Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/convlit-1.8/clit18/clit.c
Examining data/convlit-1.8/clit18/clit.h
Examining data/convlit-1.8/clit18/drm5.c
Examining data/convlit-1.8/clit18/display.c
Examining data/convlit-1.8/clit18/explode.c
Examining data/convlit-1.8/clit18/hexdump.c
Examining data/convlit-1.8/clit18/manifest.c
Examining data/convlit-1.8/clit18/manifest.h
Examining data/convlit-1.8/clit18/transmute.c
Examining data/convlit-1.8/clit18/utils.c
Examining data/convlit-1.8/clit18/utils.h
Examining data/convlit-1.8/lib/litatom.c
Examining data/convlit-1.8/lib/litdirectory.c
Examining data/convlit-1.8/lib/litdrm.c
Examining data/convlit-1.8/lib/litembiggen.c
Examining data/convlit-1.8/lib/litheaders.c
Examining data/convlit-1.8/lib/litinternal.h
Examining data/convlit-1.8/lib/litlib.c
Examining data/convlit-1.8/lib/litlib.h
Examining data/convlit-1.8/lib/litmanifest.c
Examining data/convlit-1.8/lib/litmetatags.c
Examining data/convlit-1.8/lib/litsections.c
Examining data/convlit-1.8/lib/littags.c
Examining data/convlit-1.8/lib/littags.h
Examining data/convlit-1.8/lib/littypes.h
Examining data/convlit-1.8/lib/litutil.c
Examining data/convlit-1.8/lib/des/d3des.h
Examining data/convlit-1.8/lib/des/des.c
Examining data/convlit-1.8/lib/des/spr.h
Examining data/convlit-1.8/lib/lzx/lzx.c
Examining data/convlit-1.8/lib/lzx/lzx.h
Examining data/convlit-1.8/lib/lzx/lzx_int.h
Examining data/convlit-1.8/lib/newlzx/lzx.h
Examining data/convlit-1.8/lib/newlzx/lzxd.c
Examining data/convlit-1.8/lib/newlzx/lzxglue.c
Examining data/convlit-1.8/lib/newlzx/mspack.h
Examining data/convlit-1.8/lib/newlzx/system.h
Examining data/convlit-1.8/lib/sha/mssha1.c
Examining data/convlit-1.8/lib/sha/sha.h

FINAL RESULTS:

data/convlit-1.8/clit18/clit.c:128:5:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    printf(sTitle);
data/convlit-1.8/clit18/clit.c:130:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf(sUsage);
data/convlit-1.8/clit18/clit.c:247:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(path, output);
data/convlit-1.8/clit18/clit.c:338:9:  [4] (format) vprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        vprintf(fmt, ap);
data/convlit-1.8/clit18/clit.c:386:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        vfprintf(stderr,fmt, ap);
data/convlit-1.8/clit18/drm5.c:144:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                        strcpy(private_key_ptr, pKey);
data/convlit-1.8/clit18/drm5.c:145:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                        strcpy(modulus_ptr, pModulus);
data/convlit-1.8/clit18/drm5.c:168:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(modulus_ptr, pModulus);
data/convlit-1.8/clit18/drm5.c:169:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(private_key_ptr, pKey);
data/convlit-1.8/clit18/drm5.c:262:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(tmptag, tag);
data/convlit-1.8/clit18/drm5.c:272:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(tmptag, tag);
data/convlit-1.8/clit18/utils.c:47:15:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    if (head) strcat(str,head);
data/convlit-1.8/clit18/utils.c:48:15:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    if (body) strcat(str,body);
data/convlit-1.8/clit18/utils.c:49:15:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    if (tail) strcat(str,tail);
data/convlit-1.8/lib/litlib.c:429:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(&new->name, name);
data/convlit-1.8/lib/litutil.c:61:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(ptr, s);
data/convlit-1.8/lib/newlzx/lzx.h:125:60:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
extern struct lzxd_stream *lzxd_init(struct mspack_system *system,
data/convlit-1.8/lib/newlzx/lzxd.c:389:53:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
struct lzxd_stream *lzxd_init(struct mspack_system *system,
data/convlit-1.8/lib/newlzx/lzxd.c:400:8:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  if (!system) return NULL;
data/convlit-1.8/lib/newlzx/lzxd.c:412:29:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  if (!(lzx = system->alloc(system, sizeof(struct lzxd_stream)))) {
data/convlit-1.8/lib/newlzx/lzxd.c:417:31:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  lzx->window = system->alloc(system, (size_t) window_size);
data/convlit-1.8/lib/newlzx/lzxd.c:418:31:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  lzx->inbuf  = system->alloc(system, (size_t) input_buffer_size);
data/convlit-1.8/lib/newlzx/lzxd.c:427:26:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  lzx->sys             = system;
data/convlit-1.8/lib/newlzx/system.h:20:20:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                   printf x ; fputc('\n', stdout); fflush(stdout);} while (0);
data/convlit-1.8/lib/newlzx/system.h:40:53:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
extern int mspack_sys_filelen(struct mspack_system *system,
data/convlit-1.8/lib/litdrm.c:383:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand(time(NULL));
data/convlit-1.8/clit18/clit.c:67:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char   dir_program[MAX_PATH];
data/convlit-1.8/clit18/clit.c:68:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char   dir_lit_file[MAX_PATH];
data/convlit-1.8/clit18/clit.c:173:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fh = fopen(filename, "rb");
data/convlit-1.8/clit18/drm5.c:50:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(filename, "rb");
data/convlit-1.8/clit18/drm5.c:271:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(tmptag, "</");
data/convlit-1.8/clit18/drm5.c:286:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(tmp, realstart, (end - realstart) * sizeof(char));
data/convlit-1.8/clit18/drm5.c:330:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char drm5_des_key[16]; 
data/convlit-1.8/clit18/drm5.c:331:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char sModulus[512/3]; 
data/convlit-1.8/clit18/drm5.c:332:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char sPrivateKey[512/3];
data/convlit-1.8/clit18/drm5.c:333:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char keyData[256];
data/convlit-1.8/clit18/drm5.c:343:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    des_key[64];
data/convlit-1.8/clit18/drm5.c:400:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(drm5_des_key, des_key, 8);
data/convlit-1.8/clit18/explode.c:238:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(s, p, len);
data/convlit-1.8/clit18/explode.c:287:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            f = fopen(sTemp, "r");
data/convlit-1.8/clit18/explode.c:290:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                f = fopen(sTemp,"w");
data/convlit-1.8/clit18/explode.c:305:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char sNum[10];
data/convlit-1.8/clit18/explode.c:439:9:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
        strcpy(&str[strlen(str)-3], "opf");
data/convlit-1.8/clit18/explode.c:507:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        fOut = fopen(pathExternal, "w");
data/convlit-1.8/clit18/explode.c:558:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fOut = fopen(pathExternal, "wb");
data/convlit-1.8/clit18/hexdump.c:29:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char strbuffer[ numBytesInString+1 ];
data/convlit-1.8/clit18/transmute.c:44:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fOut = fopen(newlitfile,"wb");
data/convlit-1.8/clit18/utils.c:197:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest, iter->last_ptr, iter->len);
data/convlit-1.8/lib/des/d3des.h:30:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char byte[8];
data/convlit-1.8/lib/des/d3des.h:36:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char dbyte[16];
data/convlit-1.8/lib/des/des.c:48:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char pc1[56] = {
data/convlit-1.8/lib/des/des.c:54:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char totrot[16] = {
data/convlit-1.8/lib/des/des.c:57:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char pc2[48] = {
data/convlit-1.8/lib/des/des.c:68:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char pc1m[56], pcr[56];
data/convlit-1.8/lib/litdirectory.c:172:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&entry->name, nameptr, namelen);
data/convlit-1.8/lib/litdirectory.c:197:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(p+index, &entry->name,len);
data/convlit-1.8/lib/litdirectory.c:376:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(aolx->pBase+aolx->index, &entry->name,len);
data/convlit-1.8/lib/litdrm.c:113:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(litfile->bookkey, ptr+1, 8);
data/convlit-1.8/lib/litdrm.c:238:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pBookplate, drm_data, data_size);
data/convlit-1.8/lib/litdrm.c:253:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(litfile->bookkey, new_key, 8);
data/convlit-1.8/lib/litdrm.c:261:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new_sealed+1, litfile->bookkey, 8);
data/convlit-1.8/lib/litdrm.c:311:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&buffer[pos],pdata+offset, avail);
data/convlit-1.8/lib/litdrm.c:316:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&buffer[pos],pdata+offset, length);
data/convlit-1.8/lib/litembiggen.c:252:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char buf[32];
data/convlit-1.8/lib/litembiggen.c:253:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(buf,"<!-- FLAG:%d%d%d%d%d%d%d%d-%d -->", 
data/convlit-1.8/lib/litembiggen.c:330:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(tag_name, "?%ld?", tag);
data/convlit-1.8/lib/litembiggen.c:477:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(numbuf,"?%ld?",c);
data/convlit-1.8/lib/litembiggen.c:531:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(numbuf,"%ld\"",c-1);
data/convlit-1.8/lib/litembiggen.c:619:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(href_value,pHtml + href_base + 1, href_size);
data/convlit-1.8/lib/litembiggen.c:677:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    ent_buffer[14], ch;
data/convlit-1.8/lib/litembiggen.c:710:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            len = sprintf(ent_buffer,"&#%ld;",c);
data/convlit-1.8/lib/litheaders.c:236:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(litfile->header_guid, header + PRI_GUID, 16);
data/convlit-1.8/lib/litheaders.c:363:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(litfile->piece3_guid, cur_piece, size);
data/convlit-1.8/lib/litheaders.c:373:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(litfile->piece4_guid, cur_piece, size);
data/convlit-1.8/lib/litheaders.c:453:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p, lit_magic_string, strlen(lit_magic_string));
data/convlit-1.8/lib/litheaders.c:458:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p+PRI_GUID, litfile->header_guid, 16);
data/convlit-1.8/lib/litlib.c:119:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&newlitfile->bookkey[0],&litfile->bookkey[0],8);
data/convlit-1.8/lib/litlib.c:120:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&newlitfile->header_guid[0],&litfile->header_guid[0],16);
data/convlit-1.8/lib/litlib.c:121:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&newlitfile->piece3_guid[0],&litfile->piece3_guid[0],16);
data/convlit-1.8/lib/litlib.c:122:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&newlitfile->piece4_guid[0],&litfile->piece4_guid[0],16);
data/convlit-1.8/lib/litlib.c:140:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(new, entry, sizeof(*entry)+entry->namelen+1);
data/convlit-1.8/lib/litlib.c:282:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(newptr, entry->data_pointer, (size_t)entry->size);
data/convlit-1.8/lib/litlib.c:337:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(newptr,section->data_pointer+(size_t)entry->offset,
data/convlit-1.8/lib/litlib.h:69:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char * atom_names[1];
data/convlit-1.8/lib/litmetatags.c:55:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char * meta_tagtoname[43] = {
data/convlit-1.8/lib/litsections.c:62:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char guid_buffer[7+8+4+4+4+12+1];
data/convlit-1.8/lib/litsections.c:64:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(guid_buffer, "{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}",
data/convlit-1.8/lib/litsections.c:260:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(ptr, pContent, sizeContent);
data/convlit-1.8/lib/littags.c:808:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char * tagtoname[109] = { 
data/convlit-1.8/lib/littags.h:34:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char * tagtoname[109];
data/convlit-1.8/lib/littags.h:39:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char * meta_tagtoname[43];
data/convlit-1.8/lib/litutil.c:95:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( sNew, (p+1), nbytes);
data/convlit-1.8/lib/lzx/lzx.c:654:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(window + window_posn, inpos, this_run);
data/convlit-1.8/lib/lzx/lzx.c:666:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(outpos, window + last_window_posn,  bytes_to_write);
data/convlit-1.8/lib/lzx/lzx.c:673:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(outpos, window + last_window_posn, bytes_to_write);
data/convlit-1.8/lib/lzx/lzx.c:680:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(outpos, window,  bytes_to_write);
data/convlit-1.8/lib/newlzx/lzx.h:81:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char PRETREE_len  [LZX_PRETREE_MAXSYMBOLS  + LZX_LENTABLE_SAFETY];
data/convlit-1.8/lib/newlzx/lzx.h:82:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char MAINTREE_len [LZX_MAINTREE_MAXSYMBOLS + LZX_LENTABLE_SAFETY];
data/convlit-1.8/lib/newlzx/lzx.h:83:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char LENGTH_len   [LZX_LENGTH_MAXSYMBOLS   + LZX_LENTABLE_SAFETY];
data/convlit-1.8/lib/newlzx/lzx.h:84:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char ALIGNED_len  [LZX_ALIGNED_MAXSYMBOLS  + LZX_LENTABLE_SAFETY];
data/convlit-1.8/lib/newlzx/lzx.h:97:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char  e8_buf[LZX_FRAME_SIZE];
data/convlit-1.8/lib/newlzx/lzxd.c:355:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char extra_bits[51];
data/convlit-1.8/lib/newlzx/lzxd.c:472:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char *window, *runsrc, *rundest, buf[12];
data/convlit-1.8/lib/newlzx/lzxglue.c:61:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest, src, bytes);
data/convlit-1.8/lib/newlzx/lzxglue.c:87:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, (unsigned char *)mem->buffer+mem->current_bytes, bytes);
data/convlit-1.8/lib/newlzx/lzxglue.c:107:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((unsigned char *)mem->buffer+mem->current_bytes, buffer, bytes);
data/convlit-1.8/lib/newlzx/mspack.h:266:26:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  struct mspack_file * (*open)(struct mspack_system *this,
data/convlit-1.8/lib/newlzx/mspack.h:900:29:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  struct mscabd_cabinet * (*open) (struct mscab_decompressor *this,
data/convlit-1.8/lib/newlzx/mspack.h:1300:27:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  struct mschmd_header *(*open)(struct mschm_decompressor *this,
data/convlit-1.8/lib/sha/mssha1.c:204:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	    memcpy(&context->buffer[j], data, (i = 64-j));
data/convlit-1.8/lib/sha/mssha1.c:212:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&context->buffer[j], &data[i], len - i);
data/convlit-1.8/clit18/clit.c:121:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(dir_program, argv[0], MAX_PATH-1);
data/convlit-1.8/clit18/clit.c:123:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = strlen(dir_program); i >= 0; i--) {
data/convlit-1.8/clit18/clit.c:137:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for (i = 1; i < (int)strlen(argv[base]); i++) {
data/convlit-1.8/clit18/clit.c:163:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(dir_lit_file, filename, MAX_PATH-1);
data/convlit-1.8/clit18/clit.c:165:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = strlen(dir_lit_file); i >= 0; i--) {
data/convlit-1.8/clit18/clit.c:200:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(output) == 0) {
data/convlit-1.8/clit18/clit.c:217:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            c = output[strlen(output) - 1];
data/convlit-1.8/clit18/clit.c:240:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            c = output[strlen(output) - 1];
data/convlit-1.8/clit18/clit.c:242:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                path = malloc(strlen(output) + 1);
data/convlit-1.8/clit18/clit.c:244:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    fprintf(stderr,"Malloc(%d) failed!\n", strlen(output) + 1);
data/convlit-1.8/clit18/clit.c:248:17:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
                strcat(path, "/");
data/convlit-1.8/clit18/drm5.c:251:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(tag);
data/convlit-1.8/clit18/drm5.c:261:5:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
    strcpy(tmptag, "<");
data/convlit-1.8/clit18/drm5.c:273:5:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
    strcat(tmptag, ">");
data/convlit-1.8/clit18/explode.c:364:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    	bytes = strlen(p)+1;
data/convlit-1.8/clit18/explode.c:424:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    idx = len = strlen(litname);
data/convlit-1.8/clit18/explode.c:439:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strcpy(&str[strlen(str)-3], "opf");
data/convlit-1.8/clit18/explode.c:515:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  strlen(meta_string));
data/convlit-1.8/clit18/explode.c:516:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((size_t)status != strlen(meta_string)) { status = -1; break; }
data/convlit-1.8/clit18/explode.c:522:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  strlen(xhtml_string));
data/convlit-1.8/clit18/explode.c:523:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if ((size_t)status != strlen(xhtml_string)) { status = -1; break;}
data/convlit-1.8/clit18/transmute.c:53:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        drm_size = 2*(strlen(inscription)+1);
data/convlit-1.8/clit18/transmute.c:60:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for (i = 0; (size_t)i < strlen(inscription); i++) {
data/convlit-1.8/clit18/utils.c:36:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (head) len += strlen(head);
data/convlit-1.8/clit18/utils.c:37:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (body) len += strlen(body);
data/convlit-1.8/clit18/utils.c:38:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (tail) len += strlen(tail); 
data/convlit-1.8/clit18/utils.c:100:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bytes = strlen(p)+1;
data/convlit-1.8/clit18/utils.c:119:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bytes1 = strlen(s1)+1;
data/convlit-1.8/clit18/utils.c:120:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    bytes2 = strlen(s2)+1;
data/convlit-1.8/clit18/utils.c:146:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    iter->bytes = strlen(string);
data/convlit-1.8/lib/litatom.c:123:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(s,p + 1, len);
data/convlit-1.8/lib/litatom.c:186:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(s,p, len);
data/convlit-1.8/lib/litdrm.c:135:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strncmp(msreader_string,ptr,strlen(msreader_string)) != 0) {
data/convlit-1.8/lib/litembiggen.c:69:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    status = htmlwrite(write_data,s,strlen(s));\
data/convlit-1.8/lib/litembiggen.c:695:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen(entities[found].name));
data/convlit-1.8/lib/litheaders.c:219:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strncmp(header, lit_magic_string, strlen(lit_magic_string)) != 0) {
data/convlit-1.8/lib/litheaders.c:453:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy(p, lit_magic_string, strlen(lit_magic_string));
data/convlit-1.8/lib/litlib.c:234:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (entry->namelen != (int)strlen(name)) match = -1;
data/convlit-1.8/lib/litlib.c:236:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ( (entry->namelen != (int)strlen(name)) && (!match)) {
data/convlit-1.8/lib/litlib.c:361:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        match = strncasecmp(&entry->name,prefix, strlen(prefix));
data/convlit-1.8/lib/litlib.c:399:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (entry->namelen != (int)strlen(name)) match = -1;
data/convlit-1.8/lib/litlib.c:401:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if ( (entry->namelen != (int)strlen(name)) && (!match)) {
data/convlit-1.8/lib/litlib.c:418:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        new = malloc(sizeof(entry_type)+strlen(name));
data/convlit-1.8/lib/litlib.c:428:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        new->namelen = (int)strlen(name);
data/convlit-1.8/lib/litutil.c:49:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len += strlen(s); 
data/convlit-1.8/lib/litutil.c:62:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ptr += strlen(ptr);
data/convlit-1.8/lib/newlzx/lzxd.c:134:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  int read = lzx->sys->read(lzx->input, &lzx->inbuf[0], (int)lzx->inbuf_size);
data/convlit-1.8/lib/newlzx/lzxd.c:135:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (read < 0) return lzx->error = MSPACK_ERR_READ;
data/convlit-1.8/lib/newlzx/lzxd.c:152:28:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  lzx->i_end = &lzx->inbuf[read];
data/convlit-1.8/lib/newlzx/mspack.h:290:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  int (*read)(struct mspack_file *file,
data/convlit-1.8/lib/newlzx/system.h:59:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
static inline size_t strlen(const char *s) {

ANALYSIS SUMMARY:

Hits = 162
Lines analyzed = 13069 in approximately 0.46 seconds (28472 lines/second)
Physical Source Lines of Code (SLOC) = 8137
Hits@level = [0]  30 [1]  51 [2]  85 [3]   1 [4]  25 [5]   0
Hits@level+ = [0+] 192 [1+] 162 [2+] 111 [3+]  26 [4+]  25 [5+]   0
Hits/KSLOC@level+ = [0+] 23.5959 [1+] 19.9091 [2+] 13.6414 [3+] 3.19528 [4+] 3.07239 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.