Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c Examining data/balboa-2.0.0+ds/backend/balboa-mock/main.c Examining data/balboa-2.0.0+ds/backend/balboa-mock/mock-impl.c Examining data/balboa-2.0.0+ds/backend/balboa-mock/mock-impl.h Examining data/balboa-2.0.0+ds/backend/balboa-mock/mpack-config.h Examining data/balboa-2.0.0+ds/backend/balboa-rocksdb/rocksdb-impl.c Examining data/balboa-2.0.0+ds/backend/balboa-rocksdb/rocksdb-impl.h Examining data/balboa-2.0.0+ds/backend/balboa-rocksdb/main.c Examining data/balboa-2.0.0+ds/backend/lib/alloc.h Examining data/balboa-2.0.0+ds/backend/lib/bs.h Examining data/balboa-2.0.0+ds/backend/lib/daemon.c Examining data/balboa-2.0.0+ds/backend/lib/daemon.h Examining data/balboa-2.0.0+ds/backend/lib/engine.c Examining data/balboa-2.0.0+ds/backend/lib/engine.h Examining data/balboa-2.0.0+ds/backend/lib/ketopt.h Examining data/balboa-2.0.0+ds/backend/lib/mpack-config.h Examining data/balboa-2.0.0+ds/backend/lib/mpack.c Examining data/balboa-2.0.0+ds/backend/lib/mpack.h Examining data/balboa-2.0.0+ds/backend/lib/protocol.h Examining data/balboa-2.0.0+ds/backend/lib/trace.c Examining data/balboa-2.0.0+ds/backend/lib/trace.h Examining data/balboa-2.0.0+ds/backend/lib/protocol.c FINAL RESULTS: data/balboa-2.0.0+ds/backend/lib/mpack.c:64:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buffer, sizeof(buffer), format, args); data/balboa-2.0.0+ds/backend/lib/mpack.c:74:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buffer, sizeof(buffer), format, args); data/balboa-2.0.0+ds/backend/lib/mpack.h:1155:32: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define mpack_snprintf _snprintf data/balboa-2.0.0+ds/backend/lib/mpack.h:1157:32: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define mpack_snprintf snprintf data/balboa-2.0.0+ds/backend/lib/mpack.h:1166:42: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define mpack_log(...) (MPACK_EXPAND(printf(__VA_ARGS__), fflush(stdout))) data/balboa-2.0.0+ds/backend/lib/trace.c:52:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(trace->config.stream, fmt, ap); data/balboa-2.0.0+ds/backend/lib/trace.c:58:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(trace->config.stream, fmt, ap); data/balboa-2.0.0+ds/backend/lib/trace.c:62:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(trace->config.stream, fmt, ap); data/balboa-2.0.0+ds/backend/lib/trace.h:122:23: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 2, 3))) static inline void theTrace_output( data/balboa-2.0.0+ds/backend/lib/trace.h:130:23: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__((format(printf, 1, 2))) static inline void theTrace_inject( data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:79:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(dump_file, "rb"); data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:101:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64] = {0}; data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:179:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'p': engine_config.port = atoi(opt.arg); break; data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:319:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int port = atoi(_port); data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:413:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scrtch[1024]; data/balboa-2.0.0+ds/backend/balboa-mock/main.c:25:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'p': engine_config.port = atoi(opt.arg); break; data/balboa-2.0.0+ds/backend/balboa-mock/main.c:27:51: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'j': engine_config.conn_throttle_limit = atoi(opt.arg); break; data/balboa-2.0.0+ds/backend/balboa-rocksdb/main.c:75:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'p': engine_config.port = atoi(opt.arg); break; data/balboa-2.0.0+ds/backend/balboa-rocksdb/main.c:77:51: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 'j': engine_config.conn_throttle_limit = atoi(opt.arg); break; data/balboa-2.0.0+ds/backend/balboa-rocksdb/main.c:82:44: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 302: rocksdb_config.parallelism = atoi(opt.arg); break; data/balboa-2.0.0+ds/backend/balboa-rocksdb/main.c:83:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 303: rocksdb_config.max_log_file_size = atoi(opt.arg); break; data/balboa-2.0.0+ds/backend/balboa-rocksdb/main.c:84:47: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 304: rocksdb_config.max_open_files = atoi(opt.arg); break; data/balboa-2.0.0+ds/backend/balboa-rocksdb/main.c:85:50: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). case 305: rocksdb_config.keep_log_file_num = atoi(opt.arg); break; data/balboa-2.0.0+ds/backend/balboa-rocksdb/rocksdb-impl.c:40:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scrtch_key[ROCKSDB_CONN_SCRTCH_SZ]; data/balboa-2.0.0+ds/backend/balboa-rocksdb/rocksdb-impl.c:41:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scrtch_inv[ROCKSDB_CONN_SCRTCH_SZ]; data/balboa-2.0.0+ds/backend/balboa-rocksdb/rocksdb-impl.c:643:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[256]; data/balboa-2.0.0+ds/backend/balboa-rocksdb/rocksdb-impl.c:768:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char val[sizeof(uint32_t) * 3]; data/balboa-2.0.0+ds/backend/lib/daemon.c:33:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open("/dev/null", O_RDWR); data/balboa-2.0.0+ds/backend/lib/engine.h:78:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scrtch[ENGINE_CONN_SCRTCH_SZ]; data/balboa-2.0.0+ds/backend/lib/mpack.c:61:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/balboa-2.0.0+ds/backend/lib/mpack.c:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/balboa-2.0.0+ds/backend/lib/mpack.c:1180:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* file = fopen(filename, "wb"); data/balboa-2.0.0+ds/backend/lib/mpack.c:2218:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* file = fopen(filename, "rb"); data/balboa-2.0.0+ds/backend/lib/mpack.c:3077:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[12]; data/balboa-2.0.0+ds/backend/lib/mpack.c:3142:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MPACK_PRINT_BYTE_COUNT]; data/balboa-2.0.0+ds/backend/lib/mpack.c:3223:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/balboa-2.0.0+ds/backend/lib/mpack.c:3235:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/balboa-2.0.0+ds/backend/lib/mpack.c:3273:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/balboa-2.0.0+ds/backend/lib/mpack.c:3288:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/balboa-2.0.0+ds/backend/lib/mpack.c:3302:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/balboa-2.0.0+ds/backend/lib/mpack.c:5184:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[MPACK_BUFFER_SIZE]; data/balboa-2.0.0+ds/backend/lib/mpack.c:5292:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* file = fopen(filename, "rb"); data/balboa-2.0.0+ds/backend/lib/mpack.c:5444:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/balboa-2.0.0+ds/backend/lib/mpack.c:5473:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/balboa-2.0.0+ds/backend/lib/mpack.c:5487:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/balboa-2.0.0+ds/backend/lib/mpack.h:1086:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define mpack_memcpy memcpy data/balboa-2.0.0+ds/backend/lib/mpack.h:1096:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #undef memcpy data/balboa-2.0.0+ds/backend/lib/mpack.h:1103:28: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #pragma GCC poison memcpy data/balboa-2.0.0+ds/backend/lib/protocol.c:62:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scrtch[PROTOCOL_SCRTCH_BUFFERS][PROTOCOL_SCRTCH_SZ]; data/balboa-2.0.0+ds/backend/lib/protocol.c:67:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char scrtch[PROTOCOL_SCRTCH_SZ]; data/balboa-2.0.0+ds/backend/lib/protocol.c:391:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[1] = {'\0'}; data/balboa-2.0.0+ds/backend/lib/protocol.c:507:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[64] = {'\0'}; data/balboa-2.0.0+ds/backend/lib/protocol.c:609:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[1] = {'\0'}; data/balboa-2.0.0+ds/backend/lib/protocol.c:665:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[1] = {'\0'}; data/balboa-2.0.0+ds/backend/lib/trace.c:41:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[128]; data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:115:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok += bs_cat(sink, buf, strlen(buf)); data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:118:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok += bs_cat(sink, buf, strlen(buf)); data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:121:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ok += bs_cat(sink, buf, strlen(buf)); data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:185:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). query->qrdata_len = strlen(opt.arg); data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:192:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). query->qrrname_len = strlen(opt.arg); data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:199:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). query->qsensorid_len = strlen(opt.arg); data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:438:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t rc = read(sock, scrtch, scrtch_sz); data/balboa-2.0.0+ds/backend/balboa-mock/mock-impl.c:58:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). e->sensorid_len = strlen(e->sensorid); data/balboa-2.0.0+ds/backend/balboa-mock/mock-impl.c:62:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). e->rrname_len = strlen(e->rrname); data/balboa-2.0.0+ds/backend/lib/engine.c:225:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t rc = read(th->fd, p, p_sz); data/balboa-2.0.0+ds/backend/lib/mpack.c:401:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant character. strncpy(buffer, ">", buffer_size); data/balboa-2.0.0+ds/backend/lib/mpack.c:405:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, ": ", buffer_size); data/balboa-2.0.0+ds/backend/lib/mpack.c:649:67: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mpack_error_t mpack_track_peek_element(mpack_track_t* track, bool read) { data/balboa-2.0.0+ds/backend/lib/mpack.c:650:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). MPACK_UNUSED(read); data/balboa-2.0.0+ds/backend/lib/mpack.c:660:59: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mpack_break("elements cannot be %s within an %s", read ? "read" : "written", data/balboa-2.0.0+ds/backend/lib/mpack.c:666:52: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mpack_break("too many elements %s for %s", read ? "read" : "written", data/balboa-2.0.0+ds/backend/lib/mpack.c:674:62: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mpack_error_t mpack_track_element(mpack_track_t* track, bool read) { data/balboa-2.0.0+ds/backend/lib/mpack.c:675:59: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mpack_error_t error = mpack_track_peek_element(track, read); data/balboa-2.0.0+ds/backend/lib/mpack.c:681:60: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mpack_error_t mpack_track_bytes(mpack_track_t* track, bool read, uint64_t count) { data/balboa-2.0.0+ds/backend/lib/mpack.c:682:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). MPACK_UNUSED(read); data/balboa-2.0.0+ds/backend/lib/mpack.c:686:72: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mpack_break("bytes cannot be %s with no open bin, str or ext", read ? "read" : "written"); data/balboa-2.0.0+ds/backend/lib/mpack.c:693:56: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mpack_break("bytes cannot be %s within an %s", read ? "read" : "written", data/balboa-2.0.0+ds/backend/lib/mpack.c:699:49: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mpack_break("too many bytes %s for %s", read ? "read" : "written", data/balboa-2.0.0+ds/backend/lib/mpack.c:708:68: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mpack_error_t mpack_track_str_bytes_all(mpack_track_t* track, bool read, uint64_t count) { data/balboa-2.0.0+ds/backend/lib/mpack.c:709:52: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mpack_error_t error = mpack_track_bytes(track, read, count); data/balboa-2.0.0+ds/backend/lib/mpack.c:2288:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). count += read; data/balboa-2.0.0+ds/backend/lib/mpack.c:2331:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader->end += read; data/balboa-2.0.0+ds/backend/lib/mpack.c:2398:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader->end = reader->buffer + read; data/balboa-2.0.0+ds/backend/lib/mpack.c:2474:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read < count) { data/balboa-2.0.0+ds/backend/lib/mpack.c:2478:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader->end = reader->data + read; data/balboa-2.0.0+ds/backend/lib/mpack.c:2479:74: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mpack_log("filled %i bytes into buffer; discarding %i bytes\n", (int)read, (int)count); data/balboa-2.0.0+ds/backend/lib/mpack.c:3128:38: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mpack_read_bytes(reader, buffer, read); data/balboa-2.0.0+ds/backend/lib/mpack.c:3132:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mpack_skip_bytes(reader, length - read); data/balboa-2.0.0+ds/backend/lib/mpack.c:3133:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/balboa-2.0.0+ds/backend/lib/mpack.c:4256:53: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mpack_log("read %u more bytes\n", (uint32_t)read); data/balboa-2.0.0+ds/backend/lib/mpack.c:4257:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). tree->data_length += read; data/balboa-2.0.0+ds/backend/lib/mpack.c:4258:45: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). tree->parser.possible_nodes_left += read; data/balboa-2.0.0+ds/backend/lib/mpack.c:5233:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read <= 0) { data/balboa-2.0.0+ds/backend/lib/mpack.c:5238:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). total += (long)read; data/balboa-2.0.0+ds/backend/lib/mpack.h:1090:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define mpack_strlen strlen data/balboa-2.0.0+ds/backend/lib/mpack.h:1099:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #undef strlen data/balboa-2.0.0+ds/backend/lib/mpack.h:1106:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #pragma GCC poison strlen data/balboa-2.0.0+ds/backend/lib/mpack.h:2224:62: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mpack_error_t mpack_track_element(mpack_track_t* track, bool read); data/balboa-2.0.0+ds/backend/lib/mpack.h:2225:67: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mpack_error_t mpack_track_peek_element(mpack_track_t* track, bool read); data/balboa-2.0.0+ds/backend/lib/mpack.h:2226:60: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mpack_error_t mpack_track_bytes(mpack_track_t* track, bool read, uint64_t count); data/balboa-2.0.0+ds/backend/lib/mpack.h:2227:68: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). mpack_error_t mpack_track_str_bytes_all(mpack_track_t* track, bool read, uint64_t count); ANALYSIS SUMMARY: Hits = 101 Lines analyzed = 18687 in approximately 0.50 seconds (37040 lines/second) Physical Source Lines of Code (SLOC) = 10605 Hits@level = [0] 21 [1] 46 [2] 45 [3] 0 [4] 10 [5] 0 Hits@level+ = [0+] 122 [1+] 101 [2+] 55 [3+] 10 [4+] 10 [5+] 0 Hits/KSLOC@level+ = [0+] 11.504 [1+] 9.52381 [2+] 5.18623 [3+] 0.942951 [4+] 0.942951 [5+] 0 Dot directories skipped = 2 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.