Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/avrdude-6.3-20171130+svn1429/safemode.c
Examining data/avrdude-6.3-20171130+svn1429/flip2.c
Examining data/avrdude-6.3-20171130+svn1429/wiring.h
Examining data/avrdude-6.3-20171130+svn1429/stk500v2.h
Examining data/avrdude-6.3-20171130+svn1429/freebsd_ppi.h
Examining data/avrdude-6.3-20171130+svn1429/pickit2.c
Examining data/avrdude-6.3-20171130+svn1429/jtagmkII.c
Examining data/avrdude-6.3-20171130+svn1429/avr910.h
Examining data/avrdude-6.3-20171130+svn1429/ppiwin.c
Examining data/avrdude-6.3-20171130+svn1429/stk500_private.h
Examining data/avrdude-6.3-20171130+svn1429/tpi.h
Examining data/avrdude-6.3-20171130+svn1429/jtagmkI.c
Examining data/avrdude-6.3-20171130+svn1429/par.h
Examining data/avrdude-6.3-20171130+svn1429/linuxgpio.h
Examining data/avrdude-6.3-20171130+svn1429/dfu.h
Examining data/avrdude-6.3-20171130+svn1429/linux_ppdev.h
Examining data/avrdude-6.3-20171130+svn1429/ft245r.h
Examining data/avrdude-6.3-20171130+svn1429/par.c
Examining data/avrdude-6.3-20171130+svn1429/ser_win32.c
Examining data/avrdude-6.3-20171130+svn1429/jtag3.h
Examining data/avrdude-6.3-20171130+svn1429/dfu.c
Examining data/avrdude-6.3-20171130+svn1429/stk500generic.c
Examining data/avrdude-6.3-20171130+svn1429/my_ddk_hidsdi.h
Examining data/avrdude-6.3-20171130+svn1429/arduino.c
Examining data/avrdude-6.3-20171130+svn1429/stk500generic.h
Examining data/avrdude-6.3-20171130+svn1429/avrftdi_tpi.h
Examining data/avrdude-6.3-20171130+svn1429/usb_hidapi.c
Examining data/avrdude-6.3-20171130+svn1429/flip1.c
Examining data/avrdude-6.3-20171130+svn1429/pgm_type.c
Examining data/avrdude-6.3-20171130+svn1429/butterfly.h
Examining data/avrdude-6.3-20171130+svn1429/bitbang.h
Examining data/avrdude-6.3-20171130+svn1429/avrdude.h
Examining data/avrdude-6.3-20171130+svn1429/ser_avrdoper.c
Examining data/avrdude-6.3-20171130+svn1429/jtag3.c
Examining data/avrdude-6.3-20171130+svn1429/ppi.c
Examining data/avrdude-6.3-20171130+svn1429/stk500.h
Examining data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h
Examining data/avrdude-6.3-20171130+svn1429/buspirate.c
Examining data/avrdude-6.3-20171130+svn1429/buspirate.h
Examining data/avrdude-6.3-20171130+svn1429/crc16.h
Examining data/avrdude-6.3-20171130+svn1429/avrftdi.c
Examining data/avrdude-6.3-20171130+svn1429/flip1.h
Examining data/avrdude-6.3-20171130+svn1429/avr.c
Examining data/avrdude-6.3-20171130+svn1429/wiring.c
Examining data/avrdude-6.3-20171130+svn1429/pindefs.c
Examining data/avrdude-6.3-20171130+svn1429/jtag3_private.h
Examining data/avrdude-6.3-20171130+svn1429/stk500v2_private.h
Examining data/avrdude-6.3-20171130+svn1429/solaris_ecpp.h
Examining data/avrdude-6.3-20171130+svn1429/usb_libusb.c
Examining data/avrdude-6.3-20171130+svn1429/usbtiny.h
Examining data/avrdude-6.3-20171130+svn1429/avrftdi_private.h
Examining data/avrdude-6.3-20171130+svn1429/config.h
Examining data/avrdude-6.3-20171130+svn1429/avrftdi_tpi.c
Examining data/avrdude-6.3-20171130+svn1429/update.c
Examining data/avrdude-6.3-20171130+svn1429/ser_posix.c
Examining data/avrdude-6.3-20171130+svn1429/usbasp.h
Examining data/avrdude-6.3-20171130+svn1429/stk500.c
Examining data/avrdude-6.3-20171130+svn1429/arduino.h
Examining data/avrdude-6.3-20171130+svn1429/linuxgpio.c
Examining data/avrdude-6.3-20171130+svn1429/windows/loaddrv.c
Examining data/avrdude-6.3-20171130+svn1429/windows/giveio.c
Examining data/avrdude-6.3-20171130+svn1429/windows/loaddrv.h
Examining data/avrdude-6.3-20171130+svn1429/lists.c
Examining data/avrdude-6.3-20171130+svn1429/butterfly.c
Examining data/avrdude-6.3-20171130+svn1429/crc16.c
Examining data/avrdude-6.3-20171130+svn1429/serbb.h
Examining data/avrdude-6.3-20171130+svn1429/usbasp.c
Examining data/avrdude-6.3-20171130+svn1429/usbdevs.h
Examining data/avrdude-6.3-20171130+svn1429/stk500v2.c
Examining data/avrdude-6.3-20171130+svn1429/term.c
Examining data/avrdude-6.3-20171130+svn1429/jtagmkI_private.h
Examining data/avrdude-6.3-20171130+svn1429/avrftdi.h
Examining data/avrdude-6.3-20171130+svn1429/term.h
Examining data/avrdude-6.3-20171130+svn1429/confwin.c
Examining data/avrdude-6.3-20171130+svn1429/ppi.h
Examining data/avrdude-6.3-20171130+svn1429/jtagmkI.h
Examining data/avrdude-6.3-20171130+svn1429/pickit2.h
Examining data/avrdude-6.3-20171130+svn1429/main.c
Examining data/avrdude-6.3-20171130+svn1429/serbb_win32.c
Examining data/avrdude-6.3-20171130+svn1429/bitbang.c
Examining data/avrdude-6.3-20171130+svn1429/jtagmkII.h
Examining data/avrdude-6.3-20171130+svn1429/serbb_posix.c
Examining data/avrdude-6.3-20171130+svn1429/config.c
Examining data/avrdude-6.3-20171130+svn1429/avrpart.c
Examining data/avrdude-6.3-20171130+svn1429/avr910.c
Examining data/avrdude-6.3-20171130+svn1429/ft245r.c
Examining data/avrdude-6.3-20171130+svn1429/fileio.c
Examining data/avrdude-6.3-20171130+svn1429/pgm.c
Examining data/avrdude-6.3-20171130+svn1429/flip2.h
Examining data/avrdude-6.3-20171130+svn1429/usbtiny.c
Examining data/avrdude-6.3-20171130+svn1429/libavrdude.h
FINAL RESULTS:
data/avrdude-6.3-20171130+svn1429/arduino.c:86:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/avr910.c:372:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/avrftdi.c:120:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(&str[n], sizeof(str) - n, fmt, interface, port, pinno, &chars);
data/avrdude-6.3-20171130+svn1429/avrftdi.c:155:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/avrdude-6.3-20171130+svn1429/avrpart.c:665:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, prefix);
data/avrdude-6.3-20171130+svn1429/buspirate.c:431:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/buspirate.c:573:6: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf((const char*)buf, submode->entered_format, &PDATA(pgm)->submode_version) != 1) {
data/avrdude-6.3-20171130+svn1429/butterfly.c:387:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/config.c:99:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message, sizeof(message), errmsg, args);
data/avrdude-6.3-20171130+svn1429/config.c:116:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(message, sizeof(message), errmsg, args);
data/avrdude-6.3-20171130+svn1429/config.c:249:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tkn->value.string, text);
data/avrdude-6.3-20171130+svn1429/fileio.c:438:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(outf, tmpl, n + addr_width + 1, nextaddr);
data/avrdude-6.3-20171130+svn1429/fileio.c:481:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(outf, tmpl, n + addr_width + 1, nextaddr);
data/avrdude-6.3-20171130+svn1429/ft245r.c:551:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/ft245r.c:569:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->usbsn, device);
data/avrdude-6.3-20171130+svn1429/jtag3.c:1454:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/jtag3.c:1469:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:646:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:1515:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:1567:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:1619:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:1672:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:1725:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:1778:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:3355:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/main.c:68:14: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
rc = vfprintf(stderr, format, ap);
data/avrdude-6.3-20171130+svn1429/main.c:430:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sys_config, CONFIG_DIR);
data/avrdude-6.3-20171130+svn1429/main.c:439:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(usr_config, homedir);
data/avrdude-6.3-20171130+svn1429/pindefs.c:186:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
n = sprintf(p, fmt, pin);
data/avrdude-6.3-20171130+svn1429/pindefs.c:337:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
n = sprintf(p, fmt, pin);
data/avrdude-6.3-20171130+svn1429/ser_avrdoper.c:175:29: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEBUG_PRINT(arg) printf arg
data/avrdude-6.3-20171130+svn1429/ser_win32.c:252:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newname, port);
data/avrdude-6.3-20171130+svn1429/stk500.c:659:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1079:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msg, connection_status[i].description);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1645:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1703:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3408:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3519:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3597:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/term.c:723:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stdout, cmd[i].desc, cmd[i].name);
data/avrdude-6.3-20171130+svn1429/term.c:813:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nbuf, q);
data/avrdude-6.3-20171130+svn1429/update.c:59:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(upd->filename, buf);
data/avrdude-6.3-20171130+svn1429/update.c:69:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(upd->memtype, buf);
data/avrdude-6.3-20171130+svn1429/windows/loaddrv.c:104:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s\\%s.sys", cwd, argv[2]);
data/avrdude-6.3-20171130+svn1429/wiring.c:152:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pgm->port, port);
data/avrdude-6.3-20171130+svn1429/main.c:437:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
homedir = getenv("HOME");
data/avrdude-6.3-20171130+svn1429/main.c:465:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((ch = getopt(argc,argv,"?b:B:c:C:DeE:Fi:l:np:OP:qstU:uvVx:yY:")) != -1) {
data/avrdude-6.3-20171130+svn1429/arduino.c:43:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[32];
data/avrdude-6.3-20171130+svn1429/arduino.c:128:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "Arduino");
data/avrdude-6.3-20171130+svn1429/avr.c:104:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[2];
data/avrdude-6.3-20171130+svn1429/avr.c:154:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/avr.c:183:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/avr.c:184:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[4];
data/avrdude-6.3-20171130+svn1429/avr.c:313:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/avr.c:471:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/avr.c:472:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[4];
data/avrdude-6.3-20171130+svn1429/avr.c:531:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/avr.c:532:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[4];
data/avrdude-6.3-20171130+svn1429/avr.c:838:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/avr910.c:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[8];
data/avrdude-6.3-20171130+svn1429/avr910.c:161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sw[2];
data/avrdude-6.3-20171130+svn1429/avr910.c:162:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hw[2];
data/avrdude-6.3-20171130+svn1429/avr910.c:163:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/avrdude-6.3-20171130+svn1429/avr910.c:299:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/avrdude-6.3-20171130+svn1429/avr910.c:403:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[3];
data/avrdude-6.3-20171130+svn1429/avr910.c:417:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[2];
data/avrdude-6.3-20171130+svn1429/avr910.c:450:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/avrdude-6.3-20171130+svn1429/avr910.c:501:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/avrdude-6.3-20171130+svn1429/avr910.c:560:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[2];
data/avrdude-6.3-20171130+svn1429/avr910.c:627:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cmd[4], &m->buf[addr], blocksize);
data/avrdude-6.3-20171130+svn1429/avr910.c:648:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[4];
data/avrdude-6.3-20171130+svn1429/avr910.c:651:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/avrdude-6.3-20171130+svn1429/avr910.c:744:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "avr910");
data/avrdude-6.3-20171130+svn1429/avrftdi.c:63:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "avrftdi");
data/avrdude-6.3-20171130+svn1429/avrftdi.c:80:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[128];
data/avrdude-6.3-20171130+svn1429/avrftdi.c:367:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char send_buffer[(8*2*6)*transfer_size+(8*1*2)*transfer_size+7];
data/avrdude-6.3-20171130+svn1429/avrftdi.c:387:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char recv_buffer[2*16*transfer_size];
data/avrdude-6.3-20171130+svn1429/avrftdi.c:420:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[3];
data/avrdude-6.3-20171130+svn1429/avrftdi.c:475:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[6];
data/avrdude-6.3-20171130+svn1429/avrftdi.c:857:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/avrdude-6.3-20171130+svn1429/avrftdi.c:888:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/avrftdi.c:889:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[4];
data/avrdude-6.3-20171130+svn1429/avrftdi.c:951:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/avrftdi.c:952:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[len], *bufptr = buffer;
data/avrdude-6.3-20171130+svn1429/avrftdi.c:968:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m->buf + addr, buffer, len);
data/avrdude-6.3-20171130+svn1429/avrftdi.c:983:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4*len+4], *bufptr = buf;
data/avrdude-6.3-20171130+svn1429/avrftdi.c:1102:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char o_buf[4*len+4];
data/avrdude-6.3-20171130+svn1429/avrftdi.c:1103:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char i_buf[4*len+4];
data/avrdude-6.3-20171130+svn1429/avrftdi.c:1233:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "avrftdi");
data/avrdude-6.3-20171130+svn1429/avrftdi_tpi.c:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line0[34], line1[34], line2[34];
data/avrdude-6.3-20171130+svn1429/avrftdi_tpi.c:179:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[4];
data/avrdude-6.3-20171130+svn1429/avrpart.c:63:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m, op, sizeof(*m));
data/avrdude-6.3-20171130+svn1429/avrpart.c:307:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n->buf, m->buf, n->size);
data/avrdude-6.3-20171130+svn1429/avrpart.c:317:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n->tags, m->tags, n->size);
data/avrdude-6.3-20171130+svn1429/avrpart.c:666:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " ");
data/avrdude-6.3-20171130+svn1429/bitbang.c:427:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/bitbang.c:428:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[4];
data/avrdude-6.3-20171130+svn1429/bitbang.c:488:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/bitbang.c:489:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[4];
data/avrdude-6.3-20171130+svn1429/buspirate.c:184:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf_local[100];
data/avrdude-6.3-20171130+svn1429/buspirate.c:300:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reset[10];
data/avrdude-6.3-20171130+svn1429/buspirate.c:450:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[10];
data/avrdude-6.3-20171130+svn1429/buspirate.c:527:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[20] = { '\0' };
data/avrdude-6.3-20171130+svn1429/buspirate.c:654:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/avrdude-6.3-20171130+svn1429/buspirate.c:655:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[11];
data/avrdude-6.3-20171130+svn1429/buspirate.c:801:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[25];
data/avrdude-6.3-20171130+svn1429/buspirate.c:863:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[25];
data/avrdude-6.3-20171130+svn1429/buspirate.c:914:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char commandbuf[10];
data/avrdude-6.3-20171130+svn1429/buspirate.c:915:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[275];
data/avrdude-6.3-20171130+svn1429/buspirate.c:974:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd_buf[4096] = {'\0'};
data/avrdude-6.3-20171130+svn1429/buspirate.c:1083:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/buspirate.c:1084:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[4];
data/avrdude-6.3-20171130+svn1429/buspirate.c:1113:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/buspirate.c:1114:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[4];
data/avrdude-6.3-20171130+svn1429/buspirate.c:1156:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "BusPirate");
data/avrdude-6.3-20171130+svn1429/buspirate.c:1190:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[20] = { '\0' };
data/avrdude-6.3-20171130+svn1429/buspirate.c:1250:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[10];
data/avrdude-6.3-20171130+svn1429/buspirate.c:1286:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[10];
data/avrdude-6.3-20171130+svn1429/buspirate.c:1343:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "BusPirate_BB");
data/avrdude-6.3-20171130+svn1429/butterfly.c:214:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[8];
data/avrdude-6.3-20171130+svn1429/butterfly.c:215:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sw[2];
data/avrdude-6.3-20171130+svn1429/butterfly.c:216:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hw[2];
data/avrdude-6.3-20171130+svn1429/butterfly.c:217:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/avrdude-6.3-20171130+svn1429/butterfly.c:228:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mk_reset_cmd[6] = {"#aR@S\r"};
data/avrdude-6.3-20171130+svn1429/butterfly.c:427:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[3];
data/avrdude-6.3-20171130+svn1429/butterfly.c:440:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[4];
data/avrdude-6.3-20171130+svn1429/butterfly.c:456:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[6];
data/avrdude-6.3-20171130+svn1429/butterfly.c:510:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/avrdude-6.3-20171130+svn1429/butterfly.c:632:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cmd[4], &m->buf[addr], blocksize);
data/avrdude-6.3-20171130+svn1429/butterfly.c:666:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[4];
data/avrdude-6.3-20171130+svn1429/butterfly.c:718:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "butterfly");
data/avrdude-6.3-20171130+svn1429/butterfly.c:760:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "butterfly_mk");
data/avrdude-6.3-20171130+svn1429/config.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char default_programmer[MAX_STR_CONST];
data/avrdude-6.3-20171130+svn1429/config.c:36:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char default_parallel[PATH_MAX];
data/avrdude-6.3-20171130+svn1429/config.c:37:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char default_serial[PATH_MAX];
data/avrdude-6.3-20171130+svn1429/config.c:41:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string_buf[MAX_STR_CONST];
data/avrdude-6.3-20171130+svn1429/config.c:95:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[512];
data/avrdude-6.3-20171130+svn1429/config.c:112:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[512];
data/avrdude-6.3-20171130+svn1429/config.c:183:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tkn->value.number = atoi(text);
data/avrdude-6.3-20171130+svn1429/config.c:328:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file, "r");
data/avrdude-6.3-20171130+svn1429/config.h:64:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char string_buf[MAX_STR_CONST];
data/avrdude-6.3-20171130+svn1429/confwin.c:32:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void win_sys_config_set(char sys_config[PATH_MAX])
data/avrdude-6.3-20171130+svn1429/confwin.c:42:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void win_usr_config_set(char usr_config[PATH_MAX])
data/avrdude-6.3-20171130+svn1429/dfu.c:444:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/avrdude-6.3-20171130+svn1429/dfu.c:466:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, buffer, result);
data/avrdude-6.3-20171130+svn1429/dfu.h:77:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bwPollTimeout[3];
data/avrdude-6.3-20171130+svn1429/fileio.c:53:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[IHEX_MAXDATA];
data/avrdude-6.3-20171130+svn1429/fileio.c:198:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/avrdude-6.3-20171130+svn1429/fileio.c:286:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer [ MAX_LINE_LEN ];
data/avrdude-6.3-20171130+svn1429/fileio.c:496:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/avrdude-6.3-20171130+svn1429/fileio.c:572:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer [ MAX_LINE_LEN ];
data/avrdude-6.3-20171130+svn1429/fileio.c:1023:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem->buf + idx, d->d_buf, d->d_size);
data/avrdude-6.3-20171130+svn1429/fileio.c:1249:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[20];
data/avrdude-6.3-20171130+svn1429/fileio.c:1364:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAX_LINE_LEN];
data/avrdude-6.3-20171130+svn1429/fileio.c:1371:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fname, "r");
data/avrdude-6.3-20171130+svn1429/fileio.c:1373:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fname, "rb");
data/avrdude-6.3-20171130+svn1429/fileio.c:1536:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fname, fio.mode);
data/avrdude-6.3-20171130+svn1429/flip1.c:80:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char part_sig[3];
data/avrdude-6.3-20171130+svn1429/flip1.c:95:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char args[5];
data/avrdude-6.3-20171130+svn1429/flip1.c:102:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char start_addr[2];
data/avrdude-6.3-20171130+svn1429/flip1.c:103:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char end_addr[2];
data/avrdude-6.3-20171130+svn1429/flip1.c:104:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char padding[26];
data/avrdude-6.3-20171130+svn1429/flip1.c:109:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char crc[4]; /* not really used */
data/avrdude-6.3-20171130+svn1429/flip1.c:111:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char signature[3]; /* "DFU" */
data/avrdude-6.3-20171130+svn1429/flip1.c:112:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bcdversion[2]; /* 0x01, 0x10 */
data/avrdude-6.3-20171130+svn1429/flip1.c:113:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char vendor[2]; /* or 0xff, 0xff */
data/avrdude-6.3-20171130+svn1429/flip1.c:114:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char product[2]; /* or 0xff, 0xff */
data/avrdude-6.3-20171130+svn1429/flip1.c:115:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char device[2]; /* or 0xff, 0xff */
data/avrdude-6.3-20171130+svn1429/flip1.c:187:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "flip1");
data/avrdude-6.3-20171130+svn1429/flip1.c:582:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem->buf, FLIP1(pgm)->part_sig, sizeof(FLIP1(pgm)->part_sig));
data/avrdude-6.3-20171130+svn1429/flip1.c:763:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &cmd_header, sizeof(struct flip1_cmd_header));
data/avrdude-6.3-20171130+svn1429/flip1.c:766:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + sizeof(struct flip1_cmd_header) + (addr % 32), ptr, size);
data/avrdude-6.3-20171130+svn1429/flip1.c:768:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + sizeof(struct flip1_cmd_header), ptr, size);
data/avrdude-6.3-20171130+svn1429/flip1.c:770:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + sizeof(struct flip1_cmd_header) + write_size,
data/avrdude-6.3-20171130+svn1429/flip2.c:65:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char part_sig[3];
data/avrdude-6.3-20171130+svn1429/flip2.c:91:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char args[4];
data/avrdude-6.3-20171130+svn1429/flip2.c:180:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "flip2");
data/avrdude-6.3-20171130+svn1429/flip2.c:516:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem->buf, FLIP2(pgm)->part_sig, sizeof(FLIP2(pgm)->part_sig));
data/avrdude-6.3-20171130+svn1429/flip2.c:811:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64+64+0x400];
data/avrdude-6.3-20171130+svn1429/flip2.c:843:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, &cmd, sizeof(cmd));
data/avrdude-6.3-20171130+svn1429/flip2.c:845:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + data_offset, ptr, size);
data/avrdude-6.3-20171130+svn1429/ft245r.c:103:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "ftdi_syncbb");
data/avrdude-6.3-20171130+svn1429/ft245r.c:117:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "ftdi_syncbb");
data/avrdude-6.3-20171130+svn1429/ft245r.c:157:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buffer[BUFSIZE];
data/avrdude-6.3-20171130+svn1429/ft245r.c:178:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[0x1000];
data/avrdude-6.3-20171130+svn1429/ft245r.c:235:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4] = {0,0,0,0};
data/avrdude-6.3-20171130+svn1429/ft245r.c:236:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[4];
data/avrdude-6.3-20171130+svn1429/ft245r.c:278:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1];
data/avrdude-6.3-20171130+svn1429/ft245r.c:376:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4] = {0,0,0,0};
data/avrdude-6.3-20171130+svn1429/ft245r.c:377:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[4];
data/avrdude-6.3-20171130+svn1429/ft245r.c:509:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/avrdude-6.3-20171130+svn1429/ft245r.c:542:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[9] = "";
data/avrdude-6.3-20171130+svn1429/ft245r.c:770:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[FT245R_FRAGMENT_SIZE+1+128];
data/avrdude-6.3-20171130+svn1429/ft245r.c:795:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[FT245R_FRAGMENT_SIZE+1+128];
data/avrdude-6.3-20171130+svn1429/ft245r.c:820:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/ft245r.c:912:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[FT245R_FRAGMENT_SIZE+1];
data/avrdude-6.3-20171130+svn1429/ft245r.c:956:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "ftdi_syncbb");
data/avrdude-6.3-20171130+svn1429/jtag3.c:68:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char jtagchain[4];
data/avrdude-6.3-20171130+svn1429/jtag3.c:232:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reason[50];
data/avrdude-6.3-20171130+svn1429/jtag3.c:233:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(reason, "0x%02x", data[3]);
data/avrdude-6.3-20171130+svn1429/jtag3.c:237:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(reason, "target does not answer");
data/avrdude-6.3-20171130+svn1429/jtag3.c:241:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(reason, "no target power");
data/avrdude-6.3-20171130+svn1429/jtag3.c:245:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(reason, "command not understood");
data/avrdude-6.3-20171130+svn1429/jtag3.c:249:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(reason, "wrong (programming) mode");
data/avrdude-6.3-20171130+svn1429/jtag3.c:253:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(reason, "PDI failure");
data/avrdude-6.3-20171130+svn1429/jtag3.c:257:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(reason, "unsupported memory type");
data/avrdude-6.3-20171130+svn1429/jtag3.c:261:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(reason, "wrong length in memory access");
data/avrdude-6.3-20171130+svn1429/jtag3.c:265:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(reason, "debugWIRE communication failed");
data/avrdude-6.3-20171130+svn1429/jtag3.c:422:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 4, data, len);
data/avrdude-6.3-20171130+svn1429/jtag3.c:437:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[USBDEV_MAX_XFER_3];
data/avrdude-6.3-20171130+svn1429/jtag3.c:438:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char status[USBDEV_MAX_XFER_3];
data/avrdude-6.3-20171130+svn1429/jtag3.c:478:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 8, data, this_len);
data/avrdude-6.3-20171130+svn1429/jtag3.c:485:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 4, data, this_len);
data/avrdude-6.3-20171130+svn1429/jtag3.c:520:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[USBDEV_MAX_XFER_3];
data/avrdude-6.3-20171130+svn1429/jtag3.c:521:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char status[USBDEV_MAX_XFER_3];
data/avrdude-6.3-20171130+svn1429/jtag3.c:578:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[USBDEV_MAX_XFER_3];
data/avrdude-6.3-20171130+svn1429/jtag3.c:579:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char status[USBDEV_MAX_XFER_3];
data/avrdude-6.3-20171130+svn1429/jtag3.c:863:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3], *resp;
data/avrdude-6.3-20171130+svn1429/jtag3.c:895:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8], *resp;
data/avrdude-6.3-20171130+svn1429/jtag3.c:915:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8], *resp;
data/avrdude-6.3-20171130+svn1429/jtag3.c:957:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3], *resp;
data/avrdude-6.3-20171130+svn1429/jtag3.c:979:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3], *resp;
data/avrdude-6.3-20171130+svn1429/jtag3.c:1021:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4], *resp;
data/avrdude-6.3-20171130+svn1429/jtag3.c:1564:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4], *resp;
data/avrdude-6.3-20171130+svn1429/jtag3.c:1596:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[8], *resp;
data/avrdude-6.3-20171130+svn1429/jtag3.c:1729:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd + 13, m->buf + addr, block_size);
data/avrdude-6.3-20171130+svn1429/jtag3.c:1753:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[12];
data/avrdude-6.3-20171130+svn1429/jtag3.c:1822:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m->buf + addr, resp + 3, status - 4);
data/avrdude-6.3-20171130+svn1429/jtag3.c:1833:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[12];
data/avrdude-6.3-20171130+svn1429/jtag3.c:1907:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char signature_cache[2];
data/avrdude-6.3-20171130+svn1429/jtag3.c:1984:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cache_ptr, resp + 3, pagesize);
data/avrdude-6.3-20171130+svn1429/jtag3.c:1996:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[14];
data/avrdude-6.3-20171130+svn1429/jtag3.c:2080:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem->buf + addr, cache_ptr, pagesize);
data/avrdude-6.3-20171130+svn1429/jtag3.c:2118:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char parm[2];
data/avrdude-6.3-20171130+svn1429/jtag3.c:2142:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[6], *resp, c;
data/avrdude-6.3-20171130+svn1429/jtag3.c:2143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descr[60];
data/avrdude-6.3-20171130+svn1429/jtag3.c:2154:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(descr, "get parameter (scope 0x%02x, section %d, parm %d)",
data/avrdude-6.3-20171130+svn1429/jtag3.c:2170:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, resp + 3, (length < status? length: status));
data/avrdude-6.3-20171130+svn1429/jtag3.c:2185:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char descr[60];
data/avrdude-6.3-20171130+svn1429/jtag3.c:2189:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(descr, "set parameter (scope 0x%02x, section %d, parm %d)",
data/avrdude-6.3-20171130+svn1429/jtag3.c:2205:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 6, value, length);
data/avrdude-6.3-20171130+svn1429/jtag3.c:2219:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[12];
data/avrdude-6.3-20171130+svn1429/jtag3.c:2232:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sib, resp+3, AVR_SIBLEN);
data/avrdude-6.3-20171130+svn1429/jtag3.c:2241:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char parms[5];
data/avrdude-6.3-20171130+svn1429/jtag3.c:2242:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4], *resp, c;
data/avrdude-6.3-20171130+svn1429/jtag3.c:2286:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2];
data/avrdude-6.3-20171130+svn1429/jtag3.c:2367:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "JTAGICE3");
data/avrdude-6.3-20171130+svn1429/jtag3.c:2402:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "JTAGICE3_DW");
data/avrdude-6.3-20171130+svn1429/jtag3.c:2434:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "JTAGICE3_PDI");
data/avrdude-6.3-20171130+svn1429/jtag3.c:2468:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "JTAGICE3_UPDI");
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:290:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char flash_page_size[2]; // in bytes
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:291:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char flash_size[4]; // in bytes
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:292:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dummy1[4]; // always 0
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:293:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char boot_address[4]; // maximal (BOOTSZ = 3) bootloader
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:295:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sram_offset[2]; // pointing behind IO registers
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:296:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char eeprom_size[2];
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:307:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dummy2[2]; // always 0
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:324:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nvm_app_offset[4]; // NVM offset for application flash
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:325:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nvm_boot_offset[4]; // NVM offset for boot flash
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:326:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nvm_eeprom_offset[4]; // NVM offset for EEPROM
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:327:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nvm_fuse_offset[4]; // NVM offset for fuses
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:328:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nvm_lock_offset[4]; // NVM offset for lock bits
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:329:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nvm_user_sig_offset[4]; // NVM offset for user signature row
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:330:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nvm_prod_sig_offset[4]; // NVM offset for production sign. row
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:331:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nvm_data_offset[4]; // NVM offset for data memory (SRAM + IO)
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:332:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char app_size[4]; // size of application flash
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:333:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char boot_size[2]; // size of boot flash
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:334:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char flash_page_size[2]; // flash page size
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:335:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char eeprom_size[2]; // size of EEPROM
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:337:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nvm_base_addr[2]; // IO space base address of NVM controller
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:338:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mcu_base_addr[2]; // IO space base address of MCU control
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:343:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char prog_base[2];
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:346:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nvm_base_addr[2];
data/avrdude-6.3-20171130+svn1429/jtag3_private.h:347:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ocd_base_addr[2];
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:210:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, data, len);
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:249:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4], resp[9];
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:320:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1], resp[9];
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:349:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1], resp[2];
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:376:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char resp[2];
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:423:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1], resp[2];
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:455:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1], resp[2];
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:487:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1], resp[2];
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:535:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[1], resp[5];
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:611:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hfuse.desc, "hfuse");
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:719:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[6], *datacmd;
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:720:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char resp[2];
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:818:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(datacmd + 1, m->buf + addr, block_size);
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:853:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[6], resp[256 * 2 + 3];
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:930:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m->buf + addr, resp + 1, block_size);
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:941:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[6];
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:942:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char resp[256 * 2 + 3], *cache_ptr = NULL;
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:1043:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cache_ptr, resp + 1, pagesize);
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:1057:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[6], datacmd[1 * 2 + 1];
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:1058:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char resp[1], writedata;
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:1194:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2], resp[3];
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:1238:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3], resp[2];
data/avrdude-6.3-20171130+svn1429/jtagmkI.c:1339:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "JTAGMKI");
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:73:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char serno[6]; /* JTAG ICE serial number. */
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:76:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char jtagchain[4];
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:253:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msg[50];
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:259:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Unknown JTAG ICE mkII result code 0x%02x", rc);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:441:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 8, data, len);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:565:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, header, 8);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:678:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3], *resp, c = 0xff;
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:718:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(PDATA(pgm)->serno, resp + 10, 6);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:890:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[6], *resp, c;
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:979:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sendbuf.dd.ucFlashInst, p->flash_instr, FLASH_INSTR_SIZE);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:980:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sendbuf.dd.ucEepromInst, p->eeprom_instr, EEPROM_INSTR_SIZE);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:1101:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2], *resp, c;
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:1153:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1], *resp, c;
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:1209:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1], *resp, c;
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:1362:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char par[4];
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:1407:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hfuse.desc, "hfuse");
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:1798:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1], *resp, c;
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:1866:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[6];
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2042:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd + 10, m->buf + addr, block_size);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2099:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[10];
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2186:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m->buf + addr, resp + 1, status-1);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2197:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[10];
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2271:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char parm[4];
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2362:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cache_ptr, resp + 1, pagesize);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2378:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[12];
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2534:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2], *resp, c;
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2568:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, resp + 1, 4);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2585:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2 + 4], *resp, c;
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2610:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 2, value, size);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2645:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hw[4], fw[4];
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2666:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char vtarget[4], jtag_clock[4];
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2667:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char clkbuf[20];
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2681:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(clkbuf, "6.4 MHz");
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2684:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(clkbuf, "2.8 MHz");
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2687:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(clkbuf, "%.1f MHz", 5.35 / (double)jtag_clock[0]);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2690:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(clkbuf, "%.1f kHz", 5.35e3 / (double)jtag_clock[0]);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2752:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3], *resp;
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2792:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *resp, buf[3];
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:3085:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[6], *resp;
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:3162:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *resp, buf[3], x, ret[4], *retP;
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:3223:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[6], *resp;
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:3285:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[10], *resp;
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:3320:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[6], *resp;
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:3400:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *resp, buf[3], c;
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:3459:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[7];
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:3521:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m->buf + addr, resp + 1, block_size);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:3608:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd + 10, m->buf + addr, block_size);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:3789:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "JTAGMKII");
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:3824:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "JTAGMKII_DW");
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:3856:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "JTAGMKII_PDI");
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:3889:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "DRAGON_JTAG");
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:3924:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "DRAGON_DW");
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:3956:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "JTAGMKII_AVR32");
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:3990:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "DRAGON_PDI");
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:312:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucReadIO[8]; /*LSB = IOloc 0, MSB = IOloc63 */
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:313:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucReadIOShadow[8]; /*LSB = IOloc 0, MSB = IOloc63 */
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:314:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucWriteIO[8]; /*LSB = IOloc 0, MSB = IOloc63 */
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:315:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucWriteIOShadow[8]; /*LSB = IOloc 0, MSB = IOloc63 */
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:316:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucReadExtIO[52]; /*LSB = IOloc 96, MSB = IOloc511 */
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:317:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucReadIOExtShadow[52]; /*LSB = IOloc 96, MSB = IOloc511 */
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:318:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucWriteExtIO[52]; /*LSB = IOloc 96, MSB = IOloc511 */
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:319:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucWriteIOExtShadow[52];/*LSB = IOloc 96, MSB = IOloc511 */
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:324:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uiFlashPageSize[2]; /*Device Flash Page Size, Size = */
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:327:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ulBootAddress[4]; /*Device Boot Loader Start Address */
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:328:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uiUpperExtIOLoc[2]; /*Topmost (last) extended I/O */
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:330:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ulFlashSize[4]; /*Device Flash Size */
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:331:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucEepromInst[20]; /*Instructions for W/R EEPROM */
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:332:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucFlashInst[3]; /*Instructions for W/R FLASH */
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:336:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uiFlashpages[2]; /* number of pages in flash */
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:342:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uiStartSmallestBootLoaderSection[2]; /* */
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:350:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uiSramStartAddr[2]; /* Start of SRAM */
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:357:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char EECRAddress[2]; /* EECR memory-mapped IO address */
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:362:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char whatever[2]; // cannot guess; must be 0x0002
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:364:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nvm_app_offset[4]; // NVM offset for application flash
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:365:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nvm_boot_offset[4]; // NVM offset for boot flash
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:366:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nvm_eeprom_offset[4]; // NVM offset for EEPROM
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:367:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nvm_fuse_offset[4]; // NVM offset for fuses
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:368:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nvm_lock_offset[4]; // NVM offset for lock bits
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:369:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nvm_user_sig_offset[4]; // NVM offset for user signature row
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:370:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nvm_prod_sig_offset[4]; // NVM offset for production sign. row
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:371:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nvm_data_offset[4]; // NVM offset for data memory (SRAM + IO)
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:372:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char app_size[4]; // size of application flash
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:373:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char boot_size[2]; // size of boot flash
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:374:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char flash_page_size[2]; // flash page size
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:375:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char eeprom_size[2]; // size of EEPROM
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:377:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nvm_base_addr[2]; // IO space base address of NVM controller
data/avrdude-6.3-20171130+svn1429/jtagmkII_private.h:378:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mcu_base_addr[2]; // IO space base address of MCU control
data/avrdude-6.3-20171130+svn1429/jtagmkI_private.h:150:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucReadIO[8]; /*LSB = IOloc 0, MSB = IOloc63 */
data/avrdude-6.3-20171130+svn1429/jtagmkI_private.h:151:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucWriteIO[8]; /*LSB = IOloc 0, MSB = IOloc63 */
data/avrdude-6.3-20171130+svn1429/jtagmkI_private.h:152:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucReadIOShadow[8]; /*LSB = IOloc 0, MSB = IOloc63 */
data/avrdude-6.3-20171130+svn1429/jtagmkI_private.h:153:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucWriteIOShadow[8]; /*LSB = IOloc 0, MSB = IOloc63 */
data/avrdude-6.3-20171130+svn1429/jtagmkI_private.h:154:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucReadExtIO[20]; /*LSB = IOloc 96, MSB = IOloc255 */
data/avrdude-6.3-20171130+svn1429/jtagmkI_private.h:155:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucWriteExtIO[20]; /*LSB = IOloc 96, MSB = IOloc255 */
data/avrdude-6.3-20171130+svn1429/jtagmkI_private.h:156:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucReadIOExtShadow[20]; /*LSB = IOloc 96, MSB = IOloc255 */
data/avrdude-6.3-20171130+svn1429/jtagmkI_private.h:157:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucWriteIOExtShadow[20];/*LSB = IOloc 96, MSB = IOloc255 */
data/avrdude-6.3-20171130+svn1429/jtagmkI_private.h:162:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uiFlashPageSize[2]; /*Device Flash Page Size, Size = */
data/avrdude-6.3-20171130+svn1429/jtagmkI_private.h:165:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ulBootAddress[4]; /*Device Boot Loader Start Address */
data/avrdude-6.3-20171130+svn1429/libavrdude.h:227:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[AVR_DESCLEN]; /* long part name */
data/avrdude-6.3-20171130+svn1429/libavrdude.h:228:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[AVR_IDLEN]; /* short part name */
data/avrdude-6.3-20171130+svn1429/libavrdude.h:229:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char family_id[AVR_FAMILYIDLEN+1]; /* family id in the SIB (avr8x) */
data/avrdude-6.3-20171130+svn1429/libavrdude.h:235:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char signature[3]; /* expected value of signature bytes */
data/avrdude-6.3-20171130+svn1429/libavrdude.h:254:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char controlstack[CTL_STACK_SIZE]; /* stk500v2 PP/HVSP ctl stack */
data/avrdude-6.3-20171130+svn1429/libavrdude.h:255:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char flash_instr[FLASH_INSTR_SIZE]; /* flash instructions (debugWire, JTAG) */
data/avrdude-6.3-20171130+svn1429/libavrdude.h:256:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char eeprom_instr[EEPROM_INSTR_SIZE]; /* EEPROM instructions (debugWire, JTAG) */
data/avrdude-6.3-20171130+svn1429/libavrdude.h:289:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_file[PATH_MAX]; /* config file where defined */
data/avrdude-6.3-20171130+svn1429/libavrdude.h:295:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[AVR_MEMDESCLEN]; /* memory description ("flash", "eeprom", etc) */
data/avrdude-6.3-20171130+svn1429/libavrdude.h:307:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char readback[2]; /* polled read-back values */
data/avrdude-6.3-20171130+svn1429/libavrdude.h:563:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(char * port, union pinfo pinfo, union filedescriptor *fd);
data/avrdude-6.3-20171130+svn1429/libavrdude.h:585:30: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define serial_open (serdev->open)
data/avrdude-6.3-20171130+svn1429/libavrdude.h:629:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[PGM_DESCLEN];
data/avrdude-6.3-20171130+svn1429/libavrdude.h:630:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[PGM_TYPELEN];
data/avrdude-6.3-20171130+svn1429/libavrdude.h:631:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port[PGM_PORTLEN];
data/avrdude-6.3-20171130+svn1429/libavrdude.h:644:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usbdev[PGM_USBSTRINGLEN], usbsn[PGM_USBSTRINGLEN];
data/avrdude-6.3-20171130+svn1429/libavrdude.h:645:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usbvendor[PGM_USBSTRINGLEN], usbproduct[PGM_USBSTRINGLEN];
data/avrdude-6.3-20171130+svn1429/libavrdude.h:669:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open) (struct programmer_t * pgm, char * port);
data/avrdude-6.3-20171130+svn1429/libavrdude.h:699:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char config_file[PATH_MAX]; /* config file where defined */
data/avrdude-6.3-20171130+svn1429/libavrdude.h:955:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void win_sys_config_set(char sys_config[PATH_MAX]);
data/avrdude-6.3-20171130+svn1429/libavrdude.h:956:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void win_usr_config_set(char usr_config[PATH_MAX]);
data/avrdude-6.3-20171130+svn1429/linuxgpio.c:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[11];
data/avrdude-6.3-20171130+svn1429/linuxgpio.c:63:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/sys/class/gpio/export", O_WRONLY);
data/avrdude-6.3-20171130+svn1429/linuxgpio.c:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[11];
data/avrdude-6.3-20171130+svn1429/linuxgpio.c:81:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/sys/class/gpio/unexport", O_WRONLY);
data/avrdude-6.3-20171130+svn1429/linuxgpio.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filepath[60];
data/avrdude-6.3-20171130+svn1429/linuxgpio.c:99:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return (open(filepath, O_RDWR));
data/avrdude-6.3-20171130+svn1429/linuxgpio.c:105:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[60];
data/avrdude-6.3-20171130+svn1429/linuxgpio.c:109:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(buf, O_WRONLY);
data/avrdude-6.3-20171130+svn1429/linuxgpio.c:316:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "linuxgpio");
data/avrdude-6.3-20171130+svn1429/main.c:58:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char progbuf[PATH_MAX]; /* temporary buffer of spaces the same
data/avrdude-6.3-20171130+svn1429/main.c:143:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hashes[51];
data/avrdude-6.3-20171130+svn1429/main.c:332:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sys_config[PATH_MAX]; /* system wide config file */
data/avrdude-6.3-20171130+svn1429/main.c:333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usr_config[PATH_MAX]; /* per-user config file */
data/avrdude-6.3-20171130+svn1429/main.c:434:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sys_config, "avrdude.conf");
data/avrdude-6.3-20171130+svn1429/main.c:443:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(usr_config, ".avrduderc");
data/avrdude-6.3-20171130+svn1429/main.c:956:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
rc = pgm->open(pgm, port);
data/avrdude-6.3-20171130+svn1429/main.c:1053:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sib[AVR_SIBLEN + 1];
data/avrdude-6.3-20171130+svn1429/main.c:1282:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yes[1] = {'y'};
data/avrdude-6.3-20171130+svn1429/par.c:368:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "PPI");
data/avrdude-6.3-20171130+svn1429/pgm.c:167:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pgm, src, sizeof(*pgm));
data/avrdude-6.3-20171130+svn1429/pickit2.c:111:65: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int pickit2_write_report(PROGRAMMER *pgm, const unsigned char report[65]);
data/avrdude-6.3-20171130+svn1429/pickit2.c:112:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int pickit2_read_report(PROGRAMMER *pgm, unsigned char report[65]);
data/avrdude-6.3-20171130+svn1429/pickit2.c:248:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[4];
data/avrdude-6.3-20171130+svn1429/pickit2.c:258:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char report[65] = {0, CMD_GET_VERSION, CMD_END_OF_BUFFER};
data/avrdude-6.3-20171130+svn1429/pickit2.c:261:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char report[65] = {0};
data/avrdude-6.3-20171130+svn1429/pickit2.c:269:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char report[65] =
data/avrdude-6.3-20171130+svn1429/pickit2.c:325:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char report[65] =
data/avrdude-6.3-20171130+svn1429/pickit2.c:420:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/pickit2.c:421:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[4];
data/avrdude-6.3-20171130+svn1429/pickit2.c:454:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/pickit2.c:455:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[4];
data/avrdude-6.3-20171130+svn1429/pickit2.c:591:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[8];
data/avrdude-6.3-20171130+svn1429/pickit2.c:807:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(res, repptr, retval);
data/avrdude-6.3-20171130+svn1429/pickit2.c:1115:66: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int pickit2_write_report(PROGRAMMER * pgm, const unsigned char report[65])
data/avrdude-6.3-20171130+svn1429/pickit2.c:1120:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int pickit2_read_report(PROGRAMMER * pgm, unsigned char report[65])
data/avrdude-6.3-20171130+svn1429/pickit2.c:1186:66: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int pickit2_write_report(PROGRAMMER * pgm, const unsigned char report[65])
data/avrdude-6.3-20171130+svn1429/pickit2.c:1192:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int pickit2_read_report(PROGRAMMER * pgm, unsigned char report[65])
data/avrdude-6.3-20171130+svn1429/pindefs.c:155:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[(PIN_MAX + 1) * 5]; // should be enough for PIN_MAX=255
data/avrdude-6.3-20171130+svn1429/pindefs.c:177:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, "-%d", end);
data/avrdude-6.3-20171130+svn1429/pindefs.c:192:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
n = sprintf(p, "-%d", end);
data/avrdude-6.3-20171130+svn1429/pindefs.c:321:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[(PIN_MAX + 1) * 5]; // should be enough for PIN_MAX=255
data/avrdude-6.3-20171130+svn1429/ppi.c:57:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shadow[3];
data/avrdude-6.3-20171130+svn1429/ppi.c:206:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(port, O_RDWR);
data/avrdude-6.3-20171130+svn1429/ser_avrdoper.c:59:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char avrdoperRxBuffer[280]; /* buffer for receive data */
data/avrdude-6.3-20171130+svn1429/ser_avrdoper.c:249:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/avrdude-6.3-20171130+svn1429/ser_avrdoper.c:392:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[32];
data/avrdude-6.3-20171130+svn1429/ser_avrdoper.c:401:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Unknown error %d.", usbErrno);
data/avrdude-6.3-20171130+svn1429/ser_avrdoper.c:447:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[256];
data/avrdude-6.3-20171130+svn1429/ser_avrdoper.c:453:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + 2, buf, thisLen);
data/avrdude-6.3-20171130+svn1429/ser_avrdoper.c:455:64: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
rval = usbSetReport(fdp, USB_HID_REPORT_TYPE_FEATURE, (char *)buffer,
data/avrdude-6.3-20171130+svn1429/ser_avrdoper.c:476:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[128];
data/avrdude-6.3-20171130+svn1429/ser_avrdoper.c:497:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(avrdoperRxBuffer + avrdoperRxLength, buffer + 2, len);
data/avrdude-6.3-20171130+svn1429/ser_avrdoper.c:516:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, avrdoperRxBuffer + avrdoperRxPosition, len);
data/avrdude-6.3-20171130+svn1429/ser_posix.c:289:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(port, O_RDWR | O_NOCTTY | O_NONBLOCK);
data/avrdude-6.3-20171130+svn1429/ser_win32.c:194:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(sockaddr.sin_addr.s_addr), hp->h_addr, sizeof(struct in_addr));
data/avrdude-6.3-20171130+svn1429/ser_win32.c:251:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(newname, "\\\\.\\");
data/avrdude-6.3-20171130+svn1429/ser_win32.c:635:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[10];
data/avrdude-6.3-20171130+svn1429/serbb_posix.c:69:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *serpins[DB9PINS + 1] =
data/avrdude-6.3-20171130+svn1429/serbb_posix.c:232:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pgm->fd.ifd = open(port, O_RDWR | O_NOCTTY | O_NONBLOCK);
data/avrdude-6.3-20171130+svn1429/serbb_posix.c:294:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "SERBB");
data/avrdude-6.3-20171130+svn1429/serbb_win32.c:339:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "SERBB");
data/avrdude-6.3-20171130+svn1429/stk500.c:90:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[32], resp[32];
data/avrdude-6.3-20171130+svn1429/stk500.c:141:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[32];
data/avrdude-6.3-20171130+svn1429/stk500.c:182:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/stk500.c:183:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[4];
data/avrdude-6.3-20171130+svn1429/stk500.c:217:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/avrdude-6.3-20171130+svn1429/stk500.c:277:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/avrdude-6.3-20171130+svn1429/stk500.c:344:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[9];
data/avrdude-6.3-20171130+svn1429/stk500.c:413:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[32];
data/avrdude-6.3-20171130+svn1429/stk500.c:603:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/avrdude-6.3-20171130+svn1429/stk500.c:695:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/avrdude-6.3-20171130+svn1429/stk500.c:762:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[page_size + 16];
data/avrdude-6.3-20171130+svn1429/stk500.c:816:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[i], &m->buf[addr], block_size);
data/avrdude-6.3-20171130+svn1429/stk500.c:857:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/avrdude-6.3-20171130+svn1429/stk500.c:1076:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/avrdude-6.3-20171130+svn1429/stk500.c:1133:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/avrdude-6.3-20171130+svn1429/stk500.c:1290:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "STK500");
data/avrdude-6.3-20171130+svn1429/stk500generic.c:44:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (pgm->open(pgm, port) >= 0)
data/avrdude-6.3-20171130+svn1429/stk500generic.c:54:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (pgm->open(pgm, port) >= 0)
data/avrdude-6.3-20171130+svn1429/stk500generic.c:85:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "STK500GENERIC");
data/avrdude-6.3-20171130+svn1429/stk500v2.c:445:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmdbuf + 3, data, len);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:470:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmdbuf + 1, data, len);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:480:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[275 + 6]; // max MESSAGE_BODY of 275 bytes, 6 bytes overhead
data/avrdude-6.3-20171130+svn1429/stk500v2.c:496:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+5, data, len);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:572:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg, jtagmsg + 1, rv - 1);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:607:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg, jtagmsg + 1, rv - 1);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:734:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1], resp[32];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:870:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[30];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:885:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msgbuf, "unknown, code 0x%02x", buf[1]);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:927:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:977:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1006:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[3];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1078:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(msg, ", ");
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1084:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Unknown status 0x%02x", status);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1093:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1094:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[100]; /* see remarks above about size needed */
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1145:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4], *resp;
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1203:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1224:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1333:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char parm[4], *resp;
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1423:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[CTL_STACK_SIZE + 1];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1438:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 1, p->controlstack, CTL_STACK_SIZE);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1506:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1530:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1552:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1737:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1768:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[266];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1860:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cache_ptr, buf + 2, pagesize);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1897:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[6];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1932:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cache_ptr, &mem->buf[paddr], pagesize);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1996:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[266];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2092:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 5, cache_ptr, pagesize);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2155:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[5];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2191:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cache_ptr, mem->buf + paddr, pagesize);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2194:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem->buf + paddr, cache_ptr, pagesize);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2264:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char commandbuf[10];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2265:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[266];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2266:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmds[4];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2361:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,commandbuf,sizeof(commandbuf));
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2372:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+10,m->buf+addr, block_size);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2395:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char commandbuf[5], buf[266];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2454:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, commandbuf, sizeof(commandbuf));
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2465:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 5, m->buf + addr, block_size);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2506:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char commandbuf[4];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2507:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[275]; // max buffer size for stk500v2 at this point
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2508:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmds[4];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2558:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf,commandbuf,sizeof(commandbuf));
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2584:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m->buf[addr], &buf[2], block_size);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2601:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char commandbuf[3], buf[266];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2638:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, commandbuf, sizeof(commandbuf));
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2664:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&m->buf[addr], &buf[2], block_size);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3022:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char value[3];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3045:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[32];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3063:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[32];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3098:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[32];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3116:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[32];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3233:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char vtarget_jtag[4];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3299:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3345:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[32];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3691:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newb + 1, b, cmdsize);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3694:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, newb + 1, responsesize);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3708:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3820:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3832:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[9 + 256];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3913:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[8];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:4045:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem->buf + offset, b + 2, page_size);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:4179:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b + 9, mem->buf + offset, writesize);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:4213:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b + 9, mem->buf + offset, writesize);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:4235:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[6];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:4265:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[6];
data/avrdude-6.3-20171130+svn1429/stk500v2.c:4333:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "STK500V2");
data/avrdude-6.3-20171130+svn1429/stk500v2.c:4371:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "STK500PP");
data/avrdude-6.3-20171130+svn1429/stk500v2.c:4406:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "STK500HVSP");
data/avrdude-6.3-20171130+svn1429/stk500v2.c:4441:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "JTAGMKII_ISP");
data/avrdude-6.3-20171130+svn1429/stk500v2.c:4476:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "DRAGON_ISP");
data/avrdude-6.3-20171130+svn1429/stk500v2.c:4510:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "DRAGON_PP");
data/avrdude-6.3-20171130+svn1429/stk500v2.c:4545:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "DRAGON_HVSP");
data/avrdude-6.3-20171130+svn1429/stk500v2.c:4580:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "STK600");
data/avrdude-6.3-20171130+svn1429/stk500v2.c:4618:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "STK600PP");
data/avrdude-6.3-20171130+svn1429/stk500v2.c:4653:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "STK600HVSP");
data/avrdude-6.3-20171130+svn1429/stk500v2.c:4688:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "JTAG3_ISP");
data/avrdude-6.3-20171130+svn1429/term.c:185:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b [ 128 ];
data/avrdude-6.3-20171130+svn1429/term.c:188:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b, p, n);
data/avrdude-6.3-20171130+svn1429/term.c:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst1[80];
data/avrdude-6.3-20171130+svn1429/term.c:211:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dst2[80];
data/avrdude-6.3-20171130+svn1429/term.c:234:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prevmem[128] = {0};
data/avrdude-6.3-20171130+svn1429/term.c:435:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4], res[4];
data/avrdude-6.3-20171130+svn1429/term.c:842:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q, buf, l);
data/avrdude-6.3-20171130+svn1429/term.c:901:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[256];
data/avrdude-6.3-20171130+svn1429/update.c:33:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/avrdude-6.3-20171130+svn1429/update.c:154:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(upd->filename, cp, fnlen);
data/avrdude-6.3-20171130+svn1429/update.c:170:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(u, upd, sizeof(UPDATE));
data/avrdude-6.3-20171130+svn1429/usb_hidapi.c:59:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char usbbuf[USBDEV_MAX_XFER_3 + 1];
data/avrdude-6.3-20171130+svn1429/usb_hidapi.c:93:7: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wserno[15];
data/avrdude-6.3-20171130+svn1429/usb_hidapi.c:247:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char usbbuf[USBDEV_MAX_XFER_3 + 1];
data/avrdude-6.3-20171130+svn1429/usb_hidapi.c:257:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(usbbuf + 1, bp, tx_size);
data/avrdude-6.3-20171130+svn1429/usb_libusb.c:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char usbbuf[USBDEV_MAX_XFER_3];
data/avrdude-6.3-20171130+svn1429/usb_libusb.c:67:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[256];
data/avrdude-6.3-20171130+svn1429/usb_libusb.c:68:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char product[256];
data/avrdude-6.3-20171130+svn1429/usb_libusb.c:142:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "[unknown]");
data/avrdude-6.3-20171130+svn1429/usb_libusb.c:151:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(product, "[unnamed product]");
data/avrdude-6.3-20171130+svn1429/usb_libusb.c:435:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + i, usbbuf + bufptr, amnt);
data/avrdude-6.3-20171130+svn1429/usb_libusb.c:490:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, usbbuf, rv);
data/avrdude-6.3-20171130+svn1429/usb_libusb.c:521:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, usbbuf, rv);
data/avrdude-6.3-20171130+svn1429/usbasp.c:339:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[256];
data/avrdude-6.3-20171130+svn1429/usbasp.c:411:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[256];
data/avrdude-6.3-20171130+svn1429/usbasp.c:539:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[4];
data/avrdude-6.3-20171130+svn1429/usbasp.c:586:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[4];
data/avrdude-6.3-20171130+svn1429/usbasp.c:587:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[4];
data/avrdude-6.3-20171130+svn1429/usbasp.c:678:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[4];
data/avrdude-6.3-20171130+svn1429/usbasp.c:679:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/usbasp.c:702:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/usbasp.c:703:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[4];
data/avrdude-6.3-20171130+svn1429/usbasp.c:729:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/usbasp.c:760:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[4];
data/avrdude-6.3-20171130+svn1429/usbasp.c:796:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/usbasp.c:831:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[4];
data/avrdude-6.3-20171130+svn1429/usbasp.c:887:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[4];
data/avrdude-6.3-20171130+svn1429/usbasp.c:888:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/usbasp.c:950:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[4];
data/avrdude-6.3-20171130+svn1429/usbasp.c:961:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[4];
data/avrdude-6.3-20171130+svn1429/usbasp.c:1089:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/usbasp.c:1132:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/usbasp.c:1183:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/usbasp.c:1216:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "usbasp");
data/avrdude-6.3-20171130+svn1429/usbasp.c:1260:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "usbasp");
data/avrdude-6.3-20171130+svn1429/usbtiny.c:184:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cmd[4];
data/avrdude-6.3-20171130+svn1429/usbtiny.c:336:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[4]; // store the response from usbtinyisp
data/avrdude-6.3-20171130+svn1429/usbtiny.c:409:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[4];
data/avrdude-6.3-20171130+svn1429/usbtiny.c:543:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "USBtiny");
data/avrdude-6.3-20171130+svn1429/usbtiny.c:581:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "usbtiny");
data/avrdude-6.3-20171130+svn1429/windows/loaddrv.c:47:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pFile = fopen(filename, "r");
data/avrdude-6.3-20171130+svn1429/windows/loaddrv.c:100:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_PATH*2];
data/avrdude-6.3-20171130+svn1429/windows/loaddrv.c:102:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cwd[MAX_PATH];
data/avrdude-6.3-20171130+svn1429/wiring.c:213:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pgm->type, "Wiring");
data/avrdude-6.3-20171130+svn1429/arduino.c:95:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(250*1000);
data/avrdude-6.3-20171130+svn1429/arduino.c:98:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50*1000);
data/avrdude-6.3-20171130+svn1429/avr.c:521:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(mem->max_write_delay);
data/avrdude-6.3-20171130+svn1429/avr.c:683:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(mem->max_write_delay); /* maximum write delay */
data/avrdude-6.3-20171130+svn1429/avr.c:700:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(mem->max_write_delay);
data/avrdude-6.3-20171130+svn1429/avr.c:749:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(250000);
data/avrdude-6.3-20171130+svn1429/avr910.c:126:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep (p->chip_erase_delay);
data/avrdude-6.3-20171130+svn1429/avr910.c:330:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(extended_param, "devcode=", strlen("devcode=")) == 0) {
data/avrdude-6.3-20171130+svn1429/avr910.c:345:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(extended_param, "no_blockmode", strlen("no_blockmode")) == 0) {
data/avrdude-6.3-20171130+svn1429/avr910.c:528:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(m->max_write_delay);
data/avrdude-6.3-20171130+svn1429/avr910.c:548:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(m->max_write_delay);
data/avrdude-6.3-20171130+svn1429/avr910.c:571:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(m->max_write_delay);
data/avrdude-6.3-20171130+svn1429/avrdude.h:50:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
int usleep(unsigned int us);
data/avrdude-6.3-20171130+svn1429/avrftdi.c:825:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(20 * 1000);
data/avrdude-6.3-20171130+svn1429/avrftdi.c:830:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(20 * 1000);
data/avrdude-6.3-20171130+svn1429/avrftdi.c:835:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(20 * 1000);
data/avrdude-6.3-20171130+svn1429/avrftdi.c:873:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(20);
data/avrdude-6.3-20171130+svn1429/avrftdi.c:900:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(p->chip_erase_delay);
data/avrdude-6.3-20171130+svn1429/avrftdi.c:942:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep((m->max_write_delay));
data/avrdude-6.3-20171130+svn1429/avrftdi.c:1085:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep((m->max_write_delay));
data/avrdude-6.3-20171130+svn1429/avrftdi_tpi.c:87:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(20 * 1000);
data/avrdude-6.3-20171130+svn1429/avrftdi_tpi.c:91:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(2 * 128 * 1000);
data/avrdude-6.3-20171130+svn1429/avrftdi_tpi.c:96:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(20 * 1000);
data/avrdude-6.3-20171130+svn1429/avrpart.c:356:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(desc);
data/avrdude-6.3-20171130+svn1429/avrpart.c:659:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(prefix) + 5;
data/avrdude-6.3-20171130+svn1429/bitbang.c:475:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(p->chip_erase_delay);
data/avrdude-6.3-20171130+svn1429/bitbang.c:532:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(20000);
data/avrdude-6.3-20171130+svn1429/bitbang.c:545:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/avrdude-6.3-20171130+svn1429/bitbang.c:565:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(20000);
data/avrdude-6.3-20171130+svn1429/bitbang.c:588:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(20000); /* 20 ms XXX should be a per-chip parameter */
data/avrdude-6.3-20171130+svn1429/buspirate.c:208:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf) - 1] == '\n' ? "" : "\n");
data/avrdude-6.3-20171130+svn1429/buspirate.c:239:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc = serial_send(&pgm->fd, (const unsigned char*)str, strlen(str));
data/avrdude-6.3-20171130+svn1429/buspirate.c:255:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int strlen_str = strlen(str);
data/avrdude-6.3-20171130+svn1429/buspirate.c:265:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t expect_len = strlen(expect);
data/avrdude-6.3-20171130+svn1429/buspirate.c:356:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(extended_param, "reset=%9s", reset) == 1) {
data/avrdude-6.3-20171130+svn1429/buspirate.c:614:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000); // sleep for 50ms after power up
data/avrdude-6.3-20171130+svn1429/buspirate.c:663:24: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (spi_cmd == -1 && sscanf(rcvd, "%2d. %10s", &cmd, mode)) {
data/avrdude-6.3-20171130+svn1429/buspirate.c:740:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rc = buspirate_send_bin(pgm, (const unsigned char*)reset_str, strlen(reset_str));
data/avrdude-6.3-20171130+svn1429/buspirate.c:753:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buspirate_send_bin(pgm, (const unsigned char*)accept_str, strlen(accept_str));
data/avrdude-6.3-20171130+svn1429/buspirate.c:1128:2: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(p->chip_erase_delay);
data/avrdude-6.3-20171130+svn1429/butterfly.c:233:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(20000);
data/avrdude-6.3-20171130+svn1429/butterfly.c:239:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(20000);
data/avrdude-6.3-20171130+svn1429/butterfly.c:241:4: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(80000);
data/avrdude-6.3-20171130+svn1429/butterfly.c:617:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000000);
data/avrdude-6.3-20171130+svn1429/config.c:241:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/avrdude-6.3-20171130+svn1429/fileio.c:204:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(rec);
data/avrdude-6.3-20171130+svn1429/fileio.c:301:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buffer);
data/avrdude-6.3-20171130+svn1429/fileio.c:502:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(rec);
data/avrdude-6.3-20171130+svn1429/fileio.c:590:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buffer);
data/avrdude-6.3-20171130+svn1429/fileio.c:1391:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((char *)buf);
data/avrdude-6.3-20171130+svn1429/ft245r.c:246:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(p->chip_erase_delay);
data/avrdude-6.3-20171130+svn1429/ft245r.c:336:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100);
data/avrdude-6.3-20171130+svn1429/ft245r.c:366:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1);
data/avrdude-6.3-20171130+svn1429/ft245r.c:400:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(20);
data/avrdude-6.3-20171130+svn1429/ft245r.c:430:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(5000); // 5ms
data/avrdude-6.3-20171130+svn1429/ft245r.c:432:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(5000); // 5ms
data/avrdude-6.3-20171130+svn1429/ft245r.c:438:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(20000); // 20ms
data/avrdude-6.3-20171130+svn1429/ft245r.c:554:10: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if ((sscanf(port, "usb:%8s", device) != 1)) {
data/avrdude-6.3-20171130+svn1429/ft245r.c:560:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(device) == 8 ){ // serial number
data/avrdude-6.3-20171130+svn1429/ft245r.c:573:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp("ft", device, 2) || strlen(device) <= 8) { // classic device number
data/avrdude-6.3-20171130+svn1429/ft245r.c:858:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(m->max_write_delay);
data/avrdude-6.3-20171130+svn1429/jtag3.c:1385:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(extended_param, "jtagchain=", strlen("jtagchain=")) == 0) {
data/avrdude-6.3-20171130+svn1429/jtag3.c:1894:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(mem->desc, "fuse", strlen("fuse")) == 0) {
data/avrdude-6.3-20171130+svn1429/jtag3.c:2043:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(mem->desc, "fuse", strlen("fuse")) == 0) {
data/avrdude-6.3-20171130+svn1429/jtag3.c:2352:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp(m->desc, "fuse", strlen("fuse")) == 0) {
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:685:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(pgm->type, "JTAG", strlen("JTAG")) == 0) {
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:687:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(pgm->type, "DRAGON", strlen("DRAGON")) == 0) {
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:1449:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(extended_param, "jtagchain=", strlen("jtagchain=")) == 0) {
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2252:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(mem->desc, "fuse", strlen("fuse")) == 0) {
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:2421:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(mem->desc, "fuse", strlen("fuse")) == 0) {
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:3061:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000000);
data/avrdude-6.3-20171130+svn1429/jtagmkII.c:3067:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50*1000);
data/avrdude-6.3-20171130+svn1429/linuxgpio.c:192:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(linuxgpio_fds[pin], &c, 1)!=1)
data/avrdude-6.3-20171130+svn1429/main.c:431:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(sys_config);
data/avrdude-6.3-20171130+svn1429/main.c:433:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(sys_config, "/");
data/avrdude-6.3-20171130+svn1429/main.c:440:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(usr_config);
data/avrdude-6.3-20171130+svn1429/main.c:442:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(usr_config, "/");
data/avrdude-6.3-20171130+svn1429/main.c:448:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(progname) + 2;
data/avrdude-6.3-20171130+svn1429/main.c:481:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int suffixlen = strlen(e);
data/avrdude-6.3-20171130+svn1429/main.c:544:11: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sys_config, optarg, PATH_MAX);
data/avrdude-6.3-20171130+svn1429/main.c:1044:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(waittime);
data/avrdude-6.3-20171130+svn1429/par.c:196:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/avrdude-6.3-20171130+svn1429/par.c:227:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1);
data/avrdude-6.3-20171130+svn1429/pickit2.c:470:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(p->chip_erase_delay);
data/avrdude-6.3-20171130+svn1429/pickit2.c:618:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(mem->max_write_delay);
data/avrdude-6.3-20171130+svn1429/pickit2.c:727:13: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(mem->max_write_delay);
data/avrdude-6.3-20171130+svn1429/pickit2.c:1209:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(extended_param, "clockrate=", strlen("clockrate=")) == 0)
data/avrdude-6.3-20171130+svn1429/pickit2.c:1230:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(extended_param, "timeout=", strlen("timeout=")) == 0)
data/avrdude-6.3-20171130+svn1429/pickit2.c:1310:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(pgm->type, "pickit2", sizeof(pgm->type));
data/avrdude-6.3-20171130+svn1429/pickit2.c:1334:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(pgm->type, "pickit2", sizeof(pgm->type));
data/avrdude-6.3-20171130+svn1429/ppiwin.c:377:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
int usleep(unsigned int us)
data/avrdude-6.3-20171130+svn1429/ser_posix.c:282:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(port, "net:", strlen("net:")) == 0) {
data/avrdude-6.3-20171130+svn1429/ser_posix.c:283:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return net_open(port + strlen("net:"), fdp);
data/avrdude-6.3-20171130+svn1429/ser_posix.c:412:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd->ifd, p, (buflen - len > 1024) ? 1024 : buflen - len);
data/avrdude-6.3-20171130+svn1429/ser_posix.c:487:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd->ifd, &buf, 1);
data/avrdude-6.3-20171130+svn1429/ser_win32.c:230:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(port, "net:", strlen("net:")) == 0) {
data/avrdude-6.3-20171130+svn1429/ser_win32.c:232:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return net_open(port + strlen("net:"), fdp);
data/avrdude-6.3-20171130+svn1429/ser_win32.c:241:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(port, "com", strlen("com")) == 0) {
data/avrdude-6.3-20171130+svn1429/ser_win32.c:244:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newname = malloc(strlen("\\\\.\\") + strlen(port) + 1);
data/avrdude-6.3-20171130+svn1429/ser_win32.c:244:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newname = malloc(strlen("\\\\.\\") + strlen(port) + 1);
data/avrdude-6.3-20171130+svn1429/ser_win32.c:570:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
DWORD read;
data/avrdude-6.3-20171130+svn1429/ser_win32.c:582:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!ReadFile(hComPort, buf, buflen, &read, NULL)) {
data/avrdude-6.3-20171130+svn1429/ser_win32.c:613:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read) {
data/avrdude-6.3-20171130+svn1429/ser_win32.c:637:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
DWORD read;
data/avrdude-6.3-20171130+svn1429/ser_win32.c:654:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
readres=ReadFile(hComPort, buf, 1, &read, NULL);
data/avrdude-6.3-20171130+svn1429/ser_win32.c:673:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read) { // data avail
data/avrdude-6.3-20171130+svn1429/stk500.c:204:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(p->chip_erase_delay);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:759:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (siglen >= strlen("STK500_2") &&
data/avrdude-6.3-20171130+svn1429/stk500v2.c:760:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcmp(resp + 3, "STK500_2", strlen("STK500_2")) == 0) {
data/avrdude-6.3-20171130+svn1429/stk500v2.c:762:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (siglen >= strlen("AVRISP_2") &&
data/avrdude-6.3-20171130+svn1429/stk500v2.c:763:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcmp(resp + 3, "AVRISP_2", strlen("AVRISP_2")) == 0) {
data/avrdude-6.3-20171130+svn1429/stk500v2.c:765:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (siglen >= strlen("AVRISP_MK2") &&
data/avrdude-6.3-20171130+svn1429/stk500v2.c:766:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcmp(resp + 3, "AVRISP_MK2", strlen("AVRISP_MK2")) == 0) {
data/avrdude-6.3-20171130+svn1429/stk500v2.c:768:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (siglen >= strlen("STK600") &&
data/avrdude-6.3-20171130+svn1429/stk500v2.c:769:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcmp(resp + 3, "STK600", strlen("STK600")) == 0) {
data/avrdude-6.3-20171130+svn1429/stk500v2.c:992:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(p->chip_erase_delay);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1020:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(p->chip_erase_delay);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:1320:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:2253:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000);
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3848:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(mem->desc, "lock", strlen("lock")) == 0) {
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3850:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(mem->desc, "fuse", strlen("fuse")) == 0) {
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3926:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(mem->desc, "fuse", strlen("fuse")) == 0) {
data/avrdude-6.3-20171130+svn1429/stk500v2.c:3928:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(mem->desc, "lock", strlen("lock")) == 0) {
data/avrdude-6.3-20171130+svn1429/stk500v2.c:4000:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(mem->desc, "fuse", strlen("fuse")) == 0) {
data/avrdude-6.3-20171130+svn1429/stk500v2.c:4002:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(mem->desc, "lock", strlen("lock")) == 0) {
data/avrdude-6.3-20171130+svn1429/stk500v2.c:4110:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(mem->desc, "fuse", strlen("fuse")) == 0) {
data/avrdude-6.3-20171130+svn1429/stk500v2.c:4113:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strncmp(mem->desc, "lock", strlen("lock")) == 0) {
data/avrdude-6.3-20171130+svn1429/term.c:252:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(prevmem, memtype, strlen(memtype)) != 0) {
data/avrdude-6.3-20171130+svn1429/term.c:255:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prevmem, memtype, sizeof(prevmem)-1);
data/avrdude-6.3-20171130+svn1429/term.c:792:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(s);
data/avrdude-6.3-20171130+svn1429/term.c:815:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(q);
data/avrdude-6.3-20171130+svn1429/term.c:865:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(argv[0]);
data/avrdude-6.3-20171130+svn1429/term.c:896:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((input != NULL) && (strlen(input) >= 1))
data/avrdude-6.3-20171130+svn1429/update.c:54:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
upd->filename = (char *)malloc(strlen(buf) + 1);
data/avrdude-6.3-20171130+svn1429/update.c:64:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
upd->memtype = (char *)malloc(strlen(buf)+1);
data/avrdude-6.3-20171130+svn1429/update.c:119:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fnlen = strlen(cp);
data/avrdude-6.3-20171130+svn1429/usb_hidapi.c:81:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen(cp2) - 1;
data/avrdude-6.3-20171130+svn1429/usb_hidapi.c:86:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(serno) > 12)
data/avrdude-6.3-20171130+svn1429/usb_hidapi.c:95:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t serlen = strlen(serno);
data/avrdude-6.3-20171130+svn1429/usb_hidapi.c:111:16: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t slen = wcslen(walk->serial_number);
data/avrdude-6.3-20171130+svn1429/usb_libusb.c:94:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen(cp2) - 1;
data/avrdude-6.3-20171130+svn1429/usb_libusb.c:99:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(serno) > 12)
data/avrdude-6.3-20171130+svn1429/usb_libusb.c:185:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen(string) - strlen(serno);
data/avrdude-6.3-20171130+svn1429/usb_libusb.c:185:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen(string) - strlen(serno);
data/avrdude-6.3-20171130+svn1429/usbasp.c:206:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(extended_param, "section_config", strlen("section_config")) == 0) {
data/avrdude-6.3-20171130+svn1429/usbasp.c:645:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100000);
data/avrdude-6.3-20171130+svn1429/usbasp.c:718:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(p->chip_erase_delay);
data/avrdude-6.3-20171130+svn1429/usbasp.c:1079:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(p->chip_erase_delay);
data/avrdude-6.3-20171130+svn1429/usbtiny.c:213:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t usb_len = strlen("usb");
data/avrdude-6.3-20171130+svn1429/usbtiny.c:354:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/avrdude-6.3-20171130+svn1429/usbtiny.c:364:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50000);
data/avrdude-6.3-20171130+svn1429/usbtiny.c:421:3: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep( p->chip_erase_delay );
data/avrdude-6.3-20171130+svn1429/windows/loaddrv.c:106:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, argv[3], MAX_PATH);
data/avrdude-6.3-20171130+svn1429/wiring.c:122:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(extended_param, "snooze=", strlen("snooze=")) == 0) {
data/avrdude-6.3-20171130+svn1429/wiring.c:164:7: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000);
data/avrdude-6.3-20171130+svn1429/wiring.c:177:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50*1000);
data/avrdude-6.3-20171130+svn1429/wiring.c:186:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(50*1000);
ANALYSIS SUMMARY:
Hits = 787
Lines analyzed = 45164 in approximately 1.21 seconds (37288 lines/second)
Physical Source Lines of Code (SLOC) = 31678
Hits@level = [0] 129 [1] 157 [2] 583 [3] 2 [4] 45 [5] 0
Hits@level+ = [0+] 916 [1+] 787 [2+] 630 [3+] 47 [4+] 45 [5+] 0
Hits/KSLOC@level+ = [0+] 28.916 [1+] 24.8437 [2+] 19.8876 [3+] 1.48368 [4+] 1.42054 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.