Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/capstone-4.0.1+really+3.0.5/LEB128.h Examining data/capstone-4.0.1+really+3.0.5/MCDisassembler.h Examining data/capstone-4.0.1+really+3.0.5/MCFixedLenDisassembler.h Examining data/capstone-4.0.1+really+3.0.5/MCInst.c Examining data/capstone-4.0.1+really+3.0.5/MCInst.h Examining data/capstone-4.0.1+really+3.0.5/MCInstrDesc.c Examining data/capstone-4.0.1+really+3.0.5/MCInstrDesc.h Examining data/capstone-4.0.1+really+3.0.5/MCRegisterInfo.c Examining data/capstone-4.0.1+really+3.0.5/MCRegisterInfo.h Examining data/capstone-4.0.1+really+3.0.5/MathExtras.h Examining data/capstone-4.0.1+really+3.0.5/SStream.c Examining data/capstone-4.0.1+really+3.0.5/SStream.h Examining data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64AddressingModes.h Examining data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64BaseInfo.c Examining data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64BaseInfo.h Examining data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64Disassembler.c Examining data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64Disassembler.h Examining data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64InstPrinter.c Examining data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64InstPrinter.h Examining data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64Mapping.c Examining data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64Mapping.h Examining data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64Module.c Examining data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64Module.h Examining data/capstone-4.0.1+really+3.0.5/arch/ARM/ARMAddressingModes.h Examining data/capstone-4.0.1+really+3.0.5/arch/ARM/ARMBaseInfo.h Examining data/capstone-4.0.1+really+3.0.5/arch/ARM/ARMDisassembler.c Examining data/capstone-4.0.1+really+3.0.5/arch/ARM/ARMDisassembler.h Examining data/capstone-4.0.1+really+3.0.5/arch/ARM/ARMInstPrinter.c Examining data/capstone-4.0.1+really+3.0.5/arch/ARM/ARMInstPrinter.h Examining data/capstone-4.0.1+really+3.0.5/arch/ARM/ARMMapping.c Examining data/capstone-4.0.1+really+3.0.5/arch/ARM/ARMMapping.h Examining data/capstone-4.0.1+really+3.0.5/arch/ARM/ARMModule.c Examining data/capstone-4.0.1+really+3.0.5/arch/ARM/ARMModule.h Examining data/capstone-4.0.1+really+3.0.5/arch/Mips/MipsDisassembler.c Examining data/capstone-4.0.1+really+3.0.5/arch/Mips/MipsDisassembler.h Examining data/capstone-4.0.1+really+3.0.5/arch/Mips/MipsInstPrinter.c Examining data/capstone-4.0.1+really+3.0.5/arch/Mips/MipsInstPrinter.h Examining data/capstone-4.0.1+really+3.0.5/arch/Mips/MipsMapping.c Examining data/capstone-4.0.1+really+3.0.5/arch/Mips/MipsMapping.h Examining data/capstone-4.0.1+really+3.0.5/arch/Mips/MipsModule.c Examining data/capstone-4.0.1+really+3.0.5/arch/Mips/MipsModule.h Examining data/capstone-4.0.1+really+3.0.5/arch/PowerPC/PPCDisassembler.c Examining data/capstone-4.0.1+really+3.0.5/arch/PowerPC/PPCDisassembler.h Examining data/capstone-4.0.1+really+3.0.5/arch/PowerPC/PPCInstPrinter.c Examining data/capstone-4.0.1+really+3.0.5/arch/PowerPC/PPCInstPrinter.h Examining data/capstone-4.0.1+really+3.0.5/arch/PowerPC/PPCMapping.c Examining data/capstone-4.0.1+really+3.0.5/arch/PowerPC/PPCMapping.h Examining data/capstone-4.0.1+really+3.0.5/arch/PowerPC/PPCModule.c Examining data/capstone-4.0.1+really+3.0.5/arch/PowerPC/PPCModule.h Examining data/capstone-4.0.1+really+3.0.5/arch/PowerPC/PPCPredicates.h Examining data/capstone-4.0.1+really+3.0.5/arch/Sparc/Sparc.h Examining data/capstone-4.0.1+really+3.0.5/arch/Sparc/SparcDisassembler.c Examining data/capstone-4.0.1+really+3.0.5/arch/Sparc/SparcDisassembler.h Examining data/capstone-4.0.1+really+3.0.5/arch/Sparc/SparcInstPrinter.c Examining data/capstone-4.0.1+really+3.0.5/arch/Sparc/SparcInstPrinter.h Examining data/capstone-4.0.1+really+3.0.5/arch/Sparc/SparcMapping.c Examining data/capstone-4.0.1+really+3.0.5/arch/Sparc/SparcMapping.h Examining data/capstone-4.0.1+really+3.0.5/arch/Sparc/SparcModule.c Examining data/capstone-4.0.1+really+3.0.5/arch/Sparc/SparcModule.h Examining data/capstone-4.0.1+really+3.0.5/arch/SystemZ/SystemZDisassembler.c Examining data/capstone-4.0.1+really+3.0.5/arch/SystemZ/SystemZDisassembler.h Examining data/capstone-4.0.1+really+3.0.5/arch/SystemZ/SystemZInstPrinter.c Examining data/capstone-4.0.1+really+3.0.5/arch/SystemZ/SystemZInstPrinter.h Examining data/capstone-4.0.1+really+3.0.5/arch/SystemZ/SystemZMCTargetDesc.c Examining data/capstone-4.0.1+really+3.0.5/arch/SystemZ/SystemZMCTargetDesc.h Examining data/capstone-4.0.1+really+3.0.5/arch/SystemZ/SystemZMapping.c Examining data/capstone-4.0.1+really+3.0.5/arch/SystemZ/SystemZMapping.h Examining data/capstone-4.0.1+really+3.0.5/arch/SystemZ/SystemZModule.c Examining data/capstone-4.0.1+really+3.0.5/arch/SystemZ/SystemZModule.h Examining data/capstone-4.0.1+really+3.0.5/arch/X86/X86ATTInstPrinter.c Examining data/capstone-4.0.1+really+3.0.5/arch/X86/X86BaseInfo.h Examining data/capstone-4.0.1+really+3.0.5/arch/X86/X86Disassembler.c Examining data/capstone-4.0.1+really+3.0.5/arch/X86/X86Disassembler.h Examining data/capstone-4.0.1+really+3.0.5/arch/X86/X86DisassemblerDecoder.c Examining data/capstone-4.0.1+really+3.0.5/arch/X86/X86DisassemblerDecoder.h Examining data/capstone-4.0.1+really+3.0.5/arch/X86/X86DisassemblerDecoderCommon.h Examining data/capstone-4.0.1+really+3.0.5/arch/X86/X86InstPrinter.h Examining data/capstone-4.0.1+really+3.0.5/arch/X86/X86IntelInstPrinter.c Examining data/capstone-4.0.1+really+3.0.5/arch/X86/X86Mapping.c Examining data/capstone-4.0.1+really+3.0.5/arch/X86/X86Mapping.h Examining data/capstone-4.0.1+really+3.0.5/arch/X86/X86Module.c Examining data/capstone-4.0.1+really+3.0.5/arch/X86/X86Module.h Examining data/capstone-4.0.1+really+3.0.5/arch/XCore/XCoreDisassembler.c Examining data/capstone-4.0.1+really+3.0.5/arch/XCore/XCoreDisassembler.h Examining data/capstone-4.0.1+really+3.0.5/arch/XCore/XCoreInstPrinter.c Examining data/capstone-4.0.1+really+3.0.5/arch/XCore/XCoreInstPrinter.h Examining data/capstone-4.0.1+really+3.0.5/arch/XCore/XCoreMapping.c Examining data/capstone-4.0.1+really+3.0.5/arch/XCore/XCoreMapping.h Examining data/capstone-4.0.1+really+3.0.5/arch/XCore/XCoreModule.c Examining data/capstone-4.0.1+really+3.0.5/arch/XCore/XCoreModule.h Examining data/capstone-4.0.1+really+3.0.5/bindings/ocaml/ocaml.c Examining data/capstone-4.0.1+really+3.0.5/bindings/vb6/vbCapstone.cpp Examining data/capstone-4.0.1+really+3.0.5/contrib/cs_driver/cs_driver/cs_driver.c Examining data/capstone-4.0.1+really+3.0.5/contrib/windows_kernel/libc.cpp Examining data/capstone-4.0.1+really+3.0.5/contrib/windows_kernel/libc.h Examining data/capstone-4.0.1+really+3.0.5/cs.c Examining data/capstone-4.0.1+really+3.0.5/cs_priv.h Examining data/capstone-4.0.1+really+3.0.5/cstool/cstool.c Examining data/capstone-4.0.1+really+3.0.5/cstool/cstool_arm.c Examining data/capstone-4.0.1+really+3.0.5/cstool/cstool_arm64.c Examining data/capstone-4.0.1+really+3.0.5/cstool/cstool_mips.c Examining data/capstone-4.0.1+really+3.0.5/cstool/cstool_ppc.c Examining data/capstone-4.0.1+really+3.0.5/cstool/cstool_sparc.c Examining data/capstone-4.0.1+really+3.0.5/cstool/cstool_systemz.c Examining data/capstone-4.0.1+really+3.0.5/cstool/cstool_x86.c Examining data/capstone-4.0.1+really+3.0.5/cstool/cstool_xcore.c Examining data/capstone-4.0.1+really+3.0.5/include/arm.h Examining data/capstone-4.0.1+really+3.0.5/include/arm64.h Examining data/capstone-4.0.1+really+3.0.5/include/capstone.h Examining data/capstone-4.0.1+really+3.0.5/include/mips.h Examining data/capstone-4.0.1+really+3.0.5/include/platform.h Examining data/capstone-4.0.1+really+3.0.5/include/ppc.h Examining data/capstone-4.0.1+really+3.0.5/include/sparc.h Examining data/capstone-4.0.1+really+3.0.5/include/systemz.h Examining data/capstone-4.0.1+really+3.0.5/include/x86.h Examining data/capstone-4.0.1+really+3.0.5/include/xcore.h Examining data/capstone-4.0.1+really+3.0.5/suite/arm/test_arm_regression.c Examining data/capstone-4.0.1+really+3.0.5/suite/benchmark/test_iter_benchmark.c Examining data/capstone-4.0.1+really+3.0.5/suite/fuzz/fuzz_disasm.c Examining data/capstone-4.0.1+really+3.0.5/suite/fuzz/fuzz_harness.c Examining data/capstone-4.0.1+really+3.0.5/suite/fuzz/onefile.c Examining data/capstone-4.0.1+really+3.0.5/suite/regress/invalid_read_in_print_operand.c Examining data/capstone-4.0.1+really+3.0.5/tests/test_arm.c Examining data/capstone-4.0.1+really+3.0.5/tests/test_arm64.c Examining data/capstone-4.0.1+really+3.0.5/tests/test_basic.c Examining data/capstone-4.0.1+really+3.0.5/tests/test_detail.c Examining data/capstone-4.0.1+really+3.0.5/tests/test_iter.c Examining data/capstone-4.0.1+really+3.0.5/tests/test_mips.c Examining data/capstone-4.0.1+really+3.0.5/tests/test_ppc.c Examining data/capstone-4.0.1+really+3.0.5/tests/test_skipdata.c Examining data/capstone-4.0.1+really+3.0.5/tests/test_sparc.c Examining data/capstone-4.0.1+really+3.0.5/tests/test_systemz.c Examining data/capstone-4.0.1+really+3.0.5/tests/test_winkernel.cpp Examining data/capstone-4.0.1+really+3.0.5/tests/test_x86.c Examining data/capstone-4.0.1+really+3.0.5/tests/test_xcore.c Examining data/capstone-4.0.1+really+3.0.5/utils.c Examining data/capstone-4.0.1+really+3.0.5/utils.h Examining data/capstone-4.0.1+really+3.0.5/windows/winkernel_mm.c Examining data/capstone-4.0.1+really+3.0.5/windows/winkernel_mm.h FINAL RESULTS: data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64BaseInfo.c:641:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, SysRegPairs[i].Name); data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64BaseInfo.c:652:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, CycloneSysRegPairs[i].Name); data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64BaseInfo.c:663:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, S->InstPairs[i].Name); data/capstone-4.0.1+really+3.0.5/arch/XCore/XCoreInstPrinter.c:54:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(tmp, code); // safe because code is way shorter than 128 bytes data/capstone-4.0.1+really+3.0.5/contrib/cs_driver/cs_driver/cs_driver.c:91:36: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. _Use_decl_annotations_ int __cdecl printf(const char *_Format, ...) { data/capstone-4.0.1+really+3.0.5/contrib/windows_kernel/libc.cpp:134:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. __cdecl vsnprintf( data/capstone-4.0.1+really+3.0.5/contrib/windows_kernel/libc.h:39:13: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. int __cdecl vsnprintf(char *buffer, size_t count, data/capstone-4.0.1+really+3.0.5/cs.c:255:31: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. cs_vsnprintf_t cs_vsnprintf = vsnprintf; data/capstone-4.0.1+really+3.0.5/cs.c:276:31: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. cs_vsnprintf_t cs_vsnprintf = vsnprintf; data/capstone-4.0.1+really+3.0.5/cs.c:546:23: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. cs_vsnprintf = mem->vsnprintf; data/capstone-4.0.1+really+3.0.5/include/capstone.h:127:17: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. cs_vsnprintf_t vsnprintf; data/capstone-4.0.1+really+3.0.5/suite/arm/test_arm_regression.c:7:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/capstone-4.0.1+really+3.0.5/suite/arm/test_arm_regression.c:7:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/capstone-4.0.1+really+3.0.5/suite/arm/test_arm_regression.c:54:10: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. used = snprintf(buf + *cur, *left, __VA_ARGS__); \ data/capstone-4.0.1+really+3.0.5/suite/arm/test_arm_regression.c:315:11: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. used = snprintf(tmp_buf + cur, left, __VA_ARGS__); \ data/capstone-4.0.1+really+3.0.5/tests/test_winkernel.cpp:151:13: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. int __cdecl printf(const char * format, ...) data/capstone-4.0.1+really+3.0.5/SStream.c:39:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ss->buffer + ss->index, s, len); data/capstone-4.0.1+really+3.0.5/SStream.h:8:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64BaseInfo.c:83:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Buffer[22]; data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64Disassembler.c:707:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[128]; data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64Disassembler.c:722:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[128]; data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64InstPrinter.c:1151:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Suffix[32]; data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64InstPrinter.c:1314:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Name[128]; data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64InstPrinter.c:1332:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Name[128]; data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64Mapping.c:14286:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->regs_read, insns[i].regs_use, sizeof(insns[i].regs_use)); data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64Mapping.c:14289:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->regs_write, insns[i].regs_mod, sizeof(insns[i].regs_mod)); data/capstone-4.0.1+really+3.0.5/arch/AArch64/AArch64Mapping.c:14292:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->groups, insns[i].groups, sizeof(insns[i].groups)); data/capstone-4.0.1+really+3.0.5/arch/ARM/ARMDisassembler.c:463:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bytes, code, 4); data/capstone-4.0.1+really+3.0.5/arch/ARM/ARMDisassembler.c:705:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bytes, code, 2); data/capstone-4.0.1+really+3.0.5/arch/ARM/ARMDisassembler.c:758:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bytes, code, 4); data/capstone-4.0.1+really+3.0.5/arch/ARM/ARMMapping.c:13557:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->regs_read, insns[i].regs_use, sizeof(insns[i].regs_use)); data/capstone-4.0.1+really+3.0.5/arch/ARM/ARMMapping.c:13560:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->regs_write, insns[i].regs_mod, sizeof(insns[i].regs_mod)); data/capstone-4.0.1+really+3.0.5/arch/ARM/ARMMapping.c:13563:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->groups, insns[i].groups, sizeof(insns[i].groups)); data/capstone-4.0.1+really+3.0.5/arch/Mips/MipsMapping.c:9227:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->regs_read, insns[i].regs_use, sizeof(insns[i].regs_use)); data/capstone-4.0.1+really+3.0.5/arch/Mips/MipsMapping.c:9230:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->regs_write, insns[i].regs_mod, sizeof(insns[i].regs_mod)); data/capstone-4.0.1+really+3.0.5/arch/Mips/MipsMapping.c:9233:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->groups, insns[i].groups, sizeof(insns[i].groups)); data/capstone-4.0.1+really+3.0.5/arch/PowerPC/PPCMapping.c:6905:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->regs_read, insns[i].regs_use, sizeof(insns[i].regs_use)); data/capstone-4.0.1+really+3.0.5/arch/PowerPC/PPCMapping.c:6908:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->regs_write, insns[i].regs_mod, sizeof(insns[i].regs_mod)); data/capstone-4.0.1+really+3.0.5/arch/PowerPC/PPCMapping.c:6911:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->groups, insns[i].groups, sizeof(insns[i].groups)); data/capstone-4.0.1+really+3.0.5/arch/Sparc/SparcDisassembler.c:213:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Bytes, code, 4); data/capstone-4.0.1+really+3.0.5/arch/Sparc/SparcInstPrinter.c:356:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char instr[64]; // Sparc has no instruction this long data/capstone-4.0.1+really+3.0.5/arch/Sparc/SparcMapping.c:2810:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->regs_read, insns[i].regs_use, sizeof(insns[i].regs_use)); data/capstone-4.0.1+really+3.0.5/arch/Sparc/SparcMapping.c:2813:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->regs_write, insns[i].regs_mod, sizeof(insns[i].regs_mod)); data/capstone-4.0.1+really+3.0.5/arch/Sparc/SparcMapping.c:2816:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->groups, insns[i].groups, sizeof(insns[i].groups)); data/capstone-4.0.1+really+3.0.5/arch/SystemZ/SystemZDisassembler.c:328:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Bytes, code, *size); data/capstone-4.0.1+really+3.0.5/arch/SystemZ/SystemZMapping.c:4327:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->regs_read, insns[i].regs_use, sizeof(insns[i].regs_use)); data/capstone-4.0.1+really+3.0.5/arch/SystemZ/SystemZMapping.c:4330:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->regs_write, insns[i].regs_mod, sizeof(insns[i].regs_mod)); data/capstone-4.0.1+really+3.0.5/arch/SystemZ/SystemZMapping.c:4333:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->groups, insns[i].groups, sizeof(insns[i].groups)); data/capstone-4.0.1+really+3.0.5/arch/X86/X86Mapping.c:47066:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->regs_read, insns[i].regs_use, sizeof(insns[i].regs_use)); data/capstone-4.0.1+really+3.0.5/arch/X86/X86Mapping.c:47072:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->regs_write, insns[i].regs_mod, sizeof(insns[i].regs_mod)); data/capstone-4.0.1+really+3.0.5/arch/X86/X86Mapping.c:47077:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->regs_write, insns[i].regs_mod, sizeof(insns[i].regs_mod)); data/capstone-4.0.1+really+3.0.5/arch/X86/X86Mapping.c:47087:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->regs_write, insns[i].regs_mod, sizeof(insns[i].regs_mod)); data/capstone-4.0.1+really+3.0.5/arch/X86/X86Mapping.c:47201:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->groups, insns[i].groups, sizeof(insns[i].groups)); data/capstone-4.0.1+really+3.0.5/arch/X86/X86Mapping.c:47866:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(MI->flat_insn->detail->x86.prefix, MI->x86_prefix, ARR_SIZE(MI->x86_prefix)); data/capstone-4.0.1+really+3.0.5/arch/XCore/XCoreInstPrinter.c:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[128]; data/capstone-4.0.1+really+3.0.5/arch/XCore/XCoreInstPrinter.c:114:98: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). MI->flat_insn->detail->xcore.operands[MI->flat_insn->detail->xcore.op_count].mem.disp = atoi(p2); data/capstone-4.0.1+really+3.0.5/arch/XCore/XCoreMapping.c:1380:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->regs_read, insns[i].regs_use, sizeof(insns[i].regs_use)); data/capstone-4.0.1+really+3.0.5/arch/XCore/XCoreMapping.c:1383:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->regs_write, insns[i].regs_mod, sizeof(insns[i].regs_mod)); data/capstone-4.0.1+really+3.0.5/arch/XCore/XCoreMapping.c:1386:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->detail->groups, insns[i].groups, sizeof(insns[i].groups)); data/capstone-4.0.1+really+3.0.5/bindings/vb6/vbCapstone.cpp:62:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(curInst, (void*)&insn[index], bufSize); //size lets us get a partial version of whatever we have implemented in the vbstruct... data/capstone-4.0.1+really+3.0.5/contrib/windows_kernel/libc.cpp:23:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[0]; data/capstone-4.0.1+really+3.0.5/contrib/windows_kernel/libc.cpp:95:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mem, inblock.get(), min(CONTAINING_RECORD(inblock.get(), MEMBLOCK, data)->size, size)); data/capstone-4.0.1+really+3.0.5/cs.c:459:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->bytes, code + insn->size - copy_size, copy_size); data/capstone-4.0.1+really+3.0.5/cs.c:741:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn_cache->bytes, buffer, skipdata_bytes); data/capstone-4.0.1+really+3.0.5/cs.c:947:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(insn->bytes, *code, skipdata_bytes); data/capstone-4.0.1+really+3.0.5/cs_priv.h:29:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ITStates[8]; data/capstone-4.0.1+really+3.0.5/include/capstone.h:271:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mnemonic[32]; data/capstone-4.0.1+really+3.0.5/include/capstone.h:275:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char op_str[160]; data/capstone-4.0.1+really+3.0.5/suite/arm/test_arm_regression.c:136:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a_buf[2048]; data/capstone-4.0.1+really+3.0.5/suite/arm/test_arm_regression.c:323:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp_buf[2048]; data/capstone-4.0.1+really+3.0.5/suite/fuzz/fuzz_disasm.c:178:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outfile = fopen("/dev/null", "w"); data/capstone-4.0.1+really+3.0.5/suite/fuzz/fuzz_harness.c:115:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(argv[1], "r"); data/capstone-4.0.1+really+3.0.5/suite/fuzz/onefile.c:17:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(argv[1], "rb"); data/capstone-4.0.1+really+3.0.5/tests/test_winkernel.cpp:125:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10]; data/capstone-4.0.1+really+3.0.5/utils.h:23:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char regs_use[12]; // list of implicit registers used by this instruction data/capstone-4.0.1+really+3.0.5/utils.h:24:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char regs_mod[20]; // list of implicit registers modified by this instruction data/capstone-4.0.1+really+3.0.5/utils.h:25:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char groups[8]; // list of group this instruction belong to data/capstone-4.0.1+really+3.0.5/windows/winkernel_mm.c:15:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[1]; // An address returned to a caller data/capstone-4.0.1+really+3.0.5/SStream.c:37:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned int len = (unsigned int) strlen(s); data/capstone-4.0.1+really+3.0.5/arch/ARM/ARMInstPrinter.c:370:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(insn_update_flgs[i].name))) { data/capstone-4.0.1+really+3.0.5/arch/PowerPC/PPCInstPrinter.c:185:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(mnem) > 0) { data/capstone-4.0.1+really+3.0.5/arch/PowerPC/PPCInstPrinter.c:188:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (mnem[strlen(mnem) - 1] == '-' || mnem[strlen(mnem) - 1] == '+' || mnem[strlen(mnem) - 1] == '.') data/capstone-4.0.1+really+3.0.5/arch/PowerPC/PPCInstPrinter.c:188:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (mnem[strlen(mnem) - 1] == '-' || mnem[strlen(mnem) - 1] == '+' || mnem[strlen(mnem) - 1] == '.') data/capstone-4.0.1+really+3.0.5/arch/PowerPC/PPCInstPrinter.c:188:79: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (mnem[strlen(mnem) - 1] == '-' || mnem[strlen(mnem) - 1] == '+' || mnem[strlen(mnem) - 1] == '.') data/capstone-4.0.1+really+3.0.5/arch/PowerPC/PPCInstPrinter.c:189:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mnem[strlen(mnem) - 1] = '\0'; data/capstone-4.0.1+really+3.0.5/arch/Sparc/SparcInstPrinter.c:361:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(instr, mnem, strlen(mnem)); data/capstone-4.0.1+really+3.0.5/arch/Sparc/SparcInstPrinter.c:361:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(instr, mnem, strlen(mnem)); data/capstone-4.0.1+really+3.0.5/arch/Sparc/SparcInstPrinter.c:362:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). instr[strlen(mnem)] = '\0'; data/capstone-4.0.1+really+3.0.5/arch/Sparc/SparcMapping.c:3299:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l1 = strlen(name); data/capstone-4.0.1+really+3.0.5/arch/Sparc/SparcMapping.c:3301:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l2 = strlen(hint_maps[i].name); data/capstone-4.0.1+really+3.0.5/cs.c:491:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(insn->op_str, sp, sizeof(insn->op_str) - 1); data/capstone-4.0.1+really+3.0.5/cs.c:746:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(insn_cache->mnemonic, handle->skipdata_setup.mnemonic, data/capstone-4.0.1+really+3.0.5/cs.c:952:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(insn->mnemonic, handle->skipdata_setup.mnemonic, data/capstone-4.0.1+really+3.0.5/cstool/cstool.c:53:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = (uint8_t *)malloc(strlen(code)); data/capstone-4.0.1+really+3.0.5/suite/arm/test_arm_regression.c:359:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). max_len = strlen(tmp_buf); data/capstone-4.0.1+really+3.0.5/suite/arm/test_arm_regression.c:360:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp_len = strlen(valid_code->expected_out); data/capstone-4.0.1+really+3.0.5/utils.c:69:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(str)+ 1; ANALYSIS SUMMARY: Hits = 97 Lines analyzed = 150360 in approximately 2.64 seconds (57043 lines/second) Physical Source Lines of Code (SLOC) = 140336 Hits@level = [0] 559 [1] 19 [2] 62 [3] 0 [4] 16 [5] 0 Hits@level+ = [0+] 656 [1+] 97 [2+] 78 [3+] 16 [4+] 16 [5+] 0 Hits/KSLOC@level+ = [0+] 4.6745 [1+] 0.691198 [2+] 0.555809 [3+] 0.114012 [4+] 0.114012 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.