stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ats-lang-anairiats-0.2.11/contrib/cblas/TEST/test_lu_dats.c
Examining data/ats-lang-anairiats-0.2.11/ccomp/runtime/ats_basics.h
Examining data/ats-lang-anairiats-0.2.11/ccomp/runtime/ats_prelude_ngc.c
Examining data/ats-lang-anairiats-0.2.11/ccomp/runtime/ats_types.h
Examining data/ats-lang-anairiats-0.2.11/ccomp/runtime/ats_memory.h
Examining data/ats-lang-anairiats-0.2.11/ccomp/runtime/ats_prelude_gcats.c
Examining data/ats-lang-anairiats-0.2.11/ccomp/runtime/ats_prelude_gcbdw.c
Examining data/ats-lang-anairiats-0.2.11/ccomp/runtime/ats_config.h
Examining data/ats-lang-anairiats-0.2.11/ccomp/runtime/ats_prelude.c
Examining data/ats-lang-anairiats-0.2.11/ccomp/runtime/ats_exception.h
Examining data/ats-lang-anairiats-0.2.11/ccomp/runtime/ats_bootstrap.c
Examining data/ats-lang-anairiats-0.2.11/doc/EXAMPLE/AUP/utils/getargs.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans1_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_hashtbl_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_symtbl_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_ccomp_trans_temp_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_fixity_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_dynexp2_dcst_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_patcst2_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_ccomp_print_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_staexp2_scst_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_ccomp_trans_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_solver_fm_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_fixity_prec_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_keyword_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_posmark_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_charlst_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_namespace_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_dynexp2_print_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_parser_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans2_dyn1_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_ccomp_main_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_map_lin_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_stamp_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_staexp2_pprint_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_filename_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans1_dyn_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_dynexp3_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_posmark_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_filename_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_lexer_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_constraint_print_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_hiexp_print_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/libc_dats_unistd_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_dynexp2_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_hiexp_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/libc_sats_gmp_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_fixity_fxty_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/prelude_dats_filebas_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_parser_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_ccomp_emit_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans3_view_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_dynexp1_syndef_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_syntax_posmark_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_stamp_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans3_env_met_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_global_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_effect_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_keyword_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_comarg_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans4_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_string_parse_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/libats_lex_lexing_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_staexp2_pprint_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans3_deref_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans2_dyn2_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/prelude_dats_string_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_lexer_lats_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/libats_lex_tables_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_reference_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_charlst_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_array_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_dynexp3_print_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/prelude_dats_array_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_symbol_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans2_env_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_hashtbl_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_hiexp_util_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans1_env_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_location_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans3_dec_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_grammar_yats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_error_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/prelude_dats_char_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans3_env_loop_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_list_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_staexp2_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_symenv_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_comarg_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans3_pat_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_counter_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans2_sta_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_set_fun_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_map_lin_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_staexp2_solve_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_e1xp_eval_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans3_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_debug_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans3_env_scst_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_stadyncst2_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_staexp1_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_printf_c_lats_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_main_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_syntax_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/prelude_dats_printf_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans3_exp_dn_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_list_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_dynexp2_util_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_grammar_yats.h
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_constraint_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_macro2_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_staexp2_util2_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_staexp2_print_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_reference_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_macro2_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_ccomp_env_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_dynexp1_syndef_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_array_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_ccomp_trans_clau_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_dynexp2_dvar_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_staexp2_solve_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans1_sta_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans1_env_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans4_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_ccomp_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans2_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_staexp2_dcon_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_symtbl_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_label_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_error_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans3_env_print_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_intinf_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_symenv_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_syntax_depgen_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_intinf_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_namespace_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans3_assgn_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_dynexp1_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/prelude_dats_integer_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_staexp2_svVar_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_string_parse_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans3_env_eff_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans3_exp_up_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_syntax_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_ccomp_trans_tailcal_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_ccomp_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans3_env_state_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_dynexp3_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/prelude_dats_bool_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_location_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_solver_fm_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/prelude_dats_basics_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans2_env_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_constraint_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_staexp2_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_e1xp_eval_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_counter_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans3_env_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_dynexp1_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans3_loop_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/libc_sats_time_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans3_util_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_dynexp1_print_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_ccomp_util_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/libats_lex_lexing_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_symbol_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_stadyncst2_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_label_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_global_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_staexp1_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_staexp2_util1_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_dynexp2_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_dynexp2_dmac_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_debug_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_hiexp_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_patcst2_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_effect_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans3_env_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_ccomp_env_sats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_syntax_taggen_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_staexp1_print_dats.c
Examining data/ats-lang-anairiats-0.2.11/bootstrap1/ats_set_fun_dats.c

FINAL RESULTS:

data/ats-lang-anairiats-0.2.11/bootstrap1/ats_debug_dats.c:76:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  (void)vfprintf((FILE*)out, (char*)fmt, ap) ;
data/ats-lang-anairiats-0.2.11/bootstrap1/ats_grammar_yats.c:3484:21:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#  define YYFPRINTF fprintf
data/ats-lang-anairiats-0.2.11/bootstrap1/prelude_dats_printf_dats.c:47:23:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  va_start(ap, fmt) ; vfprintf(stderr, (char*)fmt, ap) ; va_end(ap) ;
data/ats-lang-anairiats-0.2.11/bootstrap1/prelude_dats_printf_dats.c:58:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    n = vfprintf(stderr, (char*)fmt, ap) ;
data/ats-lang-anairiats-0.2.11/bootstrap1/prelude_dats_printf_dats.c:87:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    n = vsnprintf (res, sz, (char*)fmt, ap) ;
data/ats-lang-anairiats-0.2.11/ccomp/runtime/ats_basics.h:103:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  fprintf ( \
data/ats-lang-anairiats-0.2.11/ccomp/runtime/ats_basics.h:192:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf (stderr,                                                      \
data/ats-lang-anairiats-0.2.11/bootstrap1/ats_map_lin_dats.c:49:14:  [3] (random) drand48:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  double r = drand48 ();
data/ats-lang-anairiats-0.2.11/bootstrap1/ats_filename_dats.c:1599:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (fulbas, ful, n1) ;
data/ats-lang-anairiats-0.2.11/bootstrap1/ats_filename_dats.c:1600:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (fulbas + n1, bas, n2) ;
data/ats-lang-anairiats-0.2.11/bootstrap1/ats_filename_dats.c:1619:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (dirbas, dir, n1) ;
data/ats-lang-anairiats-0.2.11/bootstrap1/ats_filename_dats.c:1621:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (dirbas + n1, bas, n2) ;
data/ats-lang-anairiats-0.2.11/bootstrap1/ats_grammar_yats.c:3780:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/ats-lang-anairiats-0.2.11/bootstrap1/ats_grammar_yats.c:4015:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char yymsgbuf[128];
data/ats-lang-anairiats-0.2.11/bootstrap1/ats_posmark_dats.c:2517:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    c = ((char *)basename)[n] ;
data/ats-lang-anairiats-0.2.11/bootstrap1/ats_posmark_dats.c:2521:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  while (n >= 0) { s[n] = ((char *)basename)[n] ; --n ; }
data/ats-lang-anairiats-0.2.11/bootstrap1/libats_lex_lexing_dats.c:1136:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf_ptr_new, buf_ptr+fstpos, endpos-fstpos) ;
data/ats-lang-anairiats-0.2.11/bootstrap1/libats_lex_lexing_dats.c:1139:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf_ptr_new, buf_ptr+fstpos, buf_size-fstpos) ;
data/ats-lang-anairiats-0.2.11/bootstrap1/libats_lex_lexing_dats.c:1140:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf_ptr_new+buf_size-fstpos, buf_ptr, endpos) ;
data/ats-lang-anairiats-0.2.11/bootstrap1/prelude_dats_array_dats.c:141:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (A, ini, tsz) ;
data/ats-lang-anairiats-0.2.11/bootstrap1/prelude_dats_array_dats.c:146:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (p, A, left * tsz) ; return ;
data/ats-lang-anairiats-0.2.11/bootstrap1/prelude_dats_array_dats.c:148:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (p, A, itsz);
data/ats-lang-anairiats-0.2.11/bootstrap1/prelude_dats_string_dats.c:298:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(des, src, ln) ; des[ln] = '\000' ;
data/ats-lang-anairiats-0.2.11/doc/EXAMPLE/AUP/utils/getargs.c:31:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char cmd[MAXLINE] ;
data/ats-lang-anairiats-0.2.11/bootstrap1/ats_filename_dats.c:1596:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  n1 = (p1 - p0); n2 = strlen ((char*)bas) ;
data/ats-lang-anairiats-0.2.11/bootstrap1/ats_filename_dats.c:1614:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  n1 = strlen ((char*)dir) ;
data/ats-lang-anairiats-0.2.11/bootstrap1/ats_filename_dats.c:1615:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  n2 = strlen ((char*)bas) ;
data/ats-lang-anairiats-0.2.11/bootstrap1/ats_grammar_yats.c:3664:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#   define yystrlen strlen
data/ats-lang-anairiats-0.2.11/bootstrap1/ats_posmark_dats.c:2511:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  n = strlen((char *)basename) ;
data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans1_dyn_dats.c:7330:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen (p) ;
data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans1_dyn_dats.c:7347:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen (p) ;
data/ats-lang-anairiats-0.2.11/bootstrap1/ats_trans1_dyn_dats.c:7364:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen (p) ;
data/ats-lang-anairiats-0.2.11/doc/EXAMPLE/AUP/utils/getargs.c:43:14:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      switch(getchar()) {

ANALYSIS SUMMARY:

Hits = 33
Lines analyzed = 298130 in approximately 6.57 seconds (45376 lines/second)
Physical Source Lines of Code (SLOC) = 216232
Hits@level = [0]  20 [1]   9 [2]  16 [3]   1 [4]   7 [5]   0
Hits@level+ = [0+]  53 [1+]  33 [2+]  24 [3+]   8 [4+]   7 [5+]   0
Hits/KSLOC@level+ = [0+] 0.245107 [1+] 0.152614 [2+] 0.110992 [3+] 0.0369973 [4+] 0.0323726 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.