Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c
Examining data/balboa-2.0.0+ds/backend/balboa-mock/main.c
Examining data/balboa-2.0.0+ds/backend/balboa-mock/mock-impl.c
Examining data/balboa-2.0.0+ds/backend/balboa-mock/mock-impl.h
Examining data/balboa-2.0.0+ds/backend/balboa-mock/mpack-config.h
Examining data/balboa-2.0.0+ds/backend/balboa-rocksdb/rocksdb-impl.c
Examining data/balboa-2.0.0+ds/backend/balboa-rocksdb/rocksdb-impl.h
Examining data/balboa-2.0.0+ds/backend/balboa-rocksdb/main.c
Examining data/balboa-2.0.0+ds/backend/lib/alloc.h
Examining data/balboa-2.0.0+ds/backend/lib/bs.h
Examining data/balboa-2.0.0+ds/backend/lib/daemon.c
Examining data/balboa-2.0.0+ds/backend/lib/daemon.h
Examining data/balboa-2.0.0+ds/backend/lib/engine.c
Examining data/balboa-2.0.0+ds/backend/lib/engine.h
Examining data/balboa-2.0.0+ds/backend/lib/ketopt.h
Examining data/balboa-2.0.0+ds/backend/lib/mpack-config.h
Examining data/balboa-2.0.0+ds/backend/lib/mpack.c
Examining data/balboa-2.0.0+ds/backend/lib/mpack.h
Examining data/balboa-2.0.0+ds/backend/lib/protocol.h
Examining data/balboa-2.0.0+ds/backend/lib/trace.c
Examining data/balboa-2.0.0+ds/backend/lib/trace.h
Examining data/balboa-2.0.0+ds/backend/lib/protocol.c
FINAL RESULTS:
data/balboa-2.0.0+ds/backend/lib/mpack.c:64:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), format, args);
data/balboa-2.0.0+ds/backend/lib/mpack.c:74:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), format, args);
data/balboa-2.0.0+ds/backend/lib/mpack.h:1155:32: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define mpack_snprintf _snprintf
data/balboa-2.0.0+ds/backend/lib/mpack.h:1157:32: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define mpack_snprintf snprintf
data/balboa-2.0.0+ds/backend/lib/mpack.h:1166:42: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define mpack_log(...) (MPACK_EXPAND(printf(__VA_ARGS__), fflush(stdout)))
data/balboa-2.0.0+ds/backend/lib/trace.c:52:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(trace->config.stream, fmt, ap);
data/balboa-2.0.0+ds/backend/lib/trace.c:58:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(trace->config.stream, fmt, ap);
data/balboa-2.0.0+ds/backend/lib/trace.c:62:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(trace->config.stream, fmt, ap);
data/balboa-2.0.0+ds/backend/lib/trace.h:122:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 2, 3))) static inline void theTrace_output(
data/balboa-2.0.0+ds/backend/lib/trace.h:130:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__((format(printf, 1, 2))) static inline void theTrace_inject(
data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:79:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(dump_file, "rb");
data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:101:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64] = {0};
data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:179:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'p': engine_config.port = atoi(opt.arg); break;
data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:319:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int port = atoi(_port);
data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:413:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scrtch[1024];
data/balboa-2.0.0+ds/backend/balboa-mock/main.c:25:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'p': engine_config.port = atoi(opt.arg); break;
data/balboa-2.0.0+ds/backend/balboa-mock/main.c:27:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'j': engine_config.conn_throttle_limit = atoi(opt.arg); break;
data/balboa-2.0.0+ds/backend/balboa-rocksdb/main.c:75:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'p': engine_config.port = atoi(opt.arg); break;
data/balboa-2.0.0+ds/backend/balboa-rocksdb/main.c:77:51: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'j': engine_config.conn_throttle_limit = atoi(opt.arg); break;
data/balboa-2.0.0+ds/backend/balboa-rocksdb/main.c:82:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 302: rocksdb_config.parallelism = atoi(opt.arg); break;
data/balboa-2.0.0+ds/backend/balboa-rocksdb/main.c:83:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 303: rocksdb_config.max_log_file_size = atoi(opt.arg); break;
data/balboa-2.0.0+ds/backend/balboa-rocksdb/main.c:84:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 304: rocksdb_config.max_open_files = atoi(opt.arg); break;
data/balboa-2.0.0+ds/backend/balboa-rocksdb/main.c:85:50: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 305: rocksdb_config.keep_log_file_num = atoi(opt.arg); break;
data/balboa-2.0.0+ds/backend/balboa-rocksdb/rocksdb-impl.c:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scrtch_key[ROCKSDB_CONN_SCRTCH_SZ];
data/balboa-2.0.0+ds/backend/balboa-rocksdb/rocksdb-impl.c:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scrtch_inv[ROCKSDB_CONN_SCRTCH_SZ];
data/balboa-2.0.0+ds/backend/balboa-rocksdb/rocksdb-impl.c:643:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/balboa-2.0.0+ds/backend/balboa-rocksdb/rocksdb-impl.c:768:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[sizeof(uint32_t) * 3];
data/balboa-2.0.0+ds/backend/lib/daemon.c:33:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/null", O_RDWR);
data/balboa-2.0.0+ds/backend/lib/engine.h:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scrtch[ENGINE_CONN_SCRTCH_SZ];
data/balboa-2.0.0+ds/backend/lib/mpack.c:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/balboa-2.0.0+ds/backend/lib/mpack.c:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/balboa-2.0.0+ds/backend/lib/mpack.c:1180:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* file = fopen(filename, "wb");
data/balboa-2.0.0+ds/backend/lib/mpack.c:2218:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* file = fopen(filename, "rb");
data/balboa-2.0.0+ds/backend/lib/mpack.c:3077:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[12];
data/balboa-2.0.0+ds/backend/lib/mpack.c:3142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MPACK_PRINT_BYTE_COUNT];
data/balboa-2.0.0+ds/backend/lib/mpack.c:3223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/balboa-2.0.0+ds/backend/lib/mpack.c:3235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/balboa-2.0.0+ds/backend/lib/mpack.c:3273:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/balboa-2.0.0+ds/backend/lib/mpack.c:3288:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/balboa-2.0.0+ds/backend/lib/mpack.c:3302:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/balboa-2.0.0+ds/backend/lib/mpack.c:5184:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MPACK_BUFFER_SIZE];
data/balboa-2.0.0+ds/backend/lib/mpack.c:5292:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* file = fopen(filename, "rb");
data/balboa-2.0.0+ds/backend/lib/mpack.c:5444:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/balboa-2.0.0+ds/backend/lib/mpack.c:5473:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/balboa-2.0.0+ds/backend/lib/mpack.c:5487:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/balboa-2.0.0+ds/backend/lib/mpack.h:1086:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define mpack_memcpy memcpy
data/balboa-2.0.0+ds/backend/lib/mpack.h:1096:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#undef memcpy
data/balboa-2.0.0+ds/backend/lib/mpack.h:1103:28: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#pragma GCC poison memcpy
data/balboa-2.0.0+ds/backend/lib/protocol.c:62:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scrtch[PROTOCOL_SCRTCH_BUFFERS][PROTOCOL_SCRTCH_SZ];
data/balboa-2.0.0+ds/backend/lib/protocol.c:67:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char scrtch[PROTOCOL_SCRTCH_SZ];
data/balboa-2.0.0+ds/backend/lib/protocol.c:391:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[1] = {'\0'};
data/balboa-2.0.0+ds/backend/lib/protocol.c:507:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[64] = {'\0'};
data/balboa-2.0.0+ds/backend/lib/protocol.c:609:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[1] = {'\0'};
data/balboa-2.0.0+ds/backend/lib/protocol.c:665:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[1] = {'\0'};
data/balboa-2.0.0+ds/backend/lib/trace.c:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[128];
data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:115:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok += bs_cat(sink, buf, strlen(buf));
data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:118:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok += bs_cat(sink, buf, strlen(buf));
data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:121:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ok += bs_cat(sink, buf, strlen(buf));
data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:185:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query->qrdata_len = strlen(opt.arg);
data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:192:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query->qrrname_len = strlen(opt.arg);
data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:199:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
query->qsensorid_len = strlen(opt.arg);
data/balboa-2.0.0+ds/backend/balboa-backend-console/main.c:438:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rc = read(sock, scrtch, scrtch_sz);
data/balboa-2.0.0+ds/backend/balboa-mock/mock-impl.c:58:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e->sensorid_len = strlen(e->sensorid);
data/balboa-2.0.0+ds/backend/balboa-mock/mock-impl.c:62:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e->rrname_len = strlen(e->rrname);
data/balboa-2.0.0+ds/backend/lib/engine.c:225:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t rc = read(th->fd, p, p_sz);
data/balboa-2.0.0+ds/backend/lib/mpack.c:401:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(buffer, ">", buffer_size);
data/balboa-2.0.0+ds/backend/lib/mpack.c:405:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buffer, ": ", buffer_size);
data/balboa-2.0.0+ds/backend/lib/mpack.c:649:67: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mpack_error_t mpack_track_peek_element(mpack_track_t* track, bool read) {
data/balboa-2.0.0+ds/backend/lib/mpack.c:650:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
MPACK_UNUSED(read);
data/balboa-2.0.0+ds/backend/lib/mpack.c:660:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mpack_break("elements cannot be %s within an %s", read ? "read" : "written",
data/balboa-2.0.0+ds/backend/lib/mpack.c:666:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mpack_break("too many elements %s for %s", read ? "read" : "written",
data/balboa-2.0.0+ds/backend/lib/mpack.c:674:62: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mpack_error_t mpack_track_element(mpack_track_t* track, bool read) {
data/balboa-2.0.0+ds/backend/lib/mpack.c:675:59: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mpack_error_t error = mpack_track_peek_element(track, read);
data/balboa-2.0.0+ds/backend/lib/mpack.c:681:60: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mpack_error_t mpack_track_bytes(mpack_track_t* track, bool read, uint64_t count) {
data/balboa-2.0.0+ds/backend/lib/mpack.c:682:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
MPACK_UNUSED(read);
data/balboa-2.0.0+ds/backend/lib/mpack.c:686:72: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mpack_break("bytes cannot be %s with no open bin, str or ext", read ? "read" : "written");
data/balboa-2.0.0+ds/backend/lib/mpack.c:693:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mpack_break("bytes cannot be %s within an %s", read ? "read" : "written",
data/balboa-2.0.0+ds/backend/lib/mpack.c:699:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mpack_break("too many bytes %s for %s", read ? "read" : "written",
data/balboa-2.0.0+ds/backend/lib/mpack.c:708:68: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mpack_error_t mpack_track_str_bytes_all(mpack_track_t* track, bool read, uint64_t count) {
data/balboa-2.0.0+ds/backend/lib/mpack.c:709:52: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mpack_error_t error = mpack_track_bytes(track, read, count);
data/balboa-2.0.0+ds/backend/lib/mpack.c:2288:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count += read;
data/balboa-2.0.0+ds/backend/lib/mpack.c:2331:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader->end += read;
data/balboa-2.0.0+ds/backend/lib/mpack.c:2398:40: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader->end = reader->buffer + read;
data/balboa-2.0.0+ds/backend/lib/mpack.c:2474:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read < count) {
data/balboa-2.0.0+ds/backend/lib/mpack.c:2478:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader->end = reader->data + read;
data/balboa-2.0.0+ds/backend/lib/mpack.c:2479:74: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mpack_log("filled %i bytes into buffer; discarding %i bytes\n", (int)read, (int)count);
data/balboa-2.0.0+ds/backend/lib/mpack.c:3128:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mpack_read_bytes(reader, buffer, read);
data/balboa-2.0.0+ds/backend/lib/mpack.c:3132:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mpack_skip_bytes(reader, length - read);
data/balboa-2.0.0+ds/backend/lib/mpack.c:3133:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/balboa-2.0.0+ds/backend/lib/mpack.c:4256:53: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mpack_log("read %u more bytes\n", (uint32_t)read);
data/balboa-2.0.0+ds/backend/lib/mpack.c:4257:30: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tree->data_length += read;
data/balboa-2.0.0+ds/backend/lib/mpack.c:4258:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tree->parser.possible_nodes_left += read;
data/balboa-2.0.0+ds/backend/lib/mpack.c:5233:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read <= 0) {
data/balboa-2.0.0+ds/backend/lib/mpack.c:5238:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
total += (long)read;
data/balboa-2.0.0+ds/backend/lib/mpack.h:1090:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define mpack_strlen strlen
data/balboa-2.0.0+ds/backend/lib/mpack.h:1099:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#undef strlen
data/balboa-2.0.0+ds/backend/lib/mpack.h:1106:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#pragma GCC poison strlen
data/balboa-2.0.0+ds/backend/lib/mpack.h:2224:62: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mpack_error_t mpack_track_element(mpack_track_t* track, bool read);
data/balboa-2.0.0+ds/backend/lib/mpack.h:2225:67: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mpack_error_t mpack_track_peek_element(mpack_track_t* track, bool read);
data/balboa-2.0.0+ds/backend/lib/mpack.h:2226:60: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mpack_error_t mpack_track_bytes(mpack_track_t* track, bool read, uint64_t count);
data/balboa-2.0.0+ds/backend/lib/mpack.h:2227:68: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mpack_error_t mpack_track_str_bytes_all(mpack_track_t* track, bool read, uint64_t count);
ANALYSIS SUMMARY:
Hits = 101
Lines analyzed = 18687 in approximately 0.50 seconds (37040 lines/second)
Physical Source Lines of Code (SLOC) = 10605
Hits@level = [0] 21 [1] 46 [2] 45 [3] 0 [4] 10 [5] 0
Hits@level+ = [0+] 122 [1+] 101 [2+] 55 [3+] 10 [4+] 10 [5+] 0
Hits/KSLOC@level+ = [0+] 11.504 [1+] 9.52381 [2+] 5.18623 [3+] 0.942951 [4+] 0.942951 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.