARM code
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips_disassem.c:145:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char * mips_reg_name[32] = {
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips_disassem.c:156:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const c0_opname[64] = {
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/mips_disassem.c:167:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char * const c0_reg[32] = {
data/android-platform-system-core-10.0.0+r36/libpixelflinger/pixelflinger.cpp:798:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(c->ditherMatrix, gDitherMatrix, sizeof(gDitherMatrix));
data/android-platform-system-core-10.0.0+r36/libpixelflinger/raster.cpp:121:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(dst, src, rowsize);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/raster.cpp:134:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(dst, src, rowsize);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/scanline.cpp:2268:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, size);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/scanline.cpp:2359:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dst, src, ct * fp->size * yc);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/scanline.cpp:2365:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(dst, src, size);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-arm64/assembler/arm64_assembler_test.cpp:52:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char     dataMem[8192];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-arm64/col32cb16blend/col32cb16blend_test.c:43:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[256];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-arm64/disassembler/arm64_diassembler_test.cpp:295:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char instr[256];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-arm64/t32cb16blend/t32cb16blend_test.c:42:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[256];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-mips/col32cb16blend/col32cb16blend_test.c:43:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[256];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-mips/t32cb16blend/t32cb16blend_test.c:42:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[256];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-mips64/assembler/mips64_assembler_test.cpp:52:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char     dataMem[8192];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-mips64/col32cb16blend/col32cb16blend_test.c:43:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[256];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-mips64/disassembler/mips64_disassembler_test.cpp:149:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char instr[256];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-mips64/disassembler/mips64_disassembler_test.cpp:174:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char temp[256], address[16];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-mips64/disassembler/mips64_disassembler_test.cpp:176:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(address, "0x%lx", loc);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-mips64/disassembler/mips64_disassembler_test.cpp:195:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char temp[256], address[16];
data/android-platform-system-core-10.0.0+r36/libpixelflinger/tests/arch-mips64/disassembler/mips64_disassembler_test.cpp:197:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(address, "0x%08lx", loc);
data/android-platform-system-core-10.0.0+r36/libprocessgroup/cgrouprc/cgroup_file.cpp:39:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd fd(TEMP_FAILURE_RETRY(open(CGROUPS_RC_PATH, O_RDONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/libprocessgroup/cgrouprc_format/include/processgroup/format/cgroup_controller.h:46:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name_[CGROUP_NAME_BUF_SZ];
data/android-platform-system-core-10.0.0+r36/libprocessgroup/cgrouprc_format/include/processgroup/format/cgroup_controller.h:47:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path_[CGROUP_PATH_BUF_SZ];
data/android-platform-system-core-10.0.0+r36/libprocessgroup/processgroup.cpp:264:49:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    std::unique_ptr<FILE, decltype(&fclose)> fd(fopen(path.c_str(), "re"), fclose);
data/android-platform-system-core-10.0.0+r36/libprocessgroup/sched_policy.cpp:91:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char statfile[64];
data/android-platform-system-core-10.0.0+r36/libprocessgroup/sched_policy.cpp:92:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char statline[1024];
data/android-platform-system-core-10.0.0+r36/libprocessgroup/sched_policy.cpp:93:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char thread_name[255];
data/android-platform-system-core-10.0.0+r36/libprocessgroup/sched_policy.cpp:98:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd fd(TEMP_FAILURE_RETRY(open(statfile, O_RDONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/libprocessgroup/setup/cgroup_map_write.cpp:240:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd fd(TEMP_FAILURE_RETRY(open(CGROUPS_RC_PATH, O_CREAT | O_WRONLY | O_TRUNC | O_CLOEXEC,
data/android-platform-system-core-10.0.0+r36/libprocessgroup/task_profiles.cpp:166:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd fd(TEMP_FAILURE_RETRY(open(tasks_path.c_str(), O_WRONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/libprocessgroup/task_profiles.cpp:212:41:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd tmp_fd(TEMP_FAILURE_RETRY(open(procs_path.c_str(), O_WRONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/libprocessgroup/task_profiles.cpp:249:41:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd tmp_fd(TEMP_FAILURE_RETRY(open(tasks_path.c_str(), O_WRONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/libprocinfo/include/procinfo/process.h:102:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char task_path[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/libprocinfo/include/procinfo/process.h:110:31:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  android::base::unique_fd fd(open(task_path, O_DIRECTORY | O_RDONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/libprocinfo/process.cpp:35:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/libprocinfo/process.cpp:38:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  unique_fd dirfd(open(path, O_DIRECTORY | O_RDONLY));
data/android-platform-system-core-10.0.0+r36/libprocinfo/process.cpp:108:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      process_info->tid = atoi(tab + 1);
data/android-platform-system-core-10.0.0+r36/libprocinfo/process.cpp:111:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      process_info->pid = atoi(tab + 1);
data/android-platform-system-core-10.0.0+r36/libprocinfo/process.cpp:114:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      process_info->ppid = atoi(tab + 1);
data/android-platform-system-core-10.0.0+r36/libprocinfo/process.cpp:117:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      process_info->tracer = atoi(tab + 1);
data/android-platform-system-core-10.0.0+r36/libprocinfo/process.cpp:120:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      process_info->uid = atoi(tab + 1);
data/android-platform-system-core-10.0.0+r36/libprocinfo/process.cpp:123:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      process_info->gid = atoi(tab + 1);
data/android-platform-system-core-10.0.0+r36/libprocinfo/process_test.cpp:54:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int fd = open(android::base::StringPrintf("/proc/%d", gettid()).c_str(), O_DIRECTORY | O_RDONLY);
data/android-platform-system-core-10.0.0+r36/libqtaguid/qtaguid.c:48:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    resTrackFd = TEMP_FAILURE_RETRY(open("/dev/xt_qtaguid", O_RDONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/libqtaguid/qtaguid.c:61:29:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = TEMP_FAILURE_RETRY(open(CTRL_PROCPATH, O_WRONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/libqtaguid/qtaguid.c:81:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lineBuf[CTRL_MAX_INPUT_LEN];
data/android-platform-system-core-10.0.0+r36/libqtaguid/qtaguid.c:101:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lineBuf[CTRL_MAX_INPUT_LEN];
data/android-platform-system-core-10.0.0+r36/libqtaguid/qtaguid.c:116:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lineBuf[CTRL_MAX_INPUT_LEN];
data/android-platform-system-core-10.0.0+r36/libqtaguid/qtaguid.c:127:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char lineBuf[CTRL_MAX_INPUT_LEN];
data/android-platform-system-core-10.0.0+r36/libsparse/append2simg.cpp:76:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  output = open(output_path, O_RDWR | O_BINARY);
data/android-platform-system-core-10.0.0+r36/libsparse/append2simg.cpp:88:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  input = open(input_path, O_RDONLY | O_BINARY);
data/android-platform-system-core-10.0.0+r36/libsparse/append2simg.cpp:111:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  tmp_fd = open(tmp_path, O_WRONLY | O_CREAT | O_BINARY, 0664);
data/android-platform-system-core-10.0.0+r36/libsparse/img2simg.cpp:58:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    block_size = atoi(argv[3]);
data/android-platform-system-core-10.0.0+r36/libsparse/img2simg.cpp:69:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    in = open(argv[1], O_RDONLY | O_BINARY);
data/android-platform-system-core-10.0.0+r36/libsparse/img2simg.cpp:79:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out = open(argv[2], O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0664);
data/android-platform-system-core-10.0.0+r36/libsparse/output_file.cpp:66:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int (*open)(struct output_file*, int fd);
data/android-platform-system-core-10.0.0+r36/libsparse/output_file.cpp:632:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  out->ops->open(out, fd);
data/android-platform-system-core-10.0.0+r36/libsparse/output_file.cpp:706:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int file_fd = open(file, O_RDONLY | O_BINARY);
data/android-platform-system-core-10.0.0+r36/libsparse/simg2img.cpp:47:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  out = open(argv[argc - 1], O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0664);
data/android-platform-system-core-10.0.0+r36/libsparse/simg2img.cpp:57:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      in = open(argv[i], O_RDONLY | O_BINARY);
data/android-platform-system-core-10.0.0+r36/libsparse/simg2simg.cpp:48:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char filename[4096];
data/android-platform-system-core-10.0.0+r36/libsparse/simg2simg.cpp:57:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  in = open(argv[1], O_RDONLY | O_BINARY);
data/android-platform-system-core-10.0.0+r36/libsparse/simg2simg.cpp:94:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out = open(filename, O_WRONLY | O_CREAT | O_TRUNC | O_BINARY, 0664);
data/android-platform-system-core-10.0.0+r36/libsparse/sparse_read.cpp:148:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ptr, buf, len);
data/android-platform-system-core-10.0.0+r36/libstats/stats_event_list.c:138:28:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!statsdLoggerWrite.open || ((*statsdLoggerWrite.open)() < 0)) {
data/android-platform-system-core-10.0.0+r36/libstats/stats_event_list.c:138:57:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!statsdLoggerWrite.open || ((*statsdLoggerWrite.open)() < 0)) {
data/android-platform-system-core-10.0.0+r36/libstats/stats_event_list.c:235:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&context->storage[context->pos + 5], value, len);
data/android-platform-system-core-10.0.0+r36/libstats/statsd_writer.c:120:13:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
            strcpy(un.sun_path, "/dev/socket/statsdw");
data/android-platform-system-core-10.0.0+r36/libstats/statsd_writer.h:37:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int (*open)();      /* can be called multiple times, reusing current resources */
data/android-platform-system-core-10.0.0+r36/libsuspend/autosuspend_wakeup_count.cpp:120:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = TEMP_FAILURE_RETRY(open(sys_power_state, O_CLOEXEC | O_RDWR));
data/android-platform-system-core-10.0.0+r36/libsuspend/autosuspend_wakeup_count.cpp:141:42:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    wakeup_count_fd = TEMP_FAILURE_RETRY(open(sys_power_wakeup_count, O_CLOEXEC | O_RDWR));
data/android-platform-system-core-10.0.0+r36/libsync/sync.c:40:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[32];
data/android-platform-system-core-10.0.0+r36/libsync/sync.c:46:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obj_name[32];
data/android-platform-system-core-10.0.0+r36/libsync/sync.c:47:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char driver_name[32];
data/android-platform-system-core-10.0.0+r36/libsync/sync.c:60:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
 char name[32];
data/android-platform-system-core-10.0.0+r36/libsync/sync.c:98:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[32];
data/android-platform-system-core-10.0.0+r36/libsync/sync.c:416:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    ret = open("/sys/kernel/debug/sync/sw_sync", O_RDWR);
data/android-platform-system-core-10.0.0+r36/libsync/sync.c:418:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        ret = open("/dev/sw_sync", O_RDWR);
data/android-platform-system-core-10.0.0+r36/libsync/tests/sync_test.cpp:27:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[32];
data/android-platform-system-core-10.0.0+r36/libsync/tests/sync_test.cpp:34:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char obj_name[32];
data/android-platform-system-core-10.0.0+r36/libsync/tests/sync_test.cpp:35:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char driver_name[32];
data/android-platform-system-core-10.0.0+r36/libsystem/include/system/radio.h:136:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            implementor[RADIO_STRING_LEN_MAX];  /* implementor name */
data/android-platform-system-core-10.0.0+r36/libsystem/include/system/radio.h:137:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            product[RADIO_STRING_LEN_MAX];  /* product name */
data/android-platform-system-core-10.0.0+r36/libsystem/include/system/radio.h:138:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            version[RADIO_STRING_LEN_MAX];  /* product version */
data/android-platform-system-core-10.0.0+r36/libsystem/include/system/radio.h:139:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            serial[RADIO_STRING_LEN_MAX];  /* serial number (for subscription services) */
data/android-platform-system-core-10.0.0+r36/libsystem/include/system/radio.h:152:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                implementor[RADIO_STRING_LEN_MAX];
data/android-platform-system-core-10.0.0+r36/libsystem/include/system/radio.h:153:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                product[RADIO_STRING_LEN_MAX];
data/android-platform-system-core-10.0.0+r36/libsystem/include/system/radio.h:154:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                version[RADIO_STRING_LEN_MAX];
data/android-platform-system-core-10.0.0+r36/libsystem/include/system/radio.h:155:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                serial[RADIO_STRING_LEN_MAX];
data/android-platform-system-core-10.0.0+r36/libsysutils/include/sysutils/NetlinkEvent.h:44:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *mParams[NL_PARAMS_MAX];
data/android-platform-system-core-10.0.0+r36/libsysutils/include/sysutils/NetlinkListener.h:24:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mBuffer[64 * 1024] __attribute__((aligned(4)));
data/android-platform-system-core-10.0.0+r36/libsysutils/src/FrameworkListener.cpp:54:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[CMD_BUF_SIZE];
data/android-platform-system-core-10.0.0+r36/libsysutils/src/FrameworkListener.cpp:96:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *argv[FrameworkListener::CMD_ARGS_MAX];
data/android-platform-system-core-10.0.0+r36/libsysutils/src/FrameworkListener.cpp:97:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[CMD_BUF_SIZE];
data/android-platform-system-core-10.0.0+r36/libsysutils/src/NetlinkEvent.cpp:162:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char addrstr[INET6_ADDRSTRLEN] = "";
data/android-platform-system-core-10.0.0+r36/libsysutils/src/NetlinkEvent.cpp:163:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ifname[IFNAMSIZ] = "";
data/android-platform-system-core-10.0.0+r36/libsysutils/src/NetlinkEvent.cpp:305:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(hex, "HEX=");
data/android-platform-system-core-10.0.0+r36/libsysutils/src/NetlinkEvent.cpp:352:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dst[INET6_ADDRSTRLEN] = "";
data/android-platform-system-core-10.0.0+r36/libsysutils/src/NetlinkEvent.cpp:353:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char gw[INET6_ADDRSTRLEN] = "";
data/android-platform-system-core-10.0.0+r36/libsysutils/src/NetlinkEvent.cpp:354:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dev[IFNAMSIZ] = "";
data/android-platform-system-core-10.0.0+r36/libsysutils/src/NetlinkEvent.cpp:443:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ifname[IFNAMSIZ];
data/android-platform-system-core-10.0.0+r36/libsysutils/src/NetlinkEvent.cpp:637:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                mSeq = atoi(a);
data/android-platform-system-core-10.0.0+r36/libsysutils/src/SocketClient.cpp:106:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[8];
data/android-platform-system-core-10.0.0+r36/libsysutils/src/SocketClient.cpp:111:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf + 4, &tmp, sizeof(uint32_t));
data/android-platform-system-core-10.0.0+r36/libsysutils/src/SocketClient.cpp:128:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[4];
data/android-platform-system-core-10.0.0+r36/libsysutils/src/SocketClient.cpp:226:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            iov[current].iov_base = (char *)iov[current].iov_base + written;
data/android-platform-system-core-10.0.0+r36/libsysutils/src/SocketListener_test.cpp:90:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/android-platform-system-core-10.0.0+r36/libunwindstack/DexFile.cpp:60:50:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(file.c_str(), O_RDONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/libunwindstack/DwarfCfa.h:59:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char name[36];
data/android-platform-system-core-10.0.0+r36/libunwindstack/DwarfOp.cpp:86:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char name[26];
data/android-platform-system-core-10.0.0+r36/libunwindstack/Memory.cpp:120:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, reinterpret_cast<uint8_t*>(&data) + align_bytes, copy_bytes);
data/android-platform-system-core-10.0.0+r36/libunwindstack/Memory.cpp:131:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, &data, sizeof(long));
data/android-platform-system-core-10.0.0+r36/libunwindstack/Memory.cpp:142:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, &data, left_over);
data/android-platform-system-core-10.0.0+r36/libunwindstack/Memory.cpp:194:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst, actual_base, actual_len);
data/android-platform-system-core-10.0.0+r36/libunwindstack/Memory.cpp:220:50:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  android::base::unique_fd fd(TEMP_FAILURE_RETRY(open(file.c_str(), O_RDONLY | O_CLOEXEC)));
data/android-platform-system-core-10.0.0+r36/libunwindstack/Memory.cpp:265:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst, actual_base, actual_len);
data/android-platform-system-core-10.0.0+r36/libunwindstack/Memory.cpp:383:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst, &data_[addr - start_], read_length);
data/android-platform-system-core-10.0.0+r36/libunwindstack/Memory.cpp:430:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, &cache_dst[addr & kCacheMask], size);
data/android-platform-system-core-10.0.0+r36/libunwindstack/Memory.cpp:436:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst, &cache_dst[addr & kCacheMask], max_read);
data/android-platform-system-core-10.0.0+r36/libunwindstack/Memory.cpp:451:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst, cache_dst, size - max_read);
data/android-platform-system-core-10.0.0+r36/libunwindstack/RegsArm.cpp:118:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(regs->RawData(), &user->regs[0], ARM_REG_LAST * sizeof(uint32_t));
data/android-platform-system-core-10.0.0+r36/libunwindstack/RegsArm.cpp:126:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(regs->RawData(), &arm_ucontext->uc_mcontext.regs[0], ARM_REG_LAST * sizeof(uint32_t));
data/android-platform-system-core-10.0.0+r36/libunwindstack/RegsArm64.cpp:112:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(regs->RawData(), &user->regs[0], (ARM64_REG_R31 + 1) * sizeof(uint64_t));
data/android-platform-system-core-10.0.0+r36/libunwindstack/RegsArm64.cpp:123:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(regs->RawData(), &arm64_ucontext->uc_mcontext.regs[0], ARM64_REG_LAST * sizeof(uint64_t));
data/android-platform-system-core-10.0.0+r36/libunwindstack/RegsMips.cpp:114:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(regs->RawData(), &user->regs[MIPS32_EF_R0], (MIPS_REG_R31 + 1) * sizeof(uint32_t));
data/android-platform-system-core-10.0.0+r36/libunwindstack/RegsMips64.cpp:114:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(regs->RawData(), &user->regs[MIPS64_EF_R0], (MIPS64_REG_R31 + 1) * sizeof(uint64_t));
data/android-platform-system-core-10.0.0+r36/libunwindstack/RegsMips64.cpp:125:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(regs->RawData(), &mips64_ucontext->uc_mcontext.sc_regs[0], 32 * sizeof(uint64_t));
data/android-platform-system-core-10.0.0+r36/libunwindstack/RegsX86_64.cpp:120:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&regs_[X86_64_REG_R8], &ucontext->uc_mcontext.r8, 8 * sizeof(uint64_t));
data/android-platform-system-core-10.0.0+r36/libunwindstack/include/unwindstack/UcontextArm64.h:61:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char __padding[128 - sizeof(arm64_sigset_t)];
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/DwarfCfaLogTest.cpp:226:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&buffer[1], &address, sizeof(address));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/DwarfCfaTest.cpp:270:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&buffer[1], &address, sizeof(address));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/DwarfOpTest.cpp:229:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&expected_value, &value, i);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1192:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char note_section[128];
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1197:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section, &note_header, sizeof(note_header));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1200:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section[note_offset], "GNU", sizeof("GNU"));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1203:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section[note_offset], "BUILDID", 7);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1246:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char note_section[128];
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1251:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section, &note_header, sizeof(note_header));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1253:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section[note_offset], "WRONG", sizeof("WRONG"));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1256:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section[note_offset], "BUILDID", 7);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1262:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section[note_offset], &note_header, sizeof(note_header));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1265:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section[note_offset], "GNU", sizeof("GNU"));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1268:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section[note_offset], "BUILDID", 7);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1311:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char note_section[128];
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1316:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section, &note_header, sizeof(note_header));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1319:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section[note_offset], "GNU", sizeof("GNU"));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1322:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section[note_offset], "BUILDID", 7);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1365:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char note_section[128];
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1370:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section, &note_header, sizeof(note_header));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1373:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section[note_offset], "GNU", sizeof("GNU"));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1376:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section[note_offset], "BUILDID", 7);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1419:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char note_section[128];
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1424:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section, &note_header, sizeof(note_header));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1427:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section[note_offset], "GNU", sizeof("GNU"));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:1430:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section[note_offset], "BUILDID", 7);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfTestUtils.cpp:39:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&ehdr->e_ident[0], ELFMAG, SELFMAG);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfTestUtils.cpp:111:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = TEMP_FAILURE_RETRY(open(name.c_str(), O_RDONLY));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/GenGnuDebugdata.cpp:36:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&ehdr->e_ident[0], ELFMAG, SELFMAG);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/GenGnuDebugdata.cpp:91:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int elf32_fd = TEMP_FAILURE_RETRY(open("elf32", O_RDWR | O_CREAT | O_TRUNC | O_CLOEXEC, 0644));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/GenGnuDebugdata.cpp:97:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int elf64_fd = TEMP_FAILURE_RETRY(open("elf64", O_RDWR | O_CREAT | O_TRUNC | O_CLOEXEC, 0644));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/JitDebugTest.cpp:91:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ehdr.e_ident, ELFMAG, SELFMAG);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MapInfoCreateMemoryTest.cpp:51:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ehdr.e_ident, ELFMAG, SELFMAG);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MapInfoCreateMemoryTest.cpp:56:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&buffer[file_offset], &ehdr, sizeof(ehdr));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MapInfoCreateMemoryTest.cpp:63:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer.data(), ELFMAG, SELFMAG);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MapInfoCreateMemoryTest.cpp:68:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&buffer[0x1000], ELFMAG, SELFMAG);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MapInfoCreateMemoryTest.cpp:264:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer.data(), &ehdr, sizeof(ehdr));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MapInfoGetBuildIDTest.cpp:142:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char note_section[128];
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MapInfoGetBuildIDTest.cpp:147:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section, &note_header, sizeof(note_header));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MapInfoGetBuildIDTest.cpp:149:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section[note_offset], "GNU", sizeof("GNU"));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MapInfoGetBuildIDTest.cpp:151:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&note_section[note_offset], "ELF_BUILDID", sizeof("ELF_BUILDID"));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MapInfoGetElfTest.cpp:54:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ehdr->e_ident, ELFMAG, SELFMAG);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MapInfoGetElfTest.cpp:191:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer.data(), &ehdr, sizeof(ehdr));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MapInfoGetElfTest.cpp:220:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&buffer[info.offset], &ehdr, sizeof(ehdr));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MapInfoGetElfTest.cpp:253:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&buffer[info.offset], &ehdr, sizeof(ehdr));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MapInfoGetElfTest.cpp:281:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&buffer[info.offset], &ehdr, sizeof(ehdr));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/UnwindOfflineTest.cpp:132:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* fp = fopen((dir_ + "regs.txt").c_str(), "r");
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/UnwindOfflineTest.cpp:136:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char reg_name[100];
data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind.cpp:113:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  pid_t pid = atoi(argv[1]);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind_for_offline.cpp:77:47:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  std::unique_ptr<FILE, decltype(&fclose)> fp(fopen("regs.txt", "w+"), &fclose);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind_for_offline.cpp:110:49:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    std::unique_ptr<FILE, decltype(&fclose)> fp(fopen(file_name.c_str(), "w+"), &fclose);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind_for_offline.cpp:150:51:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  std::unique_ptr<FILE, decltype(&fclose)> output(fopen(cur_name.c_str(), "w+"), &fclose);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind_for_offline.cpp:175:47:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  std::unique_ptr<FILE, decltype(&fclose)> fp(fopen(info->name.c_str(), "r"), &fclose);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind_for_offline.cpp:181:51:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  std::unique_ptr<FILE, decltype(&fclose)> output(fopen(cur_name.c_str(), "w+"), &fclose);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind_for_offline.cpp:309:47:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  std::unique_ptr<FILE, decltype(&fclose)> fp(fopen("maps.txt", "w+"), &fclose);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind_for_offline.cpp:316:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char perms[5] = {"---p"};
data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind_for_offline.cpp:344:15:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  pid_t pid = atoi(argv[1]);
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:82:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dev_name[64];
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:83:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char desc[MAX_DESCRIPTORS_LENGTH];
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:101:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char devname[32];
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:124:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char busname[32];
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:147:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[100];
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:232:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char event_buf[512];
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:233:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[100];
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:267:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                i = atoi(event->name);
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:351:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fd = open(dev_name, O_RDWR);
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:353:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fd = open(dev_name, O_RDONLY);
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:404:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open(device->dev_name, O_RDWR);
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:491:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char response[MAX_STRING_DESCRIPTOR_LENGTH];
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:520:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(out, response + 2, descriptor_len);
data/android-platform-system-core-10.0.0+r36/libutils/Looper_test.cpp:55:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[1];
data/android-platform-system-core-10.0.0+r36/libutils/LruCache_test.cpp:224:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(strings[i], "%zu", i);
data/android-platform-system-core-10.0.0+r36/libutils/ProcessCallStack.cpp:50:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/libutils/ProcessCallStack.cpp:51:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char procNameBuf[MAX_PROC_PATH];
data/android-platform-system-core-10.0.0+r36/libutils/ProcessCallStack.cpp:56:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(path, "r"))) {
data/android-platform-system-core-10.0.0+r36/libutils/ProcessCallStack.cpp:78:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/libutils/ProcessCallStack.cpp:80:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char procNameBuf[MAX_PROC_PATH];
data/android-platform-system-core-10.0.0+r36/libutils/ProcessCallStack.cpp:84:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fp = fopen(path, "r"))) {
data/android-platform-system-core-10.0.0+r36/libutils/ProcessCallStack.cpp:103:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char timestr[MAX_TIME_STRING];
data/android-platform-system-core-10.0.0+r36/libutils/PropertyMap.cpp:118:34:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    status_t status = Tokenizer::open(filename, &tokenizer);
data/android-platform-system-core-10.0.0+r36/libutils/RefBase.cpp:276:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[128];
data/android-platform-system-core-10.0.0+r36/libutils/RefBase.cpp:290:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char name[100];
data/android-platform-system-core-10.0.0+r36/libutils/RefBase.cpp:293:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            int rc = open(name, O_RDWR | O_CREAT | O_APPEND, 644);
data/android-platform-system-core-10.0.0+r36/libutils/RefBase.cpp:382:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[128];
data/android-platform-system-core-10.0.0+r36/libutils/SharedBuffer.cpp:61:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(sb->data(), data(), size());
data/android-platform-system-core-10.0.0+r36/libutils/SharedBuffer.cpp:86:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(sb->data(), data(), newSize < mySize ? newSize : mySize);
data/android-platform-system-core-10.0.0+r36/libutils/String16.cpp:79:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(str, u16str, u16len * sizeof(char16_t));
data/android-platform-system-core-10.0.0+r36/libutils/String16.cpp:219:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(str+myLen, other, (otherLen+1)*sizeof(char16_t));
data/android-platform-system-core-10.0.0+r36/libutils/String16.cpp:245:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(str+myLen, chrs, otherLen*sizeof(char16_t));
data/android-platform-system-core-10.0.0+r36/libutils/String16.cpp:283:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(str+pos, chrs, len*sizeof(char16_t));
data/android-platform-system-core-10.0.0+r36/libutils/String8.cpp:67:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(str, in, len);
data/android-platform-system-core-10.0.0+r36/libutils/String8.cpp:347:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(str, other, otherLen);
data/android-platform-system-core-10.0.0+r36/libutils/String8.cpp:498:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, name, len);
data/android-platform-system-core-10.0.0+r36/libutils/String8.cpp:632:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buf+len, name, newlen+1);
data/android-platform-system-core-10.0.0+r36/libutils/Tokenizer.cpp:48:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
status_t Tokenizer::open(const String8& filename, Tokenizer** outTokenizer) {
data/android-platform-system-core-10.0.0+r36/libutils/Tokenizer.cpp:52:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = ::open(filename.string(), O_RDONLY);
data/android-platform-system-core-10.0.0+r36/libutils/VectorImpl.cpp:542:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dest, from, num*itemSize());
data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Flattenable.h:73:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buffer, &value, sizeof(T));
data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Flattenable.h:82:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&value, buffer, sizeof(T));
data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Flattenable.h:197:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buffer, static_cast<T const*>(this), sizeof(T));
data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Flattenable.h:201:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(static_cast<T*>(this), buffer, sizeof(T));
data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Printer.h:82:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char mFormatString[MAX_FORMAT_STRING];
data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Tokenizer.h:43:21:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    static status_t open(const String8& filename, Tokenizer** outTokenizer);
data/android-platform-system-core-10.0.0+r36/libutils/include/utils/TypeHelpers.h:158:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(d,s,n*sizeof(TYPE));
data/android-platform-system-core-10.0.0+r36/libziparchive/unzip.cpp:185:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int fd = open(name.c_str(), O_CREAT | O_WRONLY | O_CLOEXEC | O_EXCL, entry.unix_mode);
data/android-platform-system-core-10.0.0+r36/libziparchive/unzip.cpp:190:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(name.c_str(), O_WRONLY | O_CREAT | O_CLOEXEC | O_TRUNC, entry.unix_mode);
data/android-platform-system-core-10.0.0+r36/libziparchive/unzip.cpp:203:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char time[32];
data/android-platform-system-core-10.0.0+r36/libziparchive/zip_archive.cc:489:41:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  const int fd = ::android::base::utf8::open(fileName, O_RDONLY | O_BINARY | O_CLOEXEC, 0);
data/android-platform-system-core-10.0.0+r36/libziparchive/zip_archive.cc:714:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(name_copy, in_prefix->name, in_prefix->name_length);
data/android-platform-system-core-10.0.0+r36/libziparchive/zip_archive.cc:723:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(name_copy, in_suffix->name, in_suffix->name_length);
data/android-platform-system-core-10.0.0+r36/libziparchive/zip_archive.cc:822:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf_ + bytes_written_, buf, buf_size);
data/android-platform-system-core-10.0.0+r36/libziparchive/zip_archive.cc:1239:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, static_cast<uint8_t*>(base_ptr_) + off, len);
data/android-platform-system-core-10.0.0+r36/libziparchive/zip_archive_test.cc:95:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int fd = open((test_data_dir + "/" + kValidZip).c_str(), O_RDONLY | O_BINARY);
data/android-platform-system-core-10.0.0+r36/libziparchive/zip_archive_test.cc:105:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int fd = open((test_data_dir + "/" + kValidZip).c_str(), O_RDONLY | O_BINARY);
data/android-platform-system-core-10.0.0+r36/libziparchive/zip_archive_test.cc:412:31:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  android::base::unique_fd fd(open(zip_path.c_str(), O_RDONLY | O_BINARY));
data/android-platform-system-core-10.0.0+r36/libziparchive/zip_archive_test.cc:457:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(read_data_ptr, data->data(), data->size());
data/android-platform-system-core-10.0.0+r36/libziparchive/zip_archive_test.cc:702:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, &input_[offset], len);
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:151:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                 ? ::open(directory, O_CLOEXEC | O_DIRECTORY | O_RDONLY)
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:157:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        : fd(::open(directory.c_str(), O_CLOEXEC | O_DIRECTORY | O_RDONLY)),
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:162:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        : fd(::open(directory.c_str(), O_CLOEXEC | O_DIRECTORY | O_RDONLY)),
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:192:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fd = ::open(directory, O_CLOEXEC | O_DIRECTORY | O_RDONLY);
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:302:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char comm[TASK_COMM_LEN + 3];  // space for adding '[' and ']'
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:497:31:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = TEMP_FAILURE_RETRY(::open(file.c_str(), O_WRONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:1020:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char pdir[TASK_COMM_LEN + 1];
data/android-platform-system-core-10.0.0+r36/llkd/tests/llkd_test.cpp:211:31:  [2] (race) vfork:
  On some old systems, vfork() permits race conditions, and it's very
  difficult to use correctly (CWE-362). Use fork() instead.
            auto driver_pid = vfork();
data/android-platform-system-core-10.0.0+r36/llkd/tests/llkd_test.cpp:291:27:  [2] (race) vfork:
  On some old systems, vfork() permits race conditions, and it's very
  difficult to use correctly (CWE-362). Use fork() instead.
        auto driver_pid = vfork();
data/android-platform-system-core-10.0.0+r36/llkd/tests/llkd_test.cpp:323:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            auto fd = open(stack_pipe_file, O_RDONLY | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/llkd/tests/llkd_test.cpp:327:23:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            auto fd = open(stack_pipe_file, O_WRONLY | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/lmkd/liblmkd_utils.c:46:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/android-platform-system-core-10.0.0+r36/lmkd/liblmkd_utils.c:63:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    tasks_file = open(buf, O_WRONLY);
data/android-platform-system-core-10.0.0+r36/lmkd/libpsi/psi.c:37:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/android-platform-system-core-10.0.0+r36/lmkd/libpsi/psi.c:39:29:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = TEMP_FAILURE_RETRY(open(PSI_MON_FILE_MEMORY, O_WRONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:428:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        data->fd = open(data->filename, O_RDONLY | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:527:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open(path, O_WRONLY | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:556:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:557:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[PAGE_SIZE];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:564:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(path, O_RDONLY | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:600:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[80];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:601:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char val[20];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:807:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char minfree_str[PROPERTY_VALUE_MAX];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:854:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char minfreestr[128];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:855:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char killpriostr[128];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:861:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char val[40];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1041:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key[LINE_MAX + 1];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1064:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1068:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(buf, "r");
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1084:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1085:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[PROC_STAT_BUFFER_SIZE];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1089:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((fd = open(path, O_RDONLY | O_CLOEXEC)) < 0) {
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1184:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[PAGE_SIZE];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1238:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[PAGE_SIZE];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1271:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1272:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[LINE_MAX];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1280:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(path, O_RDONLY | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1296:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1297:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char line[LINE_MAX];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1304:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(path, O_RDONLY | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1349:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char proc_path[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1363:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        t_pid = atoi(de->d_name);
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1522:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[32];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1577:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[24];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1863:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1870:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    mpfd = open(MEMCG_SYSFS_PATH "memory.pressure_level", O_RDONLY | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1876:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    evctlfd = open(MEMCG_SYSFS_PATH "cgroup.event_control", O_WRONLY | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/lmkd/tests/lmkd_test.cpp:113:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[PATH_MAX + 1];
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:163:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    return open(pathname, O_WRONLY | O_APPEND | O_CREAT, S_IRUSR | S_IWUSR);
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:320:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char binaryMsgBuf[1024];
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:366:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[1024];
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:821:27:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        context->output = fopen(filename, "web");
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:1240:32:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                    FILE* fp = fopen(devname.c_str(), "web");
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:1541:17:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            if (atol(buf) < 3) {
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:1546:26:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            size_t ret = atol(buf) + 1;
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_benchmark.cpp:78:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[5120];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:92:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BIG_BUFFER];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:133:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BIG_BUFFER];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:188:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char needle[32];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:203:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[BIG_BUFFER];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:267:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[BIG_BUFFER];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:294:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BIG_BUFFER];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:316:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[BIG_BUFFER];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:356:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BIG_BUFFER];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:475:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BIG_BUFFER];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:519:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BIG_BUFFER];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:556:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BIG_BUFFER];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:562:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char size_mult[4], consumed_mult[4];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:668:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BIG_BUFFER];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:736:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BIG_BUFFER];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:789:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[sizeof(form)];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:795:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char command[sizeof(buf) + sizeof(comm)];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:806:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buffer[BIG_BUFFER];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:835:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp_out_dir[sizeof(tmp_out_dir_form)];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:841:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char command[sizeof(tmp_out_dir) + sizeof(logcat_cmd)];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:851:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[BIG_BUFFER];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:893:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp_out_dir[sizeof(tmp_out_dir_form)];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:900:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char command[sizeof(tmp_out_dir) + sizeof(logcat_cmd) + sizeof(log_filename)];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:912:32:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    EXPECT_TRUE(NULL != ((fp = fopen(command, "r"))));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:978:36:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        EXPECT_TRUE(NULL != ((fp = fopen(command, "r"))));
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1018:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp_out_dir[sizeof(tmp_out_dir_form)];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1027:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char command[sizeof(tmp_out_dir) + sizeof(logcat_cmd) +
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1099:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char command[strlen(tmp_out_dir) + strlen(logcat_cmd) +
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1134:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp_out_dir[strlen(tmp_out_dir_form) + 1];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1140:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char id_file[strlen(tmp_out_dir_form) + strlen(log_filename) + 5];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1149:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* fp = fopen(id_file, "w");
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1167:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char command[strlen(cleanup_cmd) + strlen(tmp_out_dir_form)];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1209:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BIG_BUFFER];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1235:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char size_mult[4], consumed_mult[4];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1318:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BIG_BUFFER];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1345:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BIG_BUFFER];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1407:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BIG_BUFFER];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1446:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BIG_BUFFER];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1490:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[BIG_BUFFER];
data/android-platform-system-core-10.0.0+r36/logd/CommandListener.cpp:92:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int id = atoi(argv[1]);
data/android-platform-system-core-10.0.0+r36/logd/CommandListener.cpp:114:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int id = atoi(argv[1]);
data/android-platform-system-core-10.0.0+r36/logd/CommandListener.cpp:121:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[512];
data/android-platform-system-core-10.0.0+r36/logd/CommandListener.cpp:144:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int id = atoi(argv[1]);
data/android-platform-system-core-10.0.0+r36/logd/CommandListener.cpp:150:26:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    unsigned long size = atol(argv[2]);
data/android-platform-system-core-10.0.0+r36/logd/CommandListener.cpp:172:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    int id = atoi(argv[1]);
data/android-platform-system-core-10.0.0+r36/logd/CommandListener.cpp:179:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[512];
data/android-platform-system-core-10.0.0+r36/logd/CommandListener.cpp:191:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt[32];
data/android-platform-system-core-10.0.0+r36/logd/CommandListener.cpp:214:23:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                pid = atol(argv[i] + sizeof(_pid) - 1);
data/android-platform-system-core-10.0.0+r36/logd/CommandListener.cpp:222:22:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int id = atoi(argv[i]);
data/android-platform-system-core-10.0.0+r36/logd/CommandListener.cpp:319:54:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        cli->sendMsg(package_string(mBuf.formatEntry(atoi(id), uid)).c_str());
data/android-platform-system-core-10.0.0+r36/logd/LogAudit.cpp:310:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(timeptr + sizeof(audit_str) - 1, "0.0", 3);
data/android-platform-system-core-10.0.0+r36/logd/LogAudit.cpp:347:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(event->data, str, str_len - denial_metadata.length());
data/android-platform-system-core-10.0.0+r36/logd/LogAudit.cpp:348:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(event->data + str_len - denial_metadata.length(),
data/android-platform-system-core-10.0.0+r36/logd/LogAudit.cpp:398:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char newstr[message_len];
data/android-platform-system-core-10.0.0+r36/logd/LogBufferElement.cpp:47:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(mMsg, msg, len);
data/android-platform-system-core-10.0.0+r36/logd/LogBufferElement.cpp:63:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(mMsg, elem.mMsg, len);
data/android-platform-system-core-10.0.0+r36/logd/LogBufferElement.cpp:69:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(mMsg, elem.mMsg, mMsgLen);
data/android-platform-system-core-10.0.0+r36/logd/LogBufferElement.cpp:91:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(truncated_msg, mMsg, sizeof(android_event_header_t));
data/android-platform-system-core-10.0.0+r36/logd/LogBufferElement.cpp:106:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/android-platform-system-core-10.0.0+r36/logd/LogBufferElement.cpp:108:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open(buffer, O_RDONLY);
data/android-platform-system-core-10.0.0+r36/logd/LogCommand.cpp:70:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[256];
data/android-platform-system-core-10.0.0+r36/logd/LogCommand.cpp:96:22:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        FILE* file = fopen(filename, "r");
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:214:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[strlen(priority_message) + strlen(klogdStr) +
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:228:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[LOGGER_ENTRY_MAX_PAYLOAD];
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:775:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char newstr[n];
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:783:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(np, tag, taglen);
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:789:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(np, p, b);
data/android-platform-system-core-10.0.0+r36/logd/LogListener.cpp:47:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[sizeof_log_id_t + sizeof(uint16_t) + sizeof(log_time) +
data/android-platform-system-core-10.0.0+r36/logd/LogListener.cpp:51:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    alignas(4) char control[CMSG_SPACE(sizeof(struct ucred))];
data/android-platform-system-core-10.0.0+r36/logd/LogReader.cpp:52:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[255];
data/android-platform-system-core-10.0.0+r36/logd/LogReader.cpp:77:16:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        tail = atol(cp + sizeof(_tail) - 1);
data/android-platform-system-core-10.0.0+r36/logd/LogReader.cpp:92:19:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        timeout = atol(cp + sizeof(_timeout) - 1) * NS_PER_SEC +
data/android-platform-system-core-10.0.0+r36/logd/LogReader.cpp:120:15:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        pid = atol(cp + sizeof(_pid) - 1);
data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.cpp:63:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[512];
data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.cpp:65:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        int fd = open(buffer, O_RDONLY);
data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.cpp:823:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[512];
data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.cpp:825:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* fp = fopen(buffer, "r");
data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.cpp:842:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[512];
data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.cpp:844:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE* fp = fopen(buffer, "r");
data/android-platform-system-core-10.0.0+r36/logd/LogTags.cpp:94:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fd = TEMP_FAILURE_RETRY(open(
data/android-platform-system-core-10.0.0+r36/logd/LogTags.cpp:100:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char timebuf[20];
data/android-platform-system-core-10.0.0+r36/logd/LogTags.cpp:500:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = TEMP_FAILURE_RETRY(open(name, mode));
data/android-platform-system-core-10.0.0+r36/logd/LogTags.cpp:523:38:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        pmsg_fd = TEMP_FAILURE_RETRY(open("/dev/pmsg0", O_WRONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/logd/LogWhiteBlackList.cpp:94:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char property[PROPERTY_VALUE_MAX];
data/android-platform-system-core-10.0.0+r36/logd/libaudit.c:104:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(NLMSG_DATA(&req.nlh), data, size);
data/android-platform-system-core-10.0.0+r36/logd/libaudit.h:41:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ctx[0];
data/android-platform-system-core-10.0.0+r36/logd/libaudit.h:46:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char data[MAX_AUDIT_MESSAGE_LENGTH];
data/android-platform-system-core-10.0.0+r36/logd/main.cpp:190:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/android-platform-system-core-10.0.0+r36/logd/main.cpp:191:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, message, sizeof(message));
data/android-platform-system-core-10.0.0+r36/logd/main.cpp:398:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[sizeof(success) - 1];
data/android-platform-system-core-10.0.0+r36/logd/main.cpp:426:38:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fdDmesg = TEMP_FAILURE_RETRY(open(dev_kmsg, O_WRONLY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/logd/main.cpp:438:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                open(proc_kmsg, O_RDONLY | O_NDELAY | O_CLOEXEC));
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:86:22:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        size_t ret = atol(buf) + 1;
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:396:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fd = open(loggers[i], O_RDONLY);
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:472:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[5120];
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:542:33:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    unsigned long nowSpamSize = atol(benchmark_statistics_found);
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:556:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[80];
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:581:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buffer[80];
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:584:21:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        totalSize = atol(buffer);
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:889:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:904:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:921:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:924:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[64];
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:92:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char klog_fmt[MAX_KLOG_TAG * 2];
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:112:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(b_buf->buf + b_buf->used_len, line, line_len);
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:148:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(e_buf->buf + e_buf->write, line, cnt);
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:150:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(e_buf->buf, line + cnt, line_len - cnt);
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:284:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(nbuf, a_buf->e_buf.buf + a_buf->e_buf.read, first_chunk_len);
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:286:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(nbuf + first_chunk_len, a_buf->e_buf.buf, a_buf->e_buf.write);
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:295:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[4096];
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:311:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmpbuf[256];
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:336:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fd = open(file_path, O_WRONLY | O_CREAT, 0664);
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:466:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(argv_child, argv, argc * sizeof(char *));
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:497:38:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    parent_ptty = TEMP_FAILURE_RETRY(open("/dev/ptmx", O_RDWR));
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:504:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char child_devname[64];
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:512:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    child_ptty = TEMP_FAILURE_RETRY(open(child_devname, O_RDWR));
data/android-platform-system-core-10.0.0+r36/property_service/libpropertyinfoparser/include/property_info_parser/property_info_parser.h:92:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char data_base_[0];
data/android-platform-system-core-10.0.0+r36/property_service/libpropertyinfoparser/property_info_parser.cpp:200:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int fd = open(filename, O_CLOEXEC | O_NOFOLLOW | O_RDONLY);
data/android-platform-system-core-10.0.0+r36/property_service/property_info_checker/property_info_checker.cpp:48:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    policy_file_ = fopen(policy_file, "re");
data/android-platform-system-core-10.0.0+r36/qemu_pipe/qemu_pipe.cpp:44:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = TEMP_FAILURE_RETRY(open("/dev/qemu_pipe", O_RDWR));
data/android-platform-system-core-10.0.0+r36/qemu_pipe/qemu_pipe.cpp:72:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char header[5];
data/android-platform-system-core-10.0.0+r36/qemu_pipe/qemu_pipe.cpp:86:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char header[5];
data/android-platform-system-core-10.0.0+r36/reboot/reboot.c:27:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char property_val[PROPERTY_VALUE_MAX];
data/android-platform-system-core-10.0.0+r36/run-as/run-as.cpp:112:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char subpath[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/run-as/run-as.cpp:134:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(subpath, data_path, nn);
data/android-platform-system-core-10.0.0+r36/run-as/run-as.cpp:188:14:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    userId = atoi(argv[3]);
data/android-platform-system-core-10.0.0+r36/sdcard/sdcard.cpp:63:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char property[PROPERTY_VALUE_MAX];
data/android-platform-system-core-10.0.0+r36/storaged/storaged.cpp:242:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    unique_fd fd(TEMP_FAILURE_RETRY(open(tmp_file.c_str(),
data/android-platform-system-core-10.0.0+r36/storaged/storaged_info.cpp:347:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rev[8];
data/android-platform-system-core-10.0.0+r36/storaged/storaged_info.cpp:355:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char token[32];
data/android-platform-system-core-10.0.0+r36/storaged/tests/storaged_test.cpp:43:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open(path, O_WRONLY | O_CREAT, 0600);
data/android-platform-system-core-10.0.0+r36/storaged/tests/storaged_test.cpp:45:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[2048];
data/android-platform-system-core-10.0.0+r36/storaged/tests/storaged_test.cpp:54:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(path, O_RDONLY);
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:281:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char prefix[16];
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:284:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:286:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[2048];
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:297:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            file = fopen(filename, "r");
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:319:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[80];
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:320:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char location[80];
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:321:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char idstr[80];
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:324:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(device, O_RDONLY | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:434:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char devname[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:436:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char event_buf[512];
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:475:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char devname[PATH_MAX];
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:588:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            event_count = atoi(optarg);
data/android-platform-system-core-10.0.0+r36/toolbox/r.c:60:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open("/dev/mem", O_RDWR | O_SYNC);
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/fastgrep.c:125:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(fg->pattern, pat, fg->len);
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/file.c:66:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char buffer[MAXBUFSIZ + 1];
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/file.c:165:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(lnbuf, bufpos, len);
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/file.c:177:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(lnbuf + off, bufpos, len - off);
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/file.c:192:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(lnbuf + off, bufpos, diff);
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/file.c:252:22:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	} else if ((f->fd = open(path, O_RDONLY)) == -1) {
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/grep.c:95:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char	 re_error[RE_ERROR_BUF + 1];
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/grep.c:244:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(pattern[patterns], pat, len);
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/grep.c:296:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	if ((f = fopen(fn, "r")) == NULL)
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/grep.h:137:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char	 re_error[RE_ERROR_BUF + 1];	/* Seems big enough */
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/queue.c:69:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(item->data.dat, x->dat, x->len);
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/util.c:162:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(dir, p->fts_path,
data/android-platform-system-core-10.0.0+r36/trusty/gatekeeper/trusty_gatekeeper.cpp:93:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(desired_password_buffer.buffer.get(), desired_password, desired_password_length);
data/android-platform-system-core-10.0.0+r36/trusty/gatekeeper/trusty_gatekeeper.cpp:97:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(current_password_handle_buffer.buffer.get(), current_password_handle,
data/android-platform-system-core-10.0.0+r36/trusty/gatekeeper/trusty_gatekeeper.cpp:103:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(current_password_buffer.buffer.get(), current_password, current_password_length);
data/android-platform-system-core-10.0.0+r36/trusty/gatekeeper/trusty_gatekeeper.cpp:134:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(password_handle_buffer.buffer.get(), enrolled_password_handle,
data/android-platform-system-core-10.0.0+r36/trusty/gatekeeper/trusty_gatekeeper.cpp:137:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(provided_password_buffer.buffer.get(), provided_password, provided_password_length);
data/android-platform-system-core-10.0.0+r36/trusty/gatekeeper/trusty_gatekeeper_ipc.c:55:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(msg->payload, in, in_size);
data/android-platform-system-core-10.0.0+r36/trusty/keymaster/ipc/trusty_keymaster_ipc.cpp:64:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(msg->payload, in, in_size);
data/android-platform-system-core-10.0.0+r36/trusty/keymaster/legacy/trusty_keymaster_device.cpp:116:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(tmp, buffer, size);
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:129:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			opt_repeat = atoi(optarg);
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:133:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			opt_msgsize = atoi(optarg);
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:137:19:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
			opt_msgburst = atoi(optarg);
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:280:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[64];
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:348:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tx_buf[msgsz];
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:349:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rx_buf[msgsz];
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:410:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tx_buf[msgsz];
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:457:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rx_buf[msgsz];
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:509:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tx_buf[msgsz];
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:554:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rx_buf[512];
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:598:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char rx_buf[256];
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:730:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tx0_buf[msgsz];
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:731:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tx1_buf[msgsz];
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:732:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rx_buf [msgsz];
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:812:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tx_buf [msgsz];
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:813:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rx0_buf[msgsz];
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:814:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char rx1_buf[msgsz];
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/trusty.c:37:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	fd = open(dev_name, O_RDWR);
data/android-platform-system-core-10.0.0+r36/trusty/storage/interface/include/trusty/interface/storage.h:149:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char name[0];
data/android-platform-system-core-10.0.0+r36/trusty/storage/interface/include/trusty/interface/storage.h:159:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char     name[0];
data/android-platform-system-core-10.0.0+r36/trusty/storage/proxy/rpmb.c:237:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    rc = open(rpmb_devname, O_RDWR, 0);
data/android-platform-system-core-10.0.0+r36/trusty/storage/proxy/storage.c:254:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            rc = TEMP_FAILURE_RETRY(open(path, open_flags, S_IRUSR | S_IWUSR));
data/android-platform-system-core-10.0.0+r36/trusty/storage/proxy/storage.c:257:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            rc = TEMP_FAILURE_RETRY(open(path, open_flags, S_IRUSR | S_IWUSR));
data/android-platform-system-core-10.0.0+r36/trusty/storage/proxy/storage.c:261:41:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                rc = TEMP_FAILURE_RETRY(open(path, open_flags, S_IRUSR | S_IWUSR));
data/android-platform-system-core-10.0.0+r36/trusty/storage/proxy/storage.c:267:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        rc = TEMP_FAILURE_RETRY(open(path, open_flags, S_IRUSR | S_IWUSR));
data/android-platform-system-core-10.0.0+r36/trusty/storage/proxy/storage.c:476:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    ssdir_fd = open(dirname, O_RDONLY);
data/android-platform-system-core-10.0.0+r36/trusty/storage/tests/main.cpp:539:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[10];
data/android-platform-system-core-10.0.0+r36/trusty/storage/tests/main.cpp:1085:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char max_name[STORAGE_MAX_NAME_LENGTH_BYTES+1];
data/android-platform-system-core-10.0.0+r36/trusty/utils/trusty-ut-ctrl/ut-ctrl.c:102:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char rx_buf[1024];
data/android-platform-system-core-10.0.0+r36/watchdogd/watchdogd.cpp:32:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (argc >= 2) interval = atoi(argv[1]);
data/android-platform-system-core-10.0.0+r36/watchdogd/watchdogd.cpp:35:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    if (argc >= 3) margin = atoi(argv[2]);
data/android-platform-system-core-10.0.0+r36/watchdogd/watchdogd.cpp:39:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    int fd = open(DEV_NAME, O_RDWR | O_CLOEXEC);
data/android-platform-system-core-10.0.0+r36/adb/adb_io.cpp:133:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return WriteFdExactly(fd, str, strlen(str));
data/android-platform-system-core-10.0.0+r36/adb/client/auth.cpp:95:16:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    old_mask = umask(077);
data/android-platform-system-core-10.0.0+r36/adb/client/auth.cpp:100:9:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
        umask(old_mask);
data/android-platform-system-core-10.0.0+r36/adb/client/auth.cpp:104:5:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    umask(old_mask);
data/android-platform-system-core-10.0.0+r36/adb/client/bugreport.cpp:136:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            SetSrcFile(&line[strlen(BUGZ_BEGIN_PREFIX)]);
data/android-platform-system-core-10.0.0+r36/adb/client/bugreport.cpp:138:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            SetSrcFile(&line[strlen(BUGZ_OK_PREFIX)]);
data/android-platform-system-core-10.0.0+r36/adb/client/bugreport.cpp:140:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const char* error_message = &line[strlen(BUGZ_FAIL_PREFIX)];
data/android-platform-system-core-10.0.0+r36/adb/client/bugreport.cpp:148:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t idx1 = line.rfind(BUGZ_PROGRESS_PREFIX) + strlen(BUGZ_PROGRESS_PREFIX);
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:688:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (!(strlen(optarg) == 1 || strcmp(optarg, "none") == 0)) {
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:911:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   static_cast<int>(strlen(filename) + 10), "");
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:965:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    auto wipe_devices_message_size = strlen(kMinadbdServicesExitSuccess);
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:1383:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    std::thread read(forward, fd.get(), STDOUT_FILENO, true);
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:1385:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    read.join();
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:1527:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (server_port_str && strlen(server_port_str) > 0) {
data/android-platform-system-core-10.0.0+r36/adb/client/commandline.cpp:1580:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!strncmp(argv[0], "wait-for-", strlen("wait-for-"))) {
data/android-platform-system-core-10.0.0+r36/adb/client/file_sync_client.cpp:285:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t path_length = strlen(path_and_mode);
data/android-platform-system-core-10.0.0+r36/adb/client/file_sync_client.cpp:381:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t path_length = strlen(path_and_mode);
data/android-platform-system-core-10.0.0+r36/adb/client/file_sync_client.cpp:977:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t dst_len = strlen(dst);
data/android-platform-system-core-10.0.0+r36/adb/client/file_sync_client.cpp:1113:19:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    mode_t mask = umask(0000);
data/android-platform-system-core-10.0.0+r36/adb/client/file_sync_client.cpp:1114:5:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    umask(mask);
data/android-platform-system-core-10.0.0+r36/adb/client/file_sync_client.cpp:1201:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t dst_len = strlen(dst);
data/android-platform-system-core-10.0.0+r36/adb/client/usb_libusb.cpp:99:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          read("read", zero_mask, false),
data/android-platform-system-core-10.0.0+r36/adb/client/usb_libusb.cpp:127:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        libusb_cancel_transfer(read.transfer);
data/android-platform-system-core-10.0.0+r36/adb/client/usb_libusb.cpp:141:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    transfer_info read;
data/android-platform-system-core-10.0.0+r36/adb/client/usb_libusb.cpp:597:31:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    transfer_info* info = &h->read;
data/android-platform-system-core-10.0.0+r36/adb/client/usb_windows.cpp:398:69:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (!AdbReadEndpointSync(handle->adb_read_pipe, data, len, &read, time_out)) {
data/android-platform-system-core-10.0.0+r36/adb/client/usb_windows.cpp:404:46:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        D("usb_read got: %ld, expected: %d", read, len);
data/android-platform-system-core-10.0.0+r36/adb/client/usb_windows.cpp:406:30:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        data = (char*)data + read;
data/android-platform-system-core-10.0.0+r36/adb/client/usb_windows.cpp:407:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        len -= read;
data/android-platform-system-core-10.0.0+r36/adb/daemon/file_sync_service.cpp:191:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t d_name_length = strlen(de->d_name);
data/android-platform-system-core-10.0.0+r36/adb/daemon/include/adbd/usb.h:46:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    int (*read)(usb_handle* h, void* data, int len, bool allow_partial);
data/android-platform-system-core-10.0.0+r36/adb/daemon/main.cpp:191:5:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    umask(0);
data/android-platform-system-core-10.0.0+r36/adb/daemon/reboot_service.cpp:60:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
        strncpy(addr.sun_path, "/dev/socket/recovery", sizeof(addr.sun_path) - 1);
data/android-platform-system-core-10.0.0+r36/adb/daemon/services.cpp:114:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            terminal_type = arg.substr(strlen("TERM="));
data/android-platform-system-core-10.0.0+r36/adb/daemon/shell_service.cpp:342:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                adb_write(oom_score_adj_fd, oom_score_adj_value, strlen(oom_score_adj_value)));
data/android-platform-system-core-10.0.0+r36/adb/daemon/shell_service.cpp:765:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    unique_fd read, write;
data/android-platform-system-core-10.0.0+r36/adb/daemon/shell_service.cpp:766:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (!Pipe(&read, &write)) {
data/android-platform-system-core-10.0.0+r36/adb/daemon/shell_service.cpp:790:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return read;
data/android-platform-system-core-10.0.0+r36/adb/daemon/transport_qemu.cpp:91:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (WriteFdExactly(fd.get(), _accept_req, strlen(_accept_req))) {
data/android-platform-system-core-10.0.0+r36/adb/daemon/transport_qemu.cpp:100:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                WriteFdExactly(fd.get(), _start_req, strlen(_start_req));
data/android-platform-system-core-10.0.0+r36/adb/daemon/usb.cpp:110:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    static TransferId read(uint64_t id) { return TransferId(TransferDirection::READ, id); }
data/android-platform-system-core-10.0.0+r36/adb/daemon/usb.cpp:172:51:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    UsbFfsConnection(unique_fd control, unique_fd read, unique_fd write,
data/android-platform-system-core-10.0.0+r36/adb/daemon/usb.cpp:178:30:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          read_fd_(std::move(read)),
data/android-platform-system-core-10.0.0+r36/adb/daemon/usb.cpp:470:69:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        block->control.aio_data = static_cast<uint64_t>(TransferId::read(id));
data/android-platform-system-core-10.0.0+r36/adb/daemon/usb_legacy.cpp:176:74:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
static int usb_ffs_do_aio(usb_handle* h, const void* data, int len, bool read) {
data/android-platform-system-core-10.0.0+r36/adb/daemon/usb_legacy.cpp:177:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    aio_block* aiob = read ? &h->read_aiob : &h->write_aiob;
data/android-platform-system-core-10.0.0+r36/adb/daemon/usb_legacy.cpp:191:65:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        io_prep(&aiob->iocb[i], aiob->fd, cur_data, buf_len, 0, read);
data/android-platform-system-core-10.0.0+r36/adb/daemon/usb_legacy.cpp:196:55:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (len == 0 && buf_len % packet_size == 0 && read) {
data/android-platform-system-core-10.0.0+r36/adb/daemon/usb_legacy.cpp:204:33:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                packet_size, 0, read);
data/android-platform-system-core-10.0.0+r36/adb/daemon/usb_legacy.cpp:210:61:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            PLOG(ERROR) << "aio: got error submitting " << (read ? "read" : "write");
data/android-platform-system-core-10.0.0+r36/adb/daemon/usb_legacy.cpp:215:58:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            PLOG(ERROR) << "aio: got error waiting " << (read ? "read" : "write");
data/android-platform-system-core-10.0.0+r36/adb/daemon/usb_legacy.cpp:225:63:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                PLOG(ERROR) << "aio: got error event on " << (read ? "read" : "write")
data/android-platform-system-core-10.0.0+r36/adb/daemon/usb_legacy.cpp:313:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return h->read(h, data, len, false /* allow_partial */);
data/android-platform-system-core-10.0.0+r36/adb/fdevent_test.cpp:269:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        read,
data/android-platform-system-core-10.0.0+r36/adb/fdevent_test.cpp:295:43:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                    event = TimeoutEvent::read;
data/android-platform-system-core-10.0.0+r36/adb/fdevent_test.cpp:331:29:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ASSERT_EQ(TimeoutEvent::read, test.events[0].first);
data/android-platform-system-core-10.0.0+r36/adb/socket_test.cpp:253:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    EXPECT_TRUE(WriteFdExactly(tail_fd[0], str, strlen(str)));
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:119:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#undef   read
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:120:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define  read  ___xxx_read
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:427:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return TEMP_FAILURE_RETRY( read( fd, buf, len ) );
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:432:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    return read(fd, buf, len);
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:435:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#undef   read
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:436:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define  read  ___xxx_read
data/android-platform-system-core-10.0.0+r36/adb/sysdeps.h:540:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(buf, name.c_str(), sizeof(buf) - 1);
data/android-platform-system-core-10.0.0+r36/adb/sysdeps/win32/errno.cpp:70:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const size_t custom_msg_len = strlen(custom_msg);
data/android-platform-system-core-10.0.0+r36/adb/sysdeps_win32.cpp:1576:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t len = strlen(normal);
data/android-platform-system-core-10.0.0+r36/adb/sysdeps_win32.cpp:1995:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            outlen = strlen(seqstr);
data/android-platform-system-core-10.0.0+r36/adb/sysdeps_win32.cpp:2095:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#undef read
data/android-platform-system-core-10.0.0+r36/adb/sysdeps_win32.cpp:2096:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        return read(fd, buf, len);
data/android-platform-system-core-10.0.0+r36/adb/sysdeps_win32_test.cpp:69:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        EXPECT_GT(strlen(path_val), 0U);
data/android-platform-system-core-10.0.0+r36/adb/transport_fd.cpp:35:38:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
static void CreateWakeFds(unique_fd* read, unique_fd* write) {
data/android-platform-system-core-10.0.0+r36/base/cmsg_test.cpp:100:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ASSERT_EQ(1, read(recv.get(), buf, 2));
data/android-platform-system-core-10.0.0+r36/base/cmsg_test.cpp:136:35:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  ASSERT_EQ(2, TEMP_FAILURE_RETRY(read(recv.get(), buf, 2)));
data/android-platform-system-core-10.0.0+r36/base/file.cpp:193:34:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((n = TEMP_FAILURE_RETRY(read(fd, &buf[0], sizeof(buf)))) > 0) {
data/android-platform-system-core-10.0.0+r36/base/file.cpp:277:36:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ssize_t n = TEMP_FAILURE_RETRY(read(fd, p, remaining));
data/android-platform-system-core-10.0.0+r36/base/include/android-base/unique_fd.h:171:42:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
inline bool Pipe(unique_fd_impl<Closer>* read, unique_fd_impl<Closer>* write,
data/android-platform-system-core-10.0.0+r36/base/logging_test.cpp:214:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  ASSERT_GT(output.length(), strlen(expected));
data/android-platform-system-core-10.0.0+r36/base/utf8.cpp:89:28:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return WideToUTF8(utf16, wcslen(utf16), utf8);
data/android-platform-system-core-10.0.0+r36/base/utf8.cpp:149:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return UTF8ToWide(utf8, strlen(utf8), utf16);
data/android-platform-system-core-10.0.0+r36/base/utf8_test.cpp:175:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    strlen(convert_cases[i].utf8),
data/android-platform-system-core-10.0.0+r36/base/utf8_test.cpp:244:37:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    wcslen(convert_cases[i].utf16),
data/android-platform-system-core-10.0.0+r36/base/utf8_test.cpp:285:26:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                         wcslen(convert_cases[i].utf32),
data/android-platform-system-core-10.0.0+r36/bootstat/bootstat.cpp:644:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (m.first.length() <= strlen("cold")) continue;  // too short?
data/android-platform-system-core-10.0.0+r36/bootstat/bootstat.cpp:646:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (m.first.length() <= strlen("reboot,cold")) continue;  // short?
data/android-platform-system-core-10.0.0+r36/bootstat/bootstat.cpp:648:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      correctForBitErrorOrUnderline(subReason, m.first.substr(strlen("reboot,")) + terminator);
data/android-platform-system-core-10.0.0+r36/bootstat/bootstat.cpp:651:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    m.first.substr(strlen("kernel_panic,sysrq,")) + terminator);
data/android-platform-system-core-10.0.0+r36/bootstat/bootstat.cpp:653:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      correctForBitErrorOrUnderline(subReason, m.first.substr(strlen("kernel_panic,")) + terminator);
data/android-platform-system-core-10.0.0+r36/bootstat/bootstat.cpp:678:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ret += "," + getSubreason(console, pos + strlen(sysrqSubreason), /* quoted */ true);
data/android-platform-system-core-10.0.0+r36/bootstat/bootstat.cpp:899:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        std::string subReason(getSubreason(content, pos + strlen(cmd), /* quoted */ true));
data/android-platform-system-core-10.0.0+r36/bootstat/bootstat.cpp:949:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      reason = reason.substr(strlen("reboot"));
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:128:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if(strlen(out) != (unsigned int)olen) die("ACK!");
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:209:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        t = strlen(names[i]);
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:253:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if(read(fd, tmp, s.st_size) != s.st_size) {
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:283:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    _archive_dir(in, out, strlen(in), strlen(out));
data/android-platform-system-core-10.0.0+r36/cpio/mkbootfs.c:283:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    _archive_dir(in, out, strlen(in), strlen(out));
data/android-platform-system-core-10.0.0+r36/debuggerd/client/debuggerd_client.cpp:234:29:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    rc = TEMP_FAILURE_RETRY(read(pipe_read.get(), buf, sizeof(buf)));
data/android-platform-system-core-10.0.0+r36/debuggerd/client/debuggerd_client_test.cpp:116:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    TEMP_FAILURE_RETRY(read(pipe_read.get(), &dummy, sizeof(dummy)));
data/android-platform-system-core-10.0.0+r36/debuggerd/crash_dump.cpp:260:35:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  ssize_t rc = TEMP_FAILURE_RETRY(read(fd.get(), &buf, sizeof(buf)));
data/android-platform-system-core-10.0.0+r36/debuggerd/crash_dump.cpp:409:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    TEMP_FAILURE_RETRY(read(fork_exit_read.get(), &buf, sizeof(buf)));
data/android-platform-system-core-10.0.0+r36/debuggerd/crasher/crasher.cpp:165:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strlen(sneaky_null);
data/android-platform-system-core-10.0.0+r36/debuggerd/crasher/crasher.cpp:225:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!strncmp(arg, "wait-", strlen("wait-"))) {
data/android-platform-system-core-10.0.0+r36/debuggerd/crasher/crasher.cpp:227:33:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      UNUSED(TEMP_FAILURE_RETRY(read(STDIN_FILENO, buf, sizeof(buf))));
data/android-platform-system-core-10.0.0+r36/debuggerd/crasher/crasher.cpp:228:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      return do_action(arg + strlen("wait-"));
data/android-platform-system-core-10.0.0+r36/debuggerd/crasher/crasher.cpp:229:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (!strncmp(arg, "exhaustfd-", strlen("exhaustfd-"))) {
data/android-platform-system-core-10.0.0+r36/debuggerd/crasher/crasher.cpp:234:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      return do_action(arg + strlen("exhaustfd-"));
data/android-platform-system-core-10.0.0+r36/debuggerd/crasher/crasher.cpp:235:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (!strncmp(arg, "thread-", strlen("thread-"))) {
data/android-platform-system-core-10.0.0+r36/debuggerd/crasher/crasher.cpp:236:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        return do_action_on_thread(arg + strlen("thread-"));
data/android-platform-system-core-10.0.0+r36/debuggerd/crasher/crasher.cpp:352:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        msg.size = strlen("dummy abort message");
data/android-platform-system-core-10.0.0+r36/debuggerd/crasher/crasher.cpp:353:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memcpy(msg.msg, "dummy abort message", strlen("dummy abort message"));
data/android-platform-system-core-10.0.0+r36/debuggerd/debuggerd.cpp:48:39:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      ssize_t rc = TEMP_FAILURE_RETRY(read(fd.get(), buf, sizeof(buf)));
data/android-platform-system-core-10.0.0+r36/debuggerd/debuggerd_test.cpp:136:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  rc = TEMP_FAILURE_RETRY(read(intercept_fd->get(), &response, sizeof(response)));
data/android-platform-system-core-10.0.0+r36/debuggerd/debuggerd_test.cpp:199:28:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  ssize_t rc = TIMEOUT(20, read(intercept_fd.get(), &response, sizeof(response)));
data/android-platform-system-core-10.0.0+r36/debuggerd/debuggerd_test.cpp:225:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    TEMP_FAILURE_RETRY(read(crasher_read_pipe.get(), &dummy, 1));
data/android-platform-system-core-10.0.0+r36/debuggerd/debuggerd_test.cpp:271:37:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ssize_t rc = TEMP_FAILURE_RETRY(read(fd.get(), &result[offset], read_length));
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_fallback.cpp:148:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (TEMP_FAILURE_RETRY(read(src_fd, &tid, sizeof(tid))) != sizeof(tid)) {
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_fallback.cpp:161:37:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ssize_t rc = TEMP_FAILURE_RETRY(read(src_fd, buf, sizeof(buf)));
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_handler.cpp:146:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  ssize_t rc = read(fd, buf, len);
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_handler.cpp:197:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
    strncpy(main_thread_name, "<unknown>", sizeof(main_thread_name));
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_handler.cpp:404:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  rc = TEMP_FAILURE_RETRY(read(input_read.get(), &buf, sizeof(buf)));
data/android-platform-system-core-10.0.0+r36/debuggerd/handler/debuggerd_handler.cpp:436:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    TEMP_FAILURE_RETRY(read(input_read, &buf, sizeof(buf)));
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/tombstone.cpp:84:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char buf[strlen("1970-01-01 00:00:00+0830") + 1];
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/tombstone.cpp:576:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    msg = tag + strlen(tag) + 1;
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/tombstone.cpp:579:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* nl = msg + strlen(msg) - 1;
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/tombstone.cpp:585:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char prioChar = (prio < strlen(kPrioChars) ? kPrioChars[prio] : '?');
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/utility.cpp:109:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          iov[0].iov_len = strlen(prefix);
data/android-platform-system-core-10.0.0+r36/debuggerd/libdebuggerd/utility.cpp:225:33:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    int rc = TEMP_FAILURE_RETRY(read(fd.get(), buf, len - 1));
data/android-platform-system-core-10.0.0+r36/debuggerd/tombstoned/tombstoned.cpp:284:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  rc = TEMP_FAILURE_RETRY(read(sockfd, &request, sizeof(request)));
data/android-platform-system-core-10.0.0+r36/debuggerd/tombstoned/tombstoned.cpp:348:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  rc = TEMP_FAILURE_RETRY(read(sockfd, &request, sizeof(request)));
data/android-platform-system-core-10.0.0+r36/debuggerd/tombstoned/tombstoned.cpp:407:3:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
  umask(0137);
data/android-platform-system-core-10.0.0+r36/demangle/demangle.cpp:50:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (size_t i = 0; i < strlen(cxa_demangle); i++) {
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/adf.cpp:610:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    int err = read(fd, &header, sizeof(header));
data/android-platform-system-core-10.0.0+r36/deprecated-adf/libadf/adf.cpp:627:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ssize_t read_size = read(fd, &event_ret->data, data_size);
data/android-platform-system-core-10.0.0+r36/fastboot/device/commands.cpp:295:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
    strncpy(addr.sun_path, "/dev/socket/recovery", sizeof(addr.sun_path) - 1);
data/android-platform-system-core-10.0.0+r36/fastboot/device/fastboot_device.cpp:116:38:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
bool FastbootDevice::HandleData(bool read, std::vector<char>* data) {
data/android-platform-system-core-10.0.0+r36/fastboot/device/fastboot_device.cpp:117:33:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    auto read_write_data_size = read ? this->get_transport()->Read(data->data(), data->size())
data/android-platform-system-core-10.0.0+r36/fastboot/device/fastboot_device.h:41:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    bool HandleData(bool read, std::vector<char>* data);
data/android-platform-system-core-10.0.0+r36/fastboot/device/usb_client.cpp:259:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                handle_->read(handle_.get(), char_data, bytes_to_read, true /* allow_partial */);
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:267:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(info->device_path) > 0) printf(" %s", info->device_path);
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:295:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            net_address = serial + strlen("tcp:");
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot.cpp:299:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            net_address = serial + strlen("udp:");
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot_driver.cpp:427:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            std::string tmp = input.substr(strlen("INFO"));
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot_driver.cpp:436:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            set_response(input.substr(strlen("OKAY")));
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot_driver.cpp:439:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            error_ = android::base::StringPrintf("remote: '%s'", status + strlen("FAIL"));
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot_driver.cpp:440:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            set_response(input.substr(strlen("FAIL")));
data/android-platform-system-core-10.0.0+r36/fastboot/fastboot_driver.cpp:443:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            std::string tmp = input.substr(strlen("DATA"));
data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/fixtures.cpp:80:14:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    if (std::equal(prefix.begin(), prefix.end(), device_path.begin())) {
data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/test_utils.cpp:192:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while ((n = read(pipe, buf, sizeof(buf))) > 0) {
data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/usb_transport_sniffer.cpp:25:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        std::vector<char> buf(err, err + strlen(err));
data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/usb_transport_sniffer.cpp:46:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        std::vector<char> buf(err, err + strlen(err));
data/android-platform-system-core-10.0.0+r36/fastboot/fuzzy_fastboot/usb_transport_sniffer.cpp:177:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        n = read(serial_fd_, buf.data() + count, buf.size() - count);
data/android-platform-system-core-10.0.0+r36/fastboot/socket_test.cpp:195:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    mock_return_value = strlen("foobar12345");
data/android-platform-system-core-10.0.0+r36/fastboot/usb_linux.cpp:194:30:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            int chars_read = read(fd, info.serial_number,
data/android-platform-system-core-10.0.0+r36/fastboot/usb_linux.cpp:291:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    n = read(fd, buf, bufsize - 1);
data/android-platform-system-core-10.0.0+r36/fastboot/usb_linux.cpp:366:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            n = read(fd, desc, sizeof(desc));
data/android-platform-system-core-10.0.0+r36/fastboot/usb_windows.cpp:205:76:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            ret = AdbReadEndpointSync(handle_->adb_read_pipe, data, xfer, &read, time_out);
data/android-platform-system-core-10.0.0+r36/fastboot/usb_windows.cpp:207:65:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            DBG("usb_read got: %ld, expected: %d, errno: %d\n", read, xfer, errno);
data/android-platform-system-core-10.0.0+r36/fastboot/usb_windows.cpp:209:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                return read;
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr.cpp:803:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            TEMP_FAILURE_RETRY(read(fd, &super_block, sizeof(super_block))) !=
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_fstab.cpp:516:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            p += strlen(p);
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_overlayfs.cpp:1192:29:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        (TEMP_FAILURE_RETRY(read(fd, &sb, sizeof(sb))) < 0)) {
data/android-platform-system-core-10.0.0+r36/fs_mgr/fs_mgr_verity.cpp:532:40:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        size_read = TEMP_FAILURE_RETRY(read(fd, buf, READ_BUF_SIZE));
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder.cpp:347:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(out.partition_name, device_info.partition_name.c_str(), sizeof(out.partition_name));
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder.cpp:772:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(out.name, group->name().c_str(), sizeof(out.name));
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/builder.cpp:794:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(part.name, partition->name().c_str(), sizeof(part.name));
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/io_test.cpp:218:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
    strncpy(imported->partitions[0].name, "vendor", sizeof(imported->partitions[0].name));
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/reader.cpp:368:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(partition.name, partition_name.c_str(), sizeof(partition.name));
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/utility.cpp:155:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(device->partition_name, name.c_str(), sizeof(device->partition_name));
data/android-platform-system-core-10.0.0+r36/fs_mgr/liblp/utility.cpp:163:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(group->name, name.c_str(), sizeof(group->name));
data/android-platform-system-core-10.0.0+r36/fs_mgr/tests/fs_mgr_test.cpp:132:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        auto key = entry.first.substr(strlen(androidboot));
data/android-platform-system-core-10.0.0+r36/gatekeeperd/gatekeeperd.cpp:131:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        read(fd, &sid, sizeof(sid));
data/android-platform-system-core-10.0.0+r36/gatekeeperd/gatekeeperd.cpp:403:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            write(fd, result, strlen(result) + 1);
data/android-platform-system-core-10.0.0+r36/gatekeeperd/gatekeeperd.cpp:406:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            write(fd, result, strlen(result) + 1);
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:307:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len = strlen(dmesgline);
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:425:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    write(fd, vs, strlen(vs));
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:428:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    write(fd, vs, strlen(vs));
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:432:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    write(fd, vs, strlen(vs));
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:437:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        write(fd, vs, strlen(vs));
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:443:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        write(fd, vs, strlen(vs));
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:449:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        write(fd, vs, strlen(vs));
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:454:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        write(fd, vs, strlen(vs));
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:459:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        write(fd, vs, strlen(vs));
data/android-platform-system-core-10.0.0+r36/healthd/BatteryMonitor.cpp:464:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        write(fd, vs, strlen(vs));
data/android-platform-system-core-10.0.0+r36/init/builtins.cpp:857:40:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        while ((n = TEMP_FAILURE_RETRY(read(fd, &buf[0], sizeof(buf)))) > 0) {
data/android-platform-system-core-10.0.0+r36/init/builtins.cpp:1081:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t value_len = strlen(value);
data/android-platform-system-core-10.0.0+r36/init/firmware_handler.cpp:52:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    WriteFully(loading_fd, response, strlen(response));
data/android-platform-system-core-10.0.0+r36/init/first_stage_init.cpp:114:5:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    umask(0);
data/android-platform-system-core-10.0.0+r36/init/init.cpp:507:45:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ssize_t bytes_read = TEMP_FAILURE_RETRY(read(signal_fd, &siginfo, sizeof(siginfo)));
data/android-platform-system-core-10.0.0+r36/init/keychords.cpp:132:37:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    auto res = TEMP_FAILURE_RETRY(::read(fd, &event, sizeof(event)));
data/android-platform-system-core-10.0.0+r36/init/keychords.cpp:223:37:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    auto res = TEMP_FAILURE_RETRY(::read(inotify_fd_, buf, sizeof(buf)));
data/android-platform-system-core-10.0.0+r36/init/mount_handler.cpp:76:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        value = entry.blk_device.substr(strlen(devblock));
data/android-platform-system-core-10.0.0+r36/init/property_service.cpp:620:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        flen = strlen(filter);
data/android-platform-system-core-10.0.0+r36/init/property_service_test.cpp:42:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  socklen_t addr_len = strlen(property_service_socket) + offsetof(sockaddr_un, sun_path) + 1;
data/android-platform-system-core-10.0.0+r36/init/reboot.cpp:352:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        skip = strlen("reboot,");
data/android-platform-system-core-10.0.0+r36/init/security.cpp:68:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            TEMP_FAILURE_RETRY(read(hwrandom_fd, buf, sizeof(buf) - total_bytes_written));
data/android-platform-system-core-10.0.0+r36/init/service.cpp:967:9:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
        umask(077);
data/android-platform-system-core-10.0.0+r36/init/ueventd.cpp:226:5:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    umask(000);
data/android-platform-system-core-10.0.0+r36/libappfuse/FuseBuffer.cc:54:58:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                                    : TEMP_FAILURE_RETRY(read(fd, buf, sizeof(T)));
data/android-platform-system-core-10.0.0+r36/libappfuse/FuseBuffer.cc:113:21:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
                    usleep(kRetrySleepForWriting);
data/android-platform-system-core-10.0.0+r36/libappfuse/tests/FuseBufferTest.cc:203:13:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
            usleep(1000);
data/android-platform-system-core-10.0.0+r36/libasyncio/AsyncIO.cpp:43:88:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
void io_prep(iocb* iocb, int fd, const void* buf, uint64_t count, int64_t offset, bool read) {
data/android-platform-system-core-10.0.0+r36/libasyncio/AsyncIO.cpp:46:28:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    iocb->aio_lio_opcode = read ? IOCB_CMD_PREAD : IOCB_CMD_PWRITE;
data/android-platform-system-core-10.0.0+r36/libasyncio/include/asyncio/AsyncIO.h:45:95:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
void io_prep(struct iocb* iocb, int fd, const void* buf, uint64_t count, int64_t offset, bool read);
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_benchmarks.cpp:53:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ssize_t bytes = read(fd, buffer, sizeof(buffer));
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_benchmarks.cpp:126:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(1000);
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_read_benchmarks.cpp:51:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(1000);
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_test.cpp:144:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(US_PER_MSEC);
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_test.cpp:400:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(US_PER_MSEC);
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_test.cpp:524:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(US_PER_MSEC);
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_test.cpp:1139:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(US_PER_MSEC);
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_test.cpp:1181:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(US_PER_MSEC);
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_test.cpp:1303:7:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
      usleep(US_PER_MSEC);
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_test.cpp:1350:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(US_PER_MSEC);
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_test.cpp:1470:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(US_PER_MSEC);
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_test.cpp:1726:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(1000);
data/android-platform-system-core-10.0.0+r36/libbacktrace/backtrace_test.cpp:1755:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(1000);
data/android-platform-system-core-10.0.0+r36/libcutils/android_get_control_socket_test.cpp:37:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    static const char* name = key + strlen(ANDROID_SOCKET_ENV_PREFIX);
data/android-platform-system-core-10.0.0+r36/libcutils/ashmem_test.cpp:177:52:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            ASSERT_EQ(readSize, TEMP_FAILURE_RETRY(read(fd, buf, readSize)));
data/android-platform-system-core-10.0.0+r36/libcutils/fs.cpp:135:28:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (TEMP_FAILURE_RETRY(read(fd, buf, BUF_SIZE)) == -1) {
data/android-platform-system-core-10.0.0+r36/libcutils/fs_config.cpp:235:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (len < strlen(suffix)) return len;
data/android-platform-system-core-10.0.0+r36/libcutils/fs_config.cpp:236:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strncmp(path + len - strlen(suffix), suffix, strlen(suffix))) return len;
data/android-platform-system-core-10.0.0+r36/libcutils/fs_config.cpp:236:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strncmp(path + len - strlen(suffix), suffix, strlen(suffix))) return len;
data/android-platform-system-core-10.0.0+r36/libcutils/fs_config.cpp:237:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return len - strlen(suffix);
data/android-platform-system-core-10.0.0+r36/libcutils/fs_config.cpp:248:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t len = strlen(target_out_path);
data/android-platform-system-core-10.0.0+r36/libcutils/fs_config.cpp:301:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        input.erase(0, strlen(kSystem));
data/android-platform-system-core-10.0.0+r36/libcutils/fs_config.cpp:302:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    } else if (input.size() <= strlen(kSystem)) {
data/android-platform-system-core-10.0.0+r36/libcutils/fs_config.cpp:305:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pattern.erase(0, strlen(kSystem));
data/android-platform-system-core-10.0.0+r36/libcutils/fs_config.cpp:327:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    plen = strlen(path);
data/android-platform-system-core-10.0.0+r36/libcutils/fs_config.cpp:335:35:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        while (TEMP_FAILURE_RETRY(read(fd, &header, sizeof(header))) == sizeof(header)) {
data/android-platform-system-core-10.0.0+r36/libcutils/fs_config.cpp:348:36:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            if (TEMP_FAILURE_RETRY(read(fd, prefix, remainder)) != remainder) {
data/android-platform-system-core-10.0.0+r36/libcutils/fs_config.cpp:374:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (fs_config_cmp(dir, pc->prefix, strlen(pc->prefix), path, plen)) {
data/android-platform-system-core-10.0.0+r36/libcutils/fs_config.cpp:386:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = ALIGN(sizeof(*p) + strlen(pc->prefix) + 1, sizeof(uint64_t));
data/android-platform-system-core-10.0.0+r36/libcutils/fs_config_test.cpp:150:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                  strlen(tests[idx].prefix), tests[idx].path,
data/android-platform-system-core-10.0.0+r36/libcutils/fs_config_test.cpp:151:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                  strlen(tests[idx].path));
data/android-platform-system-core-10.0.0+r36/libcutils/klog.cpp:68:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    iov[0].iov_len = strlen(buf);
data/android-platform-system-core-10.0.0+r36/libcutils/load_file.cpp:42:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if(read(fd, data, sz) != sz) goto oops;
data/android-platform-system-core-10.0.0+r36/libcutils/partition_utils.cpp:50:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ret = read(fd, buf, sizeof(buf));
data/android-platform-system-core-10.0.0+r36/libcutils/properties_test.cpp:112:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        EXPECT_EQ(strlen(PROPERTY_TEST_VALUE_DEFAULT), len);
data/android-platform-system-core-10.0.0+r36/libcutils/properties_test.cpp:119:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        EXPECT_EQ(strlen("hello_world"), len) << "hello_world key";
data/android-platform-system-core-10.0.0+r36/libcutils/properties_test.cpp:128:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        EXPECT_EQ(strlen(EMPTY_STRING_DEFAULT), len) << "empty key";
data/android-platform-system-core-10.0.0+r36/libcutils/properties_test.cpp:154:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        EXPECT_EQ(strlen(VALID_TEST_VALUE), len) << "set should've failed";
data/android-platform-system-core-10.0.0+r36/libcutils/record_stream.cpp:167:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    countRead = read (p_rs->fd, p_rs->read_end, p_rs->buffer_end - p_rs->read_end);
data/android-platform-system-core-10.0.0+r36/libcutils/socket_local_client_unix.cpp:54:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            namelen  = strlen(name);
data/android-platform-system-core-10.0.0+r36/libcutils/socket_local_client_unix.cpp:71:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            namelen = strlen(name) + strlen(FILESYSTEM_SOCKET_PREFIX);
data/android-platform-system-core-10.0.0+r36/libcutils/socket_local_client_unix.cpp:71:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            namelen = strlen(name) + strlen(FILESYSTEM_SOCKET_PREFIX);
data/android-platform-system-core-10.0.0+r36/libcutils/socket_local_client_unix.cpp:84:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            namelen = strlen(name) + strlen(ANDROID_RESERVED_SOCKET_PREFIX);
data/android-platform-system-core-10.0.0+r36/libcutils/socket_local_client_unix.cpp:84:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            namelen = strlen(name) + strlen(ANDROID_RESERVED_SOCKET_PREFIX);
data/android-platform-system-core-10.0.0+r36/libcutils/socket_local_client_unix.cpp:96:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            namelen = strlen(name);
data/android-platform-system-core-10.0.0+r36/libcutils/trace-container.cpp:136:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int name_len = strlen(name) - (len - sizeof(buf)) - 1; \
data/android-platform-system-core-10.0.0+r36/libdiskconfig/diskconfig.c:43:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(tmp, str, sizeof(tmp));
data/android-platform-system-core-10.0.0+r36/libdiskconfig/diskconfig.c:45:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len_str = strlen(tmp);
data/android-platform-system-core-10.0.0+r36/libdiskconfig/diskutils.c:63:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if ((nr_bytes = read(src_fd, buffer, sizeof(buffer))) < 0) {
data/android-platform-system-core-10.0.0+r36/liblog/event_tag_map.cpp:316:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    verbose = !!fastcmp<strncmp>(cp, "uid=", strlen("uid="));
data/android-platform-system-core-10.0.0+r36/liblog/event_tag_map.cpp:506:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ret - strlen(command_template) +
data/android-platform-system-core-10.0.0+r36/liblog/event_tag_map.cpp:507:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen("65535\n4294967295\t?\t\t\t?\t# uid=32767\n\n\f?success?");
data/android-platform-system-core-10.0.0+r36/liblog/event_tag_map.cpp:595:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  ssize_t fmtLen = strlen(format);
data/android-platform-system-core-10.0.0+r36/liblog/event_tag_map.cpp:609:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ret - strlen(command_template) +
data/android-platform-system-core-10.0.0+r36/liblog/event_tag_map.cpp:610:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen("65535\n4294967295\t?\t\t\t?\t# uid=32767\n\n\f?success?");
data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.cpp:181:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(logState->debugName, pathName, sizeof(logState->debugName));
data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.cpp:397:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(suffixBuf, "\n");
data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.cpp:406:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(suffixBuf, "\n");
data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.cpp:412:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(suffixBuf, "\n");
data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.cpp:417:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(suffixBuf, "\n");
data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.cpp:423:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(suffixBuf, "\n");
data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.cpp:434:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(suffixBuf, "\n");
data/android-platform-system-core-10.0.0+r36/liblog/fake_log_device.cpp:442:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const char* end = msg + strlen(msg);
data/android-platform-system-core-10.0.0+r36/liblog/include/log/log_main.h:363:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  (__android_log_is_loggable_len(prio, tag, ((tag) && *(tag)) ? strlen(tag) : 0, \
data/android-platform-system-core-10.0.0+r36/liblog/include/log/log_main.h:367:65:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  (__android_log_is_loggable_len(prio, tag, ((tag) && *(tag)) ? strlen(tag) : 0, \
data/android-platform-system-core-10.0.0+r36/liblog/log_time.cpp:50:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char fmt[strlen(format) + 1];
data/android-platform-system-core-10.0.0+r36/liblog/logd_reader.cpp:143:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(buf) + 1;
data/android-platform-system-core-10.0.0+r36/liblog/logd_reader.cpp:151:36:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((ret = TEMP_FAILURE_RETRY(read(sock, cp, len))) > 0) {
data/android-platform-system-core-10.0.0+r36/liblog/logd_reader.cpp:314:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen(buf) > (len - cmdlen)) {
data/android-platform-system-core-10.0.0+r36/liblog/logd_reader.cpp:359:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  cp = buffer + strlen(buffer);
data/android-platform-system-core-10.0.0+r36/liblog/logd_writer.cpp:200:79:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (snapshot && __android_log_is_loggable_len(ANDROID_LOG_INFO, "liblog", strlen("liblog"),
data/android-platform-system-core-10.0.0+r36/liblog/logger.h:78:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  int (*read)(struct android_log_logger_list* logger_list,
data/android-platform-system-core-10.0.0+r36/liblog/logger_read.cpp:94:22:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (transport->read && (!transport->available || (transport->available(logId) >= 0))) {
data/android-platform-system-core-10.0.0+r36/liblog/logger_read.cpp:306:34:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  int ret = (*transp->transport->read)(logger_list, transp, log_msg);
data/android-platform-system-core-10.0.0+r36/liblog/logger_read.cpp:371:35:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          if (!transp->transport->read) {
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:424:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strncmp(tag + 1, "RIL" + 1, strlen("RIL") - 1)) break;
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:428:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strncmp(tag + 1, "QC_RIL" + 1, strlen("QC_RIL") - 1)) break;
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:432:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strncmp(tag + 1, "IMS" + 1, strlen("IMS") - 1)) break;
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:469:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vec[1].iov_len = strlen(tag) + 1;
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:471:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  vec[2].iov_len = strlen(msg) + 1;
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:527:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  TEMP_FAILURE_RETRY(write(2, buf, strlen(buf)));
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:593:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  uint32_t len = strlen(payload);
data/android-platform-system-core-10.0.0+r36/liblog/logger_write.cpp:614:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  uint32_t len = strlen(payload);
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:447:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    token = ret + strlen(ret);
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1218:11:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
          strcpy(buf, "\t"); /* Do not escape tabs */
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1232:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(buf, message, len);
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1239:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p += strlen(buf);
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1584:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(timeBuf);
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1606:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    suffixLen = strlen(suffixContents);
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1624:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (pwd && (strlen(pwd->pw_name) <= 5)) {
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1641:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(suffixBuf + suffixLen, "\n");
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1654:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(suffixBuf + suffixLen, "\n");
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1660:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(suffixBuf + suffixLen, "\n");
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1667:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(suffixBuf + suffixLen, "\n");
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1678:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(suffixBuf + suffixLen, "\n");
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1694:7:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
      strcpy(suffixBuf + suffixLen, "\n");
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1774:7:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
      strncat(p, entry->message, entry->messageLen);
data/android-platform-system-core-10.0.0+r36/liblog/logprint.cpp:1794:9:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
        strncat(p, lineStart, lineLen);
data/android-platform-system-core-10.0.0+r36/liblog/pmsg_reader.cpp:174:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      ret = TEMP_FAILURE_RETRY(read(fd, &buf.p.magic + preread_count, sizeof(buf) - preread_count));
data/android-platform-system-core-10.0.0+r36/liblog/pmsg_reader.cpp:211:34:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        ret = TEMP_FAILURE_RETRY(read(fd, msg + sizeof(buf.prio), buf.p.len - sizeof(buf)));
data/android-platform-system-core-10.0.0+r36/liblog/pmsg_reader.cpp:334:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    prefix_len = strlen(prefix);
data/android-platform-system-core-10.0.0+r36/liblog/pmsg_reader.cpp:413:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen(msg + sizeof(prio)) + 1;
data/android-platform-system-core-10.0.0+r36/liblog/pmsg_reader.cpp:510:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tag_len = strlen(names->name) + sizeof(char); /* tag + nul */
data/android-platform-system-core-10.0.0+r36/liblog/pmsg_writer.cpp:237:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  length = strlen(tag) + 1;
data/android-platform-system-core-10.0.0+r36/liblog/properties.cpp:173:11:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
          strncpy(last_tag, tag, len);
data/android-platform-system-core-10.0.0+r36/liblog/properties.cpp:178:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(key + sizeof(log_namespace) - 1, tag, len);
data/android-platform-system-core-10.0.0+r36/liblog/properties.cpp:273:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int logLevel = __android_log_level(tag, (tag && *tag) ? strlen(tag) : 0, default_prio);
data/android-platform-system-core-10.0.0+r36/liblog/properties.cpp:408:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  cp += strlen(flag);
data/android-platform-system-core-10.0.0+r36/liblog/properties.cpp:433:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char newkey[strlen("persist.") + strlen(key) + 1];
data/android-platform-system-core-10.0.0+r36/liblog/properties.cpp:433:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char newkey[strlen("persist.") + strlen(key) + 1];
data/android-platform-system-core-10.0.0+r36/liblog/properties.cpp:596:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char key_persist[strlen(global_tunable) + strlen(".security") + 1];
data/android-platform-system-core-10.0.0+r36/liblog/properties.cpp:596:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char key_persist[strlen(global_tunable) + strlen(".security") + 1];
data/android-platform-system-core-10.0.0+r36/liblog/properties.cpp:597:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char key_ro[strlen(global_default) + strlen(".security") + 1];
data/android-platform-system-core-10.0.0+r36/liblog/properties.cpp:597:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char key_ro[strlen(global_default) + strlen(".security") + 1];
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:558:22:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#define logd_sleep() usleep(50)     // really allow logd to catch up
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:639:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(10000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:822:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    __android_log_is_loggable_len(ANDROID_LOG_WARN, logd, strlen(logd),
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:955:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t writeLen = strlen(buf) + 1;
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_benchmark.cpp:962:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((ret = read(sock, buf, len)) > 0) {
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:85:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:89:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:214:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:329:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:431:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:555:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1101:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    data += strlen(data) + 1;
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1154:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1239:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    data += strlen(data) + 1;
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1287:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1407:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        123, 123, tag, "nofile", strlen("Hello"), "Hello", NULL);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1464:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          levels[i].level, tag, strlen(tag), levels[j].level);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1472:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              levels[i].level, tag, strlen(tag), levels[j].level));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1481:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              levels[i].level, tag, strlen(tag), levels[j].level));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1500:7:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
      usleep(20000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1503:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          levels[i].level, tag, strlen(tag), ANDROID_LOG_DEBUG);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1512:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              levels[i].level, tag, strlen(tag), ANDROID_LOG_DEBUG));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1521:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              levels[i].level, tag, strlen(tag), ANDROID_LOG_DEBUG));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1524:7:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
      usleep(20000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1531:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          levels[i].level, tag, strlen(tag), ANDROID_LOG_DEBUG);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1540:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              levels[i].level, tag, strlen(tag), ANDROID_LOG_DEBUG));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1549:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              levels[i].level, tag, strlen(tag), ANDROID_LOG_DEBUG));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1552:7:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
      usleep(20000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1561:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          levels[i].level, tag, strlen(tag), ANDROID_LOG_DEBUG);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1570:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              levels[i].level, tag, strlen(tag), ANDROID_LOG_DEBUG));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1579:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              levels[i].level, tag, strlen(tag), ANDROID_LOG_DEBUG));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1582:7:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
      usleep(20000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1589:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          levels[i].level, tag, strlen(tag), ANDROID_LOG_DEBUG);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1598:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              levels[i].level, tag, strlen(tag), ANDROID_LOG_DEBUG));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1607:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              levels[i].level, tag, strlen(tag), ANDROID_LOG_DEBUG));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1610:7:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
      usleep(20000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1618:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(20000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1632:7:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
      usleep(20000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1635:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          levels[i].level, tag, strlen(tag), ANDROID_LOG_DEBUG);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1645:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              levels[i].level, tag, strlen(tag), ANDROID_LOG_DEBUG));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1654:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              levels[i].level, tag, strlen(tag), ANDROID_LOG_DEBUG));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1657:7:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
      usleep(20000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1664:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          levels[i].level, tag, strlen(tag), ANDROID_LOG_DEBUG);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1674:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              levels[i].level, tag, strlen(tag), ANDROID_LOG_DEBUG));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1683:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              levels[i].level, tag, strlen(tag), ANDROID_LOG_DEBUG));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1686:7:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
      usleep(20000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1693:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(20000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1714:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1787:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1811:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1846:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(persist_hold, persist, PROP_VALUE_MAX);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:1861:7:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
      usleep(rest);  // property system does not guarantee performance.
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:2039:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:2153:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    unsigned subtag_len = strlen(SUBTAG);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:2307:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (memcmp(SUBTAG, eventData, strlen(SUBTAG))) continue;
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:2365:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ASSERT_EQ(strlen(SUBTAG), get4LE(eventData));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:2368:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (memcmp(SUBTAG, eventData, strlen(SUBTAG))) {
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:2498:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        elem.len = strlen(elem.data.string);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:2834:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:2872:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      EXPECT_EQ(line_overhead + (int)strlen(expected_string), printLogLine);
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:2890:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    EXPECT_EQ(strlen(expected_string), strlen(msgBuf));
data/android-platform-system-core-10.0.0+r36/liblog/tests/liblog_test.cpp:2890:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    EXPECT_EQ(strlen(expected_string), strlen(msgBuf));
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_id_test.cpp:51:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_id_test.cpp:55:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_id_test.cpp:58:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_id_test.cpp:64:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_id_test.cpp:68:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_id_test.cpp:71:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_radio_test.cpp:39:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_radio_test.cpp:43:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_radio_test.cpp:47:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_radio_test.cpp:51:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_radio_test.cpp:55:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_radio_test.cpp:59:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_radio_test.cpp:61:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_radio_test.cpp:65:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_radio_test.cpp:67:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_radio_test.cpp:71:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_radio_test.cpp:73:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_radio_test.cpp:77:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_radio_test.cpp:79:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_radio_test.cpp:83:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_read_test.cpp:50:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_system_test.cpp:39:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_system_test.cpp:43:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_system_test.cpp:47:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_system_test.cpp:51:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_system_test.cpp:55:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_system_test.cpp:59:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_system_test.cpp:61:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_system_test.cpp:65:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_system_test.cpp:67:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_system_test.cpp:71:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_system_test.cpp:73:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_system_test.cpp:77:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_system_test.cpp:79:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/liblog/tests/log_system_test.cpp:83:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/libmeminfo/libdmabufinfo/dmabufinfo_test.cpp:159:28:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    s = TEMP_FAILURE_RETRY(read(parent_fd, &unused, sizeof(unused)));
data/android-platform-system-core-10.0.0+r36/libmeminfo/libmeminfo_benchmark.cpp:70:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    const int len = read(fd, buffer, sizeof(buffer) - 1);
data/android-platform-system-core-10.0.0+r36/libmeminfo/procmeminfo.cpp:63:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(line, "%63s %n", field, &len) == 1 && *field && field[strlen(field) - 1] == ':') {
data/android-platform-system-core-10.0.0+r36/libmeminfo/procmeminfo.cpp:63:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (sscanf(line, "%63s %n", field, &len) == 1 && *field && field[strlen(field) - 1] == ':') {
data/android-platform-system-core-10.0.0+r36/libmeminfo/sysmeminfo.cpp:131:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    const int len = read(fd, buffer, sizeof(buffer) - 1);
data/android-platform-system-core-10.0.0+r36/libmeminfo/tools/procrank.cpp:80:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cmdline_.resize(strlen(cmdline_.c_str()));
data/android-platform-system-core-10.0.0+r36/libmemunreachable/LeakPipe.h:140:40:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      ssize_t ret = TEMP_FAILURE_RETRY(read(fd_, reinterpret_cast<void*>(value), sizeof(T)));
data/android-platform-system-core-10.0.0+r36/libmemunreachable/LeakPipe.h:163:42:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        ssize_t ret = TEMP_FAILURE_RETRY(read(fd_, ptr, size));
data/android-platform-system-core-10.0.0+r36/libmemunreachable/MemUnreachable.cpp:216:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int ret = s.compare(0, strlen(prefix), prefix);
data/android-platform-system-core-10.0.0+r36/libmemunreachable/MemUnreachable.cpp:242:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (!it->read) {
data/android-platform-system-core-10.0.0+r36/libmemunreachable/ProcessMappings.cpp:52:34:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  while ((n = TEMP_FAILURE_RETRY(read(fd, map_buffer, sizeof(map_buffer)))) > 0) {
data/android-platform-system-core-10.0.0+r36/libmemunreachable/ProcessMappings.h:29:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  bool read;
data/android-platform-system-core-10.0.0+r36/libmemunreachable/ProcessMappings.h:35:48:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  Mapping(uintptr_t begin, uintptr_t end, bool read, bool write, bool execute, const char* name)
data/android-platform-system-core-10.0.0+r36/libmemunreachable/ProcessMappings.h:36:33:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      : begin(begin), end(end), read(read), write(write), execute(execute) {
data/android-platform-system-core-10.0.0+r36/libmemunreachable/ProcessMappings.h:36:38:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      : begin(begin), end(end), read(read), write(write), execute(execute) {
data/android-platform-system-core-10.0.0+r36/libmemunreachable/tests/Binder_test.cpp:139:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(100000);
data/android-platform-system-core-10.0.0+r36/libmemunreachable/tests/ThreadCapture_test.cpp:170:20:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
  EXPECT_TRUE(std::equal(expected_tids.begin(), expected_tids.end(), list_tids.begin()));
data/android-platform-system-core-10.0.0+r36/libmemunreachable/tests/ThreadCapture_test.cpp:191:39:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      EXPECT_EQ(1, TEMP_FAILURE_RETRY(read(stop_pipe.Receiver(), &buf, 1))) << strerror(errno);
data/android-platform-system-core-10.0.0+r36/libmemunreachable/tests/ThreadCapture_test.cpp:198:39:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      ASSERT_EQ(1, TEMP_FAILURE_RETRY(read(start_pipe.Receiver(), &buf, 1))) << strerror(errno);
data/android-platform-system-core-10.0.0+r36/libmemunreachable/tests/ThreadCapture_test.cpp:266:9:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
        usleep(10000);
data/android-platform-system-core-10.0.0+r36/libmemunreachable/tests/ThreadCapture_test.cpp:325:13:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
            usleep(10000);
data/android-platform-system-core-10.0.0+r36/libmemunreachable/tests/ThreadCapture_test.cpp:339:11:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
          usleep(100000);
data/android-platform-system-core-10.0.0+r36/libmemunreachable/tests/ThreadCapture_test.cpp:341:43:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          ASSERT_EQ(1, TEMP_FAILURE_RETRY(read(pipe.Receiver(), &buf, 1)));
data/android-platform-system-core-10.0.0+r36/libnativebridge/native_bridge.cc:261:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return strncmp(instruction_set, ABI_STRING, strlen(ABI_STRING) + 1) != 0;
data/android-platform-system-core-10.0.0+r36/libnativebridge/native_bridge.cc:279:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const size_t len = strlen(app_data_dir_in) + strlen(kCodeCacheDir) + 2; // '\0' + '/'
data/android-platform-system-core-10.0.0+r36/libnativebridge/native_bridge.cc:279:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const size_t len = strlen(app_data_dir_in) + strlen(kCodeCacheDir) + 2; // '\0' + '/'
data/android-platform-system-core-10.0.0+r36/libnativebridge/native_bridge.cc:291:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t isa_len = strlen(instruction_set);
data/android-platform-system-core-10.0.0+r36/libnativeloader/native_loader.cpp:780:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t slash_index = location.find_first_of('/', strlen(kApexPath));
data/android-platform-system-core-10.0.0+r36/libnetutils/ifc_utils.c:172:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(ifr->ifr_name, name, IFNAMSIZ);
data/android-platform-system-core-10.0.0+r36/libnetutils/ifc_utils.c:388:12:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    while (fscanf(f, "%32s %*02x %02x %*02x %*02x %63s\n",
data/android-platform-system-core-10.0.0+r36/libnetutils/packet.c:170:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    nread = read(s, &packet, sizeof(packet));
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:98:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for(i = index, j = 0; i < strlen(instr); ++i)
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:298:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        uint32_t length = strlen(entry->instr_template);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/Arm64Disassembler.cpp:312:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            index += strlen(token);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/codeflinger/MIPSAssembler.cpp:1324:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(s);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/include/private/pixelflinger/ggl_context.h:357:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    void                (*read) (const surface_t* s, context_t* c,
data/android-platform-system-core-10.0.0+r36/libpixelflinger/include/private/pixelflinger/ggl_context.h:432:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    surface_t           read;
data/android-platform-system-core-10.0.0+r36/libpixelflinger/pixelflinger.cpp:123:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (c->state.buffers.read.format == 0) {
data/android-platform-system-core-10.0.0+r36/libpixelflinger/pixelflinger.cpp:124:47:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        ggl_set_surface(c, &(c->state.buffers.read), surface);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/pixelflinger.cpp:132:43:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ggl_set_surface(c, &(c->state.buffers.read), surface);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/scanline.cpp:747:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                    tx.surface.read(&tx.surface, c, u, v, &texel);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/scanline.cpp:781:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                    tx.surface.read(&tx.surface, c, u0, v0, &texels[0]);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/scanline.cpp:782:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                    tx.surface.read(&tx.surface, c, u0, v1, &texels[1]);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/scanline.cpp:783:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                    tx.surface.read(&tx.surface, c, u1, v0, &texels[2]);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/scanline.cpp:784:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                    tx.surface.read(&tx.surface, c, u1, v1, &texels[3]);
data/android-platform-system-core-10.0.0+r36/libpixelflinger/scanline.cpp:920:36:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            c->state.buffers.color.read(
data/android-platform-system-core-10.0.0+r36/libprocessgroup/cgrouprc_format/cgroup_controller.cpp:36:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(name_, name.c_str(), sizeof(name_) - 1);
data/android-platform-system-core-10.0.0+r36/libprocessgroup/cgrouprc_format/cgroup_controller.cpp:38:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(path_, path.c_str(), sizeof(path_) - 1);
data/android-platform-system-core-10.0.0+r36/libprocessgroup/sched_policy.cpp:100:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        int rc = read(fd, statline, 1023);
data/android-platform-system-core-10.0.0+r36/libprocessgroup/sched_policy.cpp:111:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(thread_name, p, (q - p));
data/android-platform-system-core-10.0.0+r36/libprocinfo/process_test.cpp:98:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    TEMP_FAILURE_RETRY(read(pipefd[0], &buf, 1));
data/android-platform-system-core-10.0.0+r36/libqtaguid/qtaguid.c:66:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    res = TEMP_FAILURE_RETRY(write(fd, cmd, strlen(cmd)));
data/android-platform-system-core-10.0.0+r36/libsparse/output_file.cpp:312:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ret = read(fd, ptr, len - total);
data/android-platform-system-core-10.0.0+r36/libsuspend/autosuspend_wakeup_count.cpp:70:9:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
        usleep(sleep_time);
data/android-platform-system-core-10.0.0+r36/libsysutils/src/FrameworkListener.cpp:57:30:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    len = TEMP_FAILURE_RETRY(read(c->getSocket(), buffer, sizeof(buffer)));
data/android-platform-system-core-10.0.0+r36/libsysutils/src/NetlinkEvent.cpp:389:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
            strncpy(dst, "0.0.0.0", sizeof(dst));
data/android-platform-system-core-10.0.0+r36/libsysutils/src/NetlinkEvent.cpp:391:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
            strncpy(dst, "::", sizeof(dst));
data/android-platform-system-core-10.0.0+r36/libsysutils/src/NetlinkEvent.cpp:479:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        static const size_t kTagLength = strlen(kServerTag);
data/android-platform-system-core-10.0.0+r36/libsysutils/src/NetlinkEvent.cpp:483:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                INET6_ADDRSTRLEN + strlen("%") + IFNAMSIZ + strlen(",");
data/android-platform-system-core-10.0.0+r36/libsysutils/src/NetlinkEvent.cpp:483:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                INET6_ADDRSTRLEN + strlen("%") + IFNAMSIZ + strlen(",");
data/android-platform-system-core-10.0.0+r36/libsysutils/src/NetlinkEvent.cpp:499:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pos += strlen(buf + pos);
data/android-platform-system-core-10.0.0+r36/libsysutils/src/NetlinkEvent.cpp:644:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        s += strlen(s) + 1;
data/android-platform-system-core-10.0.0+r36/libsysutils/src/NetlinkEvent.cpp:659:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(paramName);
data/android-platform-system-core-10.0.0+r36/libsysutils/src/ServiceManager.cpp:49:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(name) > SERVICE_NAME_MAX) {
data/android-platform-system-core-10.0.0+r36/libsysutils/src/ServiceManager.cpp:64:9:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
        usleep(SLEEP_MIN_USEC);
data/android-platform-system-core-10.0.0+r36/libsysutils/src/ServiceManager.cpp:79:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(name) > SERVICE_NAME_MAX) {
data/android-platform-system-core-10.0.0+r36/libsysutils/src/ServiceManager.cpp:94:9:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
        usleep(SLEEP_MIN_USEC);
data/android-platform-system-core-10.0.0+r36/libsysutils/src/SocketClient.cpp:134:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(arg);
data/android-platform-system-core-10.0.0+r36/libsysutils/src/SocketClient.cpp:166:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (sendData(msg, strlen(msg) + 1) != 0) {
data/android-platform-system-core-10.0.0+r36/libsysutils/src/SocketListener.cpp:177:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            TEMP_FAILURE_RETRY(read(mCtrlPipe[0], &c, 1));
data/android-platform-system-core-10.0.0+r36/libsysutils/src/SocketListener_test.cpp:76:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    EXPECT_TRUE(android::base::WriteFully(fd, cmd, strlen(cmd) + 1))
data/android-platform-system-core-10.0.0+r36/libsysutils/src/SocketListener_test.cpp:91:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ssize_t len = read(fd, buf, sizeof(buf));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:48:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memory_.SetMemory(offset, string, strlen(string) + 1);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfInterfaceTest.cpp:148:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  memory_.SetMemory(sym_offset + name_offset, name, strlen(name) + 1);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/ElfTestUtils.cpp:115:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    bytes = TEMP_FAILURE_RETRY(read(fd, buf.data(), buf.size()));
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MemoryLocalTest.cpp:29:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
TEST(MemoryLocalTest, read) {
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MemoryOfflineBufferTest.cpp:66:33:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
TEST_F(MemoryOfflineBufferTest, read) {
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MemoryRangeTest.cpp:82:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
TEST_F(MemoryRangeTest, read) {
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MemoryRangesTest.cpp:51:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
TEST_F(MemoryRangesTest, read) {
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/MemoryRemoteTest.cpp:57:26:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
TEST_F(MemoryRemoteTest, read) {
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/TestUtils.h:48:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(1000);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/UnwindTest.cpp:220:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/UnwindTest.cpp:241:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(5000);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/UnwindTest.cpp:365:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(1000);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tests/UnwindTest.cpp:377:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(1000);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind.cpp:53:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(1000);
data/android-platform-system-core-10.0.0+r36/libunwindstack/tools/unwind_for_offline.cpp:70:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(1000);
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:238:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ret = read(context->fd, event_buf, sizeof(event_buf));
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:347:9:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
        usleep(SLEEP_BETWEEN_ATTEMPTS_US);
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:379:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    length = read(fd, device->desc, sizeof(device->desc));
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:384:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(device->dev_name, dev_name, sizeof(device->dev_name) - 1);
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:445:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* result = (char *)calloc(1, strlen(USB_FS_ID_FORMAT));
data/android-platform-system-core-10.0.0+r36/libusbhost/usbhost.c:446:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    snprintf(result, strlen(USB_FS_ID_FORMAT) - 1, USB_FS_ID_FORMAT, bus, dev);
data/android-platform-system-core-10.0.0+r36/libutils/Looper.cpp:414:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    TEMP_FAILURE_RETRY(read(mWakeEventFd.get(), &counter, sizeof(uint64_t)));
data/android-platform-system-core-10.0.0+r36/libutils/Looper_test.cpp:56:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        ssize_t nRead = ::read(receiveFd, buf, 1);
data/android-platform-system-core-10.0.0+r36/libutils/Looper_test.cpp:73:9:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
        usleep(mDelayMillis * 1000);
data/android-platform-system-core-10.0.0+r36/libutils/String16.cpp:128:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    : mString(allocFromUTF8(o, strlen(o)))
data/android-platform-system-core-10.0.0+r36/libutils/String8.cpp:148:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    : mString(allocFromUTF8(o, strlen(o)))
data/android-platform-system-core-10.0.0+r36/libutils/String8.cpp:230:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const char *newString = allocFromUTF8(other, strlen(other));
data/android-platform-system-core-10.0.0+r36/libutils/String8.cpp:287:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return append(other, strlen(other));
data/android-platform-system-core-10.0.0+r36/libutils/String8.cpp:368:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    unlockBuffer(strlen(mString));
data/android-platform-system-core-10.0.0+r36/libutils/String8.cpp:406:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t skip = strlen(other);
data/android-platform-system-core-10.0.0+r36/libutils/String8.cpp:491:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    setPathName(name, strlen(name));
data/android-platform-system-core-10.0.0+r36/libutils/String8.cpp:624:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int newlen = strlen(name);
data/android-platform-system-core-10.0.0+r36/libutils/Tokenizer.cpp:79:31:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                ssize_t nrd = read(fd, buffer, length);
data/android-platform-system-core-10.0.0+r36/libutils/Tokenizer.cpp:102:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            const_cast<char*>(contents), false, strlen(contents));
data/android-platform-system-core-10.0.0+r36/libutils/Unicode_test.cpp:186:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ASSERT_DEATH(utf8_to_utf16_length((uint8_t *) utf8, strlen(utf8),
data/android-platform-system-core-10.0.0+r36/libutils/include/utils/Flattenable.h:79:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    static void read(void const*& buffer, size_t& size, T& value) {
data/android-platform-system-core-10.0.0+r36/libziparchive/zip_archive.cc:1167:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(entry_name);
data/android-platform-system-core-10.0.0+r36/libziparchive/zip_writer_test.cc:68:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  EXPECT_EQ(strlen(expected), data.compressed_length);
data/android-platform-system-core-10.0.0+r36/libziparchive/zip_writer_test.cc:69:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  ASSERT_EQ(strlen(expected), data.uncompressed_length);
data/android-platform-system-core-10.0.0+r36/libziparchive/zip_writer_test.cc:307:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  ASSERT_EQ(0, writer.WriteBytes(kKeepThis, strlen(kKeepThis)));
data/android-platform-system-core-10.0.0+r36/libziparchive/zip_writer_test.cc:314:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  ASSERT_EQ(0, writer.WriteBytes(kDropThis, strlen(kDropThis)));
data/android-platform-system-core-10.0.0+r36/libziparchive/zip_writer_test.cc:326:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  ASSERT_EQ(0, writer.WriteBytes(kReplaceWithThis, strlen(kReplaceWithThis)));
data/android-platform-system-core-10.0.0+r36/libziparchive/zip_writer_test.cc:359:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  ASSERT_EQ(0, writer.WriteBytes(kSmall, strlen(kSmall)));
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:204:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    dirent* read(enum level index = proc, dirent* def = nullptr) {
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:259:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pos += ::strlen(Uid);
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:308:39:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    void setComm(const char* _comm) { strncpy(comm + 1, _comm, sizeof(comm) - 2); }
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:337:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(comm + 1, llkProcGetName(tid, "/comm").c_str(), sizeof(comm) - 2);
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:345:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t len = strlen(comm + 1);
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:543:11:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
        ::usleep(200000);  // let everything settle
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:938:11:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
        ::usleep(duration_cast<microseconds>(llkCheck(true)).count());
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:993:36:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    for (auto dp = llkTopDirectory.read(); dp != nullptr; dp = llkTopDirectory.read()) {
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:993:80:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    for (auto dp = llkTopDirectory.read(); dp != nullptr; dp = llkTopDirectory.read()) {
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:1008:38:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        for (auto tp = taskDirectory.read(dir::task, dp); tp != nullptr;
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:1009:33:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
             tp = taskDirectory.read(dir::task)) {
data/android-platform-system-core-10.0.0+r36/llkd/libllkd.cpp:1395:31:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
                            ::usleep(20000);
data/android-platform-system-core-10.0.0+r36/llkd/llkd.cpp:44:15:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
            ::usleep(duration_cast<microseconds>(llkCheck()).count());
data/android-platform-system-core-10.0.0+r36/llkd/tests/llkd_test.cpp:60:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(200000);
data/android-platform-system-core-10.0.0+r36/llkd/tests/llkd_test.cpp:222:17:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
                usleep(sleepfor.count());
data/android-platform-system-core-10.0.0+r36/lmkd/libpsi/psi.c:64:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    res = TEMP_FAILURE_RETRY(write(fd, buf, strlen(buf) + 1));
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:528:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ssize_t len = strlen(s);
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:589:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pos += strlen(PROC_STATUS_TGID_FIELD);
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:896:30:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ret = TEMP_FAILURE_RETRY(read(data_sock[dsock_idx].sock, buf, bufsz));
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1094:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ret = read(fd, buffer, sizeof(buffer));
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1629:36:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                TEMP_FAILURE_RETRY(read(mpevfd[lvl],
data/android-platform-system-core-10.0.0+r36/lmkd/lmkd.c:1894:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ret = TEMP_FAILURE_RETRY(write(evctlfd, buf, strlen(buf) + 1));
data/android-platform-system-core-10.0.0+r36/lmkd/tests/lmkd_test.cpp:205:9:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
        usleep(data->step_delay);
data/android-platform-system-core-10.0.0+r36/lmkd/tests/lmkd_test.cpp:366:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            pos += strlen(OOM_MARKER);
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:369:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (write(context->output_fd, buf, strlen(buf)) < 0) {
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:654:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(file);
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:705:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (size_t len = strlen(name), i = 0; context->envp[i]; ++i) {
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:965:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (strspn(optarg, "0123456789") != strlen(optarg)) {
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:1199:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    const char* p = logcatFilter + strlen(LOGCAT_FILTER);
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:1201:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    if (!q) q = p + strlen(p);
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:1211:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        p = consolePipe + strlen(CONSOLE_PIPE_OPTION);
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:1213:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        p = console + strlen(CONSOLE_OPTION);
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:1220:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    int len = q ? q - p : strlen(p);
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:1511:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t len = strlen(setPruneList);
data/android-platform-system-core-10.0.0+r36/logcat/logcat.cpp:1572:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(cp);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:56:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(restPeriod);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:167:13:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
            usleep(100);  // ~32 per timer tick, we are a spammer regardless
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:208:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (!strncmp(buffer, needle, strlen(needle))) {
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:568:22:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
        EXPECT_EQ(6, sscanf(buffer,
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:857:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen(rotated_log_filename_prefix);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:875:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (!strncmp(buffer, log_filename, strlen(log_filename))) {
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:998:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!brk) brk = second_last_line + strlen(second_last_line);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1003:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (!brk) brk = first_line + strlen(first_line);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1099:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char command[strlen(tmp_out_dir) + strlen(logcat_cmd) +
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1099:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char command[strlen(tmp_out_dir) + strlen(logcat_cmd) +
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1100:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 strlen(log_filename) + 32];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1134:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char tmp_out_dir[strlen(tmp_out_dir_form) + 1];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1140:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char id_file[strlen(tmp_out_dir_form) + strlen(log_filename) + 5];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1140:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char id_file[strlen(tmp_out_dir_form) + strlen(log_filename) + 5];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1167:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char command[strlen(cleanup_cmd) + strlen(tmp_out_dir_form)];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1167:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char command[strlen(cleanup_cmd) + strlen(tmp_out_dir_form)];
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1219:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!strncmp(buffer, "clearLog: ", strlen("clearLog: "))) {
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1224:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!strncmp(buffer, "failed to clear", strlen("failed to clear"))) {
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1237:18:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
        if (6 == sscanf(buffer,
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1326:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char* end = buf + strlen(buf);
data/android-platform-system-core-10.0.0+r36/logcat/tests/logcat_test.cpp:1359:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char* end = buf + strlen(buf);
data/android-platform-system-core-10.0.0+r36/logd/CommandListener.cpp:193:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         y = x, x = strlen(fmt) - 2) {
data/android-platform-system-core-10.0.0+r36/logd/CommandListener.cpp:296:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!strncmp(argv[i], _name, strlen(_name))) {
data/android-platform-system-core-10.0.0+r36/logd/CommandListener.cpp:297:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            name = argv[i] + strlen(_name);
data/android-platform-system-core-10.0.0+r36/logd/CommandListener.cpp:302:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!strncmp(argv[i], _format, strlen(_format))) {
data/android-platform-system-core-10.0.0+r36/logd/CommandListener.cpp:303:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            format = argv[i] + strlen(_format);
data/android-platform-system-core-10.0.0+r36/logd/CommandListener.cpp:308:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!strncmp(argv[i], _id, strlen(_id))) {
data/android-platform-system-core-10.0.0+r36/logd/CommandListener.cpp:309:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            id = argv[i] + strlen(_id);
data/android-platform-system-core-10.0.0+r36/logd/LogAudit.cpp:203:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memmove(cp, cp + 1, strlen(cp + 1) + 1);
data/android-platform-system-core-10.0.0+r36/logd/LogAudit.cpp:221:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memmove(pidptr, cp, strlen(cp) + 1);
data/android-platform-system-core-10.0.0+r36/logd/LogAudit.cpp:246:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       !fastcmp<strcmp>(avcl + strlen(avc), avcr + strlen(avc));
data/android-platform-system-core-10.0.0+r36/logd/LogAudit.cpp:246:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       !fastcmp<strcmp>(avcl + strlen(avc), avcr + strlen(avc));
data/android-platform-system-core-10.0.0+r36/logd/LogAudit.cpp:261:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                iov[1].iov_len = strlen(last_str);
data/android-platform-system-core-10.0.0+r36/logd/LogAudit.cpp:266:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    iov[3].iov_len = strlen(resume);
data/android-platform-system-core-10.0.0+r36/logd/LogAudit.cpp:269:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    iov[3].iov_len = strlen(newline);
data/android-platform-system-core-10.0.0+r36/logd/LogAudit.cpp:288:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            iov[1].iov_len = strlen(str);
data/android-platform-system-core-10.0.0+r36/logd/LogAudit.cpp:292:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            iov[3].iov_len = strlen(newline);
data/android-platform-system-core-10.0.0+r36/logd/LogAudit.cpp:311:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memmove(timeptr + sizeof(audit_str) - 1 + 3, cp, strlen(cp) + 1);
data/android-platform-system-core-10.0.0+r36/logd/LogAudit.cpp:364:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const char* estr = str + strlen(str);
data/android-platform-system-core-10.0.0+r36/logd/LogAudit.cpp:386:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        str_len = strlen(comm) + 1;
data/android-platform-system-core-10.0.0+r36/logd/LogAudit.cpp:402:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(newstr + 1 + str_len, str, prefix_len);
data/android-platform-system-core-10.0.0+r36/logd/LogAudit.cpp:403:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(newstr + 1 + str_len + prefix_len, ecomm, suffix_len);
data/android-platform-system-core-10.0.0+r36/logd/LogAudit.cpp:404:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(newstr + 1 + str_len + prefix_len + suffix_len,
data/android-platform-system-core-10.0.0+r36/logd/LogBuffer.cpp:192:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (fastcmp<memcmp>(avcl + strlen(avc), avcr + strlen(avc),
data/android-platform-system-core-10.0.0+r36/logd/LogBuffer.cpp:192:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (fastcmp<memcmp>(avcl + strlen(avc), avcr + strlen(avc),
data/android-platform-system-core-10.0.0+r36/logd/LogBuffer.cpp:193:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        lenl - strlen(avc))) {
data/android-platform-system-core-10.0.0+r36/logd/LogBuffer.cpp:219:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                tag_len = strlen(tag);
data/android-platform-system-core-10.0.0+r36/logd/LogBufferElement.cpp:110:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        ssize_t ret = read(fd, buffer, sizeof(buffer));
data/android-platform-system-core-10.0.0+r36/logd/LogBufferElement.cpp:134:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t retval_len = strlen(retval);
data/android-platform-system-core-10.0.0+r36/logd/LogBufferElement.cpp:135:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t name_len = strlen(name);
data/android-platform-system-core-10.0.0+r36/logd/LogBufferElement.cpp:153:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!__android_log_is_loggable_len(ANDROID_LOG_INFO, tag, strlen(tag),
data/android-platform-system-core-10.0.0+r36/logd/LogBufferElement.cpp:172:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t len = strlen(name + 1);
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:214:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char buffer[strlen(priority_message) + strlen(klogdStr) +
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:214:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char buffer[strlen(priority_message) + strlen(klogdStr) +
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:215:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                strlen(klogd_message) + 20];
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:218:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    write(fdWrite, buffer, strlen(buffer));
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:235:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                read(cli->getSocket(), buffer + len, sizeof(buffer) - 1 - len);
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:268:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (len < (ssize_t)(strlen(real_format) + 5)) return;
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:316:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            (((b += strlen(suspendStr)) - cp) < len)) {
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:320:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   (((b += strlen(resumeStr)) - cp) < len)) {
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:324:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   (((b += strlen(healthdStr)) - cp) < len) &&
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:326:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   (((b += strlen(batteryStr)) - cp) < len)) {
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:333:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                   (((b += strlen(suspendStr)) - cp) < len)) {
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:555:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        uint64_t sig = strtoll(start + strlen(klogdStr), nullptr, 10);
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:598:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    static const ssize_t infoBraceLen = strlen(infoBrace);
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:659:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                static const ssize_t hostlen = strlen(host);
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:702:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    static const ssize_t cpuLen = strlen(cpu);
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:704:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    static const ssize_t warningLen = strlen(warning);
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:706:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    static const ssize_t errorLen = strlen(error);
data/android-platform-system-core-10.0.0+r36/logd/LogKlog.cpp:708:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    static const ssize_t infoLen = strlen(info);
data/android-platform-system-core-10.0.0+r36/logd/LogReader.cpp:54:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    int len = read(cli->getSocket(), buffer, sizeof(buffer) - 1);
data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.cpp:67:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            ssize_t ret = read(fd, buffer, sizeof(buffer));
data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.cpp:320:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t lenNameTmp = strlen(nameTmp);
data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.cpp:557:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t lenNameTmp = strlen(nameTmp);
data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.cpp:636:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    spaces = 10 - strlen(TotalStr);
data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.cpp:658:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    spaces = 10 - strlen(NowStr);
data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.cpp:684:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    spaces = 10 - strlen(SpanStr);
data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.cpp:745:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    spaces = 10 - strlen(OverheadStr);
data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.h:501:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        : alloc(nullptr), name("", strlen("")) {
data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.h:507:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    name = std::string_view(cp, strlen(cp));
data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.h:519:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            name = std::string_view("chatty", strlen("chatty"));
data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.h:526:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            name = std::string_view("<NULL>", strlen("<NULL>"));
data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.h:718:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (name) size += strlen(name) + 1;
data/android-platform-system-core-10.0.0+r36/logd/LogStatistics.h:722:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (name) size += strlen(name) + 1;
data/android-platform-system-core-10.0.0+r36/logd/LogTags.cpp:59:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (((comment + strlen(uid_str)) >= endp) ||
data/android-platform-system-core-10.0.0+r36/logd/LogTags.cpp:60:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        fastcmp<strncmp>(comment, uid_str, strlen(uid_str)) ||
data/android-platform-system-core-10.0.0+r36/logd/LogTags.cpp:61:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        !isdigit(comment[strlen(uid_str)]))
data/android-platform-system-core-10.0.0+r36/logd/LogTags.cpp:817:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = (strlen(name) + 7) / 8;
data/android-platform-system-core-10.0.0+r36/logd/LogTags.cpp:819:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (len > strlen(tabs)) len = strlen(tabs);
data/android-platform-system-core-10.0.0+r36/logd/LogTags.cpp:819:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (len > strlen(tabs)) len = strlen(tabs);
data/android-platform-system-core-10.0.0+r36/logd/LogUtils.h:57:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t needleLen = strlen(needle);
data/android-platform-system-core-10.0.0+r36/logd/main.cpp:177:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cp += strlen(flag);
data/android-platform-system-core-10.0.0+r36/logd/main.cpp:204:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        write(fdDmesg, buffer, strlen(buffer));
data/android-platform-system-core-10.0.0+r36/logd/main.cpp:400:30:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ret = TEMP_FAILURE_RETRY(read(sock, buffer, sizeof(buffer)));
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:48:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (write(sock, buf, strlen(buf) + 1) > 0) {
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:50:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            while ((ret = read(sock, buf, len)) > 0) {
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:127:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            end = benchmark + strlen(benchmark);
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:196:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    EXPECT_LT((size_t)64, strlen(cp));
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:222:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        uid_name += strlen(getpwuid_prefix);
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:320:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(reinterpret_cast<const char*>(garbage));
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:402:41:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        int result = TEMP_FAILURE_RETRY(read(fd, msg.buf, sizeof(msg)));
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:558:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        read(sock, buffer, sizeof(buffer));
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:583:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        read(sock, buffer, sizeof(buffer));
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:955:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(100);
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:968:13:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
            usleep(100);
data/android-platform-system-core-10.0.0+r36/logd/tests/logd_test.cpp:972:9:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
        usleep(1000000);
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:78:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    int read;
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:270:22:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (a_buf->e_buf.read < a_buf->e_buf.write) {
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:272:67:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        print_buf_lines(log_info, a_buf->e_buf.buf + a_buf->e_buf.read,
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:283:68:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        int first_chunk_len = a_buf->e_buf.buf_size - a_buf->e_buf.read;
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:284:54:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        memcpy(nbuf, a_buf->e_buf.buf + a_buf->e_buf.read, first_chunk_len);
data/android-platform-system-core-10.0.0+r36/logwrapper/logwrap.c:358:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                read(parent_read, &buffer[b], sizeof(buffer) - 1 - b));
data/android-platform-system-core-10.0.0+r36/property_service/libpropertyinfoparser/property_info_parser.cpp:93:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const uint32_t remaining_name_size = strlen(remaining_name);
data/android-platform-system-core-10.0.0+r36/qemu_pipe/qemu_pipe.cpp:52:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t pipeNameLen = strlen(pipeName);
data/android-platform-system-core-10.0.0+r36/qemu_pipe/qemu_pipe.cpp:61:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (WriteFully(fd, pipe_prefix, strlen(pipe_prefix)) &&
data/android-platform-system-core-10.0.0+r36/sdcard/sdcard.cpp:174:5:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    umask(0);
data/android-platform-system-core-10.0.0+r36/storaged/storaged_info.cpp:348:9:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
    if (sscanf(lines[0].c_str(), "ufs version: 0x%7s\n", rev) < 1) {
data/android-platform-system-core-10.0.0+r36/storaged/storaged_info.cpp:358:20:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
        if ((ret = sscanf(lines[i].c_str(),
data/android-platform-system-core-10.0.0+r36/storaged/tests/storaged_test.cpp:57:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        ASSERT_EQ(2048, read(fd, buffer, sizeof(buffer)));
data/android-platform-system-core-10.0.0+r36/storaged/uid_info.cpp:41:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    parcel->read(&io, sizeof(io));
data/android-platform-system-core-10.0.0+r36/storaged/uid_info.cpp:48:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        parcel->read(&task.io, sizeof(task.io));
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:187:80:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                            printf(" %.20s%c%*s", bit_label, down, (int) (20 - strlen(bit_label)), "");
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:441:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    res = read(nfd, event_buf, sizeof(event_buf));
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:451:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    filename = devname + strlen(devname);
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:483:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    filename = devname + strlen(devname);
data/android-platform-system-core-10.0.0+r36/toolbox/getevent.c:666:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                    res = read(ufds[i].fd, &event, sizeof(event));
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/fastgrep.c:63:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	fg->len = strlen(pat);
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/fastgrep.c:91:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	fg->len = strlen(pat);
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/file.c:110:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			nr = read(f->fd, buffer, MAXBUFSIZ);
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/file.c:121:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		nr = read(f->fd, buffer, MAXBUFSIZ);
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/grep.c:376:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		for (j = 0; j < strlen(eopts); j++)
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/grep.c:472:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			add_pattern(optarg, strlen(optarg));
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/grep.c:651:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		add_pattern(*aargv, strlen(*aargv));
data/android-platform-system-core-10.0.0+r36/toolbox/upstream-netbsd/usr.bin/grep/util.c:222:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	ln.file = grep_malloc(strlen(fn) + 1);
data/android-platform-system-core-10.0.0+r36/trusty/gatekeeper/trusty_gatekeeper_ipc.c:66:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    rc = read(handle_, out, *out_size);
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:377:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		rc = read(echo_fd, rx_buf, msg_len);
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:485:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		rc = read(fd, rx_buf, sizeof(rx_buf));
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:568:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		rc = read(fd, rx_buf, sizeof(rx_buf));
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:613:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		ret = read(fd, rx_buf, sizeof(rx_buf));
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:678:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	rc = read(fd, &uuid, sizeof(uuid));
data/android-platform-system-core-10.0.0+r36/trusty/libtrusty/tipc-test/tipc_test.c:773:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		rc = read(echo_fd, rx_buf, sizeof(rx_buf));
data/android-platform-system-core-10.0.0+r36/trusty/storage/lib/storage.c:148:84:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    struct iovec tx[3] = {{&msg, sizeof(msg)}, {&req, sizeof(req)}, {(void *)name, strlen(name)}};
data/android-platform-system-core-10.0.0+r36/trusty/storage/lib/storage.c:184:84:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    struct iovec tx[3] = {{&msg, sizeof(msg)}, {&req, sizeof(req)}, {(void *)name, strlen(name)}};
data/android-platform-system-core-10.0.0+r36/trusty/storage/proxy/proxy.c:103:5:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
    umask(S_IXUSR | S_IRWXG | S_IRWXO);
data/android-platform-system-core-10.0.0+r36/trusty/storage/proxy/rpmb.c:63:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (i && i % 32 == 0) printf("\n%*s", (int)strlen(prefix), "");
data/android-platform-system-core-10.0.0+r36/trusty/storage/proxy/rpmb.c:150:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    rc = read(rpmb_fd, read_buf, read_size);
data/android-platform-system-core-10.0.0+r36/trusty/storage/proxy/storage.c:175:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t fname_len = strlen(req->name);
data/android-platform-system-core-10.0.0+r36/trusty/storage/proxy/storage.c:229:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t fname_len = strlen(req->name);
data/android-platform-system-core-10.0.0+r36/trusty/utils/trusty-ut-ctrl/ut-ctrl.c:113:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        rc = read(fd, rx_buf, sizeof(rx_buf));

ANALYSIS SUMMARY:

Hits = 2636
Lines analyzed = 308461 in approximately 8.05 seconds (38338 lines/second)
Physical Source Lines of Code (SLOC) = 214576
Hits@level = [0] 1541 [1] 712 [2] 1330 [3] 111 [4] 460 [5]  23
Hits@level+ = [0+] 4177 [1+] 2636 [2+] 1924 [3+] 594 [4+] 483 [5+]  23
Hits/KSLOC@level+ = [0+] 19.4663 [1+] 12.2847 [2+] 8.96652 [3+] 2.76825 [4+] 2.25095 [5+] 0.107188
Symlinks skipped = 49 (--allowlink overrides but see doc for security issue)
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.