Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/convlit-1.8/clit18/clit.c Examining data/convlit-1.8/clit18/clit.h Examining data/convlit-1.8/clit18/drm5.c Examining data/convlit-1.8/clit18/display.c Examining data/convlit-1.8/clit18/explode.c Examining data/convlit-1.8/clit18/hexdump.c Examining data/convlit-1.8/clit18/manifest.c Examining data/convlit-1.8/clit18/manifest.h Examining data/convlit-1.8/clit18/transmute.c Examining data/convlit-1.8/clit18/utils.c Examining data/convlit-1.8/clit18/utils.h Examining data/convlit-1.8/lib/litatom.c Examining data/convlit-1.8/lib/litdirectory.c Examining data/convlit-1.8/lib/litdrm.c Examining data/convlit-1.8/lib/litembiggen.c Examining data/convlit-1.8/lib/litheaders.c Examining data/convlit-1.8/lib/litinternal.h Examining data/convlit-1.8/lib/litlib.c Examining data/convlit-1.8/lib/litlib.h Examining data/convlit-1.8/lib/litmanifest.c Examining data/convlit-1.8/lib/litmetatags.c Examining data/convlit-1.8/lib/litsections.c Examining data/convlit-1.8/lib/littags.c Examining data/convlit-1.8/lib/littags.h Examining data/convlit-1.8/lib/littypes.h Examining data/convlit-1.8/lib/litutil.c Examining data/convlit-1.8/lib/des/d3des.h Examining data/convlit-1.8/lib/des/des.c Examining data/convlit-1.8/lib/des/spr.h Examining data/convlit-1.8/lib/lzx/lzx.c Examining data/convlit-1.8/lib/lzx/lzx.h Examining data/convlit-1.8/lib/lzx/lzx_int.h Examining data/convlit-1.8/lib/newlzx/lzx.h Examining data/convlit-1.8/lib/newlzx/lzxd.c Examining data/convlit-1.8/lib/newlzx/lzxglue.c Examining data/convlit-1.8/lib/newlzx/mspack.h Examining data/convlit-1.8/lib/newlzx/system.h Examining data/convlit-1.8/lib/sha/mssha1.c Examining data/convlit-1.8/lib/sha/sha.h FINAL RESULTS: data/convlit-1.8/clit18/clit.c:128:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(sTitle); data/convlit-1.8/clit18/clit.c:130:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(sUsage); data/convlit-1.8/clit18/clit.c:247:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, output); data/convlit-1.8/clit18/clit.c:338:9: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(fmt, ap); data/convlit-1.8/clit18/clit.c:386:9: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr,fmt, ap); data/convlit-1.8/clit18/drm5.c:144:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(private_key_ptr, pKey); data/convlit-1.8/clit18/drm5.c:145:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modulus_ptr, pModulus); data/convlit-1.8/clit18/drm5.c:168:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(modulus_ptr, pModulus); data/convlit-1.8/clit18/drm5.c:169:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(private_key_ptr, pKey); data/convlit-1.8/clit18/drm5.c:262:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmptag, tag); data/convlit-1.8/clit18/drm5.c:272:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(tmptag, tag); data/convlit-1.8/clit18/utils.c:47:15: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (head) strcat(str,head); data/convlit-1.8/clit18/utils.c:48:15: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (body) strcat(str,body); data/convlit-1.8/clit18/utils.c:49:15: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). if (tail) strcat(str,tail); data/convlit-1.8/lib/litlib.c:429:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&new->name, name); data/convlit-1.8/lib/litutil.c:61:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ptr, s); data/convlit-1.8/lib/newlzx/lzx.h:125:60: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. extern struct lzxd_stream *lzxd_init(struct mspack_system *system, data/convlit-1.8/lib/newlzx/lzxd.c:389:53: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. struct lzxd_stream *lzxd_init(struct mspack_system *system, data/convlit-1.8/lib/newlzx/lzxd.c:400:8: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!system) return NULL; data/convlit-1.8/lib/newlzx/lzxd.c:412:29: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!(lzx = system->alloc(system, sizeof(struct lzxd_stream)))) { data/convlit-1.8/lib/newlzx/lzxd.c:417:31: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. lzx->window = system->alloc(system, (size_t) window_size); data/convlit-1.8/lib/newlzx/lzxd.c:418:31: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. lzx->inbuf = system->alloc(system, (size_t) input_buffer_size); data/convlit-1.8/lib/newlzx/lzxd.c:427:26: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. lzx->sys = system; data/convlit-1.8/lib/newlzx/system.h:20:20: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf x ; fputc('\n', stdout); fflush(stdout);} while (0); data/convlit-1.8/lib/newlzx/system.h:40:53: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. extern int mspack_sys_filelen(struct mspack_system *system, data/convlit-1.8/lib/litdrm.c:383:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/convlit-1.8/clit18/clit.c:67:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir_program[MAX_PATH]; data/convlit-1.8/clit18/clit.c:68:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir_lit_file[MAX_PATH]; data/convlit-1.8/clit18/clit.c:173:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fh = fopen(filename, "rb"); data/convlit-1.8/clit18/drm5.c:50:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "rb"); data/convlit-1.8/clit18/drm5.c:271:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tmptag, "</"); data/convlit-1.8/clit18/drm5.c:286:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, realstart, (end - realstart) * sizeof(char)); data/convlit-1.8/clit18/drm5.c:330:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char drm5_des_key[16]; data/convlit-1.8/clit18/drm5.c:331:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sModulus[512/3]; data/convlit-1.8/clit18/drm5.c:332:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sPrivateKey[512/3]; data/convlit-1.8/clit18/drm5.c:333:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char keyData[256]; data/convlit-1.8/clit18/drm5.c:343:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char des_key[64]; data/convlit-1.8/clit18/drm5.c:400:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(drm5_des_key, des_key, 8); data/convlit-1.8/clit18/explode.c:238:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, p, len); data/convlit-1.8/clit18/explode.c:287:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(sTemp, "r"); data/convlit-1.8/clit18/explode.c:290:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(sTemp,"w"); data/convlit-1.8/clit18/explode.c:305:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sNum[10]; data/convlit-1.8/clit18/explode.c:439:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(&str[strlen(str)-3], "opf"); data/convlit-1.8/clit18/explode.c:507:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fOut = fopen(pathExternal, "w"); data/convlit-1.8/clit18/explode.c:558:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fOut = fopen(pathExternal, "wb"); data/convlit-1.8/clit18/hexdump.c:29:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char strbuffer[ numBytesInString+1 ]; data/convlit-1.8/clit18/transmute.c:44:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fOut = fopen(newlitfile,"wb"); data/convlit-1.8/clit18/utils.c:197:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, iter->last_ptr, iter->len); data/convlit-1.8/lib/des/d3des.h:30:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char byte[8]; data/convlit-1.8/lib/des/d3des.h:36:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dbyte[16]; data/convlit-1.8/lib/des/des.c:48:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char pc1[56] = { data/convlit-1.8/lib/des/des.c:54:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char totrot[16] = { data/convlit-1.8/lib/des/des.c:57:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char pc2[48] = { data/convlit-1.8/lib/des/des.c:68:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pc1m[56], pcr[56]; data/convlit-1.8/lib/litdirectory.c:172:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&entry->name, nameptr, namelen); data/convlit-1.8/lib/litdirectory.c:197:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p+index, &entry->name,len); data/convlit-1.8/lib/litdirectory.c:376:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aolx->pBase+aolx->index, &entry->name,len); data/convlit-1.8/lib/litdrm.c:113:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(litfile->bookkey, ptr+1, 8); data/convlit-1.8/lib/litdrm.c:238:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pBookplate, drm_data, data_size); data/convlit-1.8/lib/litdrm.c:253:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(litfile->bookkey, new_key, 8); data/convlit-1.8/lib/litdrm.c:261:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_sealed+1, litfile->bookkey, 8); data/convlit-1.8/lib/litdrm.c:311:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buffer[pos],pdata+offset, avail); data/convlit-1.8/lib/litdrm.c:316:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buffer[pos],pdata+offset, length); data/convlit-1.8/lib/litembiggen.c:252:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/convlit-1.8/lib/litembiggen.c:253:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"<!-- FLAG:%d%d%d%d%d%d%d%d-%d -->", data/convlit-1.8/lib/litembiggen.c:330:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tag_name, "?%ld?", tag); data/convlit-1.8/lib/litembiggen.c:477:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(numbuf,"?%ld?",c); data/convlit-1.8/lib/litembiggen.c:531:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(numbuf,"%ld\"",c-1); data/convlit-1.8/lib/litembiggen.c:619:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(href_value,pHtml + href_base + 1, href_size); data/convlit-1.8/lib/litembiggen.c:677:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ent_buffer[14], ch; data/convlit-1.8/lib/litembiggen.c:710:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. len = sprintf(ent_buffer,"&#%ld;",c); data/convlit-1.8/lib/litheaders.c:236:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(litfile->header_guid, header + PRI_GUID, 16); data/convlit-1.8/lib/litheaders.c:363:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(litfile->piece3_guid, cur_piece, size); data/convlit-1.8/lib/litheaders.c:373:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(litfile->piece4_guid, cur_piece, size); data/convlit-1.8/lib/litheaders.c:453:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, lit_magic_string, strlen(lit_magic_string)); data/convlit-1.8/lib/litheaders.c:458:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p+PRI_GUID, litfile->header_guid, 16); data/convlit-1.8/lib/litlib.c:119:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&newlitfile->bookkey[0],&litfile->bookkey[0],8); data/convlit-1.8/lib/litlib.c:120:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&newlitfile->header_guid[0],&litfile->header_guid[0],16); data/convlit-1.8/lib/litlib.c:121:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&newlitfile->piece3_guid[0],&litfile->piece3_guid[0],16); data/convlit-1.8/lib/litlib.c:122:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&newlitfile->piece4_guid[0],&litfile->piece4_guid[0],16); data/convlit-1.8/lib/litlib.c:140:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new, entry, sizeof(*entry)+entry->namelen+1); data/convlit-1.8/lib/litlib.c:282:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newptr, entry->data_pointer, (size_t)entry->size); data/convlit-1.8/lib/litlib.c:337:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newptr,section->data_pointer+(size_t)entry->offset, data/convlit-1.8/lib/litlib.h:69:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * atom_names[1]; data/convlit-1.8/lib/litmetatags.c:55:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * meta_tagtoname[43] = { data/convlit-1.8/lib/litsections.c:62:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char guid_buffer[7+8+4+4+4+12+1]; data/convlit-1.8/lib/litsections.c:64:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(guid_buffer, "{%08lX-%04X-%04X-%02X%02X-%02X%02X%02X%02X%02X%02X}", data/convlit-1.8/lib/litsections.c:260:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, pContent, sizeContent); data/convlit-1.8/lib/littags.c:808:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * tagtoname[109] = { data/convlit-1.8/lib/littags.h:34:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char * tagtoname[109]; data/convlit-1.8/lib/littags.h:39:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char * meta_tagtoname[43]; data/convlit-1.8/lib/litutil.c:95:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( sNew, (p+1), nbytes); data/convlit-1.8/lib/lzx/lzx.c:654:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(window + window_posn, inpos, this_run); data/convlit-1.8/lib/lzx/lzx.c:666:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outpos, window + last_window_posn, bytes_to_write); data/convlit-1.8/lib/lzx/lzx.c:673:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outpos, window + last_window_posn, bytes_to_write); data/convlit-1.8/lib/lzx/lzx.c:680:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outpos, window, bytes_to_write); data/convlit-1.8/lib/newlzx/lzx.h:81:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char PRETREE_len [LZX_PRETREE_MAXSYMBOLS + LZX_LENTABLE_SAFETY]; data/convlit-1.8/lib/newlzx/lzx.h:82:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char MAINTREE_len [LZX_MAINTREE_MAXSYMBOLS + LZX_LENTABLE_SAFETY]; data/convlit-1.8/lib/newlzx/lzx.h:83:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char LENGTH_len [LZX_LENGTH_MAXSYMBOLS + LZX_LENTABLE_SAFETY]; data/convlit-1.8/lib/newlzx/lzx.h:84:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ALIGNED_len [LZX_ALIGNED_MAXSYMBOLS + LZX_LENTABLE_SAFETY]; data/convlit-1.8/lib/newlzx/lzx.h:97:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char e8_buf[LZX_FRAME_SIZE]; data/convlit-1.8/lib/newlzx/lzxd.c:355:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char extra_bits[51]; data/convlit-1.8/lib/newlzx/lzxd.c:472:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *window, *runsrc, *rundest, buf[12]; data/convlit-1.8/lib/newlzx/lzxglue.c:61:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, bytes); data/convlit-1.8/lib/newlzx/lzxglue.c:87:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, (unsigned char *)mem->buffer+mem->current_bytes, bytes); data/convlit-1.8/lib/newlzx/lzxglue.c:107:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((unsigned char *)mem->buffer+mem->current_bytes, buffer, bytes); data/convlit-1.8/lib/newlzx/mspack.h:266:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). struct mspack_file * (*open)(struct mspack_system *this, data/convlit-1.8/lib/newlzx/mspack.h:900:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). struct mscabd_cabinet * (*open) (struct mscab_decompressor *this, data/convlit-1.8/lib/newlzx/mspack.h:1300:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). struct mschmd_header *(*open)(struct mschm_decompressor *this, data/convlit-1.8/lib/sha/mssha1.c:204:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[j], data, (i = 64-j)); data/convlit-1.8/lib/sha/mssha1.c:212:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[j], &data[i], len - i); data/convlit-1.8/clit18/clit.c:121:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir_program, argv[0], MAX_PATH-1); data/convlit-1.8/clit18/clit.c:123:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(dir_program); i >= 0; i--) { data/convlit-1.8/clit18/clit.c:137:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 1; i < (int)strlen(argv[base]); i++) { data/convlit-1.8/clit18/clit.c:163:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dir_lit_file, filename, MAX_PATH-1); data/convlit-1.8/clit18/clit.c:165:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(dir_lit_file); i >= 0; i--) { data/convlit-1.8/clit18/clit.c:200:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(output) == 0) { data/convlit-1.8/clit18/clit.c:217:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c = output[strlen(output) - 1]; data/convlit-1.8/clit18/clit.c:240:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c = output[strlen(output) - 1]; data/convlit-1.8/clit18/clit.c:242:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path = malloc(strlen(output) + 1); data/convlit-1.8/clit18/clit.c:244:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr,"Malloc(%d) failed!\n", strlen(output) + 1); data/convlit-1.8/clit18/clit.c:248:17: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(path, "/"); data/convlit-1.8/clit18/drm5.c:251:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(tag); data/convlit-1.8/clit18/drm5.c:261:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(tmptag, "<"); data/convlit-1.8/clit18/drm5.c:273:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(tmptag, ">"); data/convlit-1.8/clit18/explode.c:364:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytes = strlen(p)+1; data/convlit-1.8/clit18/explode.c:424:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). idx = len = strlen(litname); data/convlit-1.8/clit18/explode.c:439:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(&str[strlen(str)-3], "opf"); data/convlit-1.8/clit18/explode.c:515:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(meta_string)); data/convlit-1.8/clit18/explode.c:516:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((size_t)status != strlen(meta_string)) { status = -1; break; } data/convlit-1.8/clit18/explode.c:522:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(xhtml_string)); data/convlit-1.8/clit18/explode.c:523:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((size_t)status != strlen(xhtml_string)) { status = -1; break;} data/convlit-1.8/clit18/transmute.c:53:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). drm_size = 2*(strlen(inscription)+1); data/convlit-1.8/clit18/transmute.c:60:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; (size_t)i < strlen(inscription); i++) { data/convlit-1.8/clit18/utils.c:36:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (head) len += strlen(head); data/convlit-1.8/clit18/utils.c:37:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (body) len += strlen(body); data/convlit-1.8/clit18/utils.c:38:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (tail) len += strlen(tail); data/convlit-1.8/clit18/utils.c:100:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytes = strlen(p)+1; data/convlit-1.8/clit18/utils.c:119:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytes1 = strlen(s1)+1; data/convlit-1.8/clit18/utils.c:120:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytes2 = strlen(s2)+1; data/convlit-1.8/clit18/utils.c:146:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iter->bytes = strlen(string); data/convlit-1.8/lib/litatom.c:123:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(s,p + 1, len); data/convlit-1.8/lib/litatom.c:186:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(s,p, len); data/convlit-1.8/lib/litdrm.c:135:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(msreader_string,ptr,strlen(msreader_string)) != 0) { data/convlit-1.8/lib/litembiggen.c:69:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). status = htmlwrite(write_data,s,strlen(s));\ data/convlit-1.8/lib/litembiggen.c:695:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(entities[found].name)); data/convlit-1.8/lib/litheaders.c:219:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(header, lit_magic_string, strlen(lit_magic_string)) != 0) { data/convlit-1.8/lib/litheaders.c:453:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(p, lit_magic_string, strlen(lit_magic_string)); data/convlit-1.8/lib/litlib.c:234:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (entry->namelen != (int)strlen(name)) match = -1; data/convlit-1.8/lib/litlib.c:236:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (entry->namelen != (int)strlen(name)) && (!match)) { data/convlit-1.8/lib/litlib.c:361:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). match = strncasecmp(&entry->name,prefix, strlen(prefix)); data/convlit-1.8/lib/litlib.c:399:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (entry->namelen != (int)strlen(name)) match = -1; data/convlit-1.8/lib/litlib.c:401:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( (entry->namelen != (int)strlen(name)) && (!match)) { data/convlit-1.8/lib/litlib.c:418:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new = malloc(sizeof(entry_type)+strlen(name)); data/convlit-1.8/lib/litlib.c:428:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new->namelen = (int)strlen(name); data/convlit-1.8/lib/litutil.c:49:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(s); data/convlit-1.8/lib/litutil.c:62:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr += strlen(ptr); data/convlit-1.8/lib/newlzx/lzxd.c:134:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int read = lzx->sys->read(lzx->input, &lzx->inbuf[0], (int)lzx->inbuf_size); data/convlit-1.8/lib/newlzx/lzxd.c:135:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read < 0) return lzx->error = MSPACK_ERR_READ; data/convlit-1.8/lib/newlzx/lzxd.c:152:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). lzx->i_end = &lzx->inbuf[read]; data/convlit-1.8/lib/newlzx/mspack.h:290:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int (*read)(struct mspack_file *file, data/convlit-1.8/lib/newlzx/system.h:59:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). static inline size_t strlen(const char *s) { ANALYSIS SUMMARY: Hits = 162 Lines analyzed = 13069 in approximately 0.46 seconds (28472 lines/second) Physical Source Lines of Code (SLOC) = 8137 Hits@level = [0] 30 [1] 51 [2] 85 [3] 1 [4] 25 [5] 0 Hits@level+ = [0+] 192 [1+] 162 [2+] 111 [3+] 26 [4+] 25 [5+] 0 Hits/KSLOC@level+ = [0+] 23.5959 [1+] 19.9091 [2+] 13.6414 [3+] 3.19528 [4+] 3.07239 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.