Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/crunch-3.6/crunch.c FINAL RESULTS: data/crunch-3.6/crunch.c:1524:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(compoutput, finalnewfile); data/crunch-3.6/crunch.c:1528:18: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. status=execlp(compressalgo, compressalgo, "-9", "-f", "-v", finalnewfile, NULL); data/crunch-3.6/crunch.c:1532:18: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. status=execlp(compressalgo, compressalgo, "-9", "-f", "-v", finalnewfile, NULL); data/crunch-3.6/crunch.c:1536:18: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. status=execlp(compressalgo, compressalgo, "-9", "-f", "-v", finalnewfile, NULL); data/crunch-3.6/crunch.c:1540:18: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. status=execlp("7z", "7z", "a", comptype, "-mx=9", compoutput, finalnewfile, NULL); data/crunch-3.6/crunch.c:1544:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(compoutput, outputfilename); data/crunch-3.6/crunch.c:1549:18: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. status=execlp(compressalgo, compressalgo, "-9", "-f", "-v", outputfilename, NULL); data/crunch-3.6/crunch.c:1553:18: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. status=execlp(compressalgo, compressalgo, "-9", "-f", "-v", outputfilename, NULL); data/crunch-3.6/crunch.c:1557:18: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. status=execlp(compressalgo, compressalgo, "-9", "-f", "-v", outputfilename, NULL); data/crunch-3.6/crunch.c:1561:18: [4] (shell) execlp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. status=execlp("7z", "7z", "a", comptype, "-mx=9", compoutput, outputfilename, NULL); data/crunch-3.6/crunch.c:470:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[MB_CUR_MAX+1]; data/crunch-3.6/crunch.c:489:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, s, n); data/crunch-3.6/crunch.c:1428:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[512]; /* buffer to hold line from wordlist */ data/crunch-3.6/crunch.c:1471:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((optr = fopen(fpath,"r")) == NULL) { data/crunch-3.6/crunch.c:1539:11: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(compoutput, ".7z"); data/crunch-3.6/crunch.c:1547:11: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(compoutput, ".lzma"); data/crunch-3.6/crunch.c:1560:11: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(compoutput, ".7z"); data/crunch-3.6/crunch.c:1595:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mb[MB_CUR_MAX+1]; data/crunch-3.6/crunch.c:1664:1: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t *temp[1]; data/crunch-3.6/crunch.c:1736:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fptr = fopen(fpath,"a+")) == NULL) { /* append to file */ data/crunch-3.6/crunch.c:1768:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fptr = fopen(fpath, "w")) == NULL) { data/crunch-3.6/crunch.c:1836:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fptr = fopen(fpath, "w")) == NULL) { data/crunch-3.6/crunch.c:1875:1: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t *temp[1]; data/crunch-3.6/crunch.c:2070:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fptr = fopen(fpath,"a+")) == NULL) { /* append to file */ data/crunch-3.6/crunch.c:2109:27: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fptr = fopen(fpath, "w")) == NULL) { data/crunch-3.6/crunch.c:2186:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[512]; /* buffer to hold line from wordlist */ data/crunch-3.6/crunch.c:2193:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((optr = fopen(fpath,"r")) == NULL) { data/crunch-3.6/crunch.c:2234:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[512]; /* buffer to hold line from charset file */ data/crunch-3.6/crunch.c:2238:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((optr = fopen(charfilename,"r")) == NULL) { /* open file to read from */ data/crunch-3.6/crunch.c:2255:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(charset, chars, strlen(chars)-1); /* don't strip off space only ]*/ data/crunch-3.6/crunch.c:2257:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(charset, chars, strlen(chars)-2); /* strip off ] */ data/crunch-3.6/crunch.c:2278:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /*@notnull@*/ char buff[512]; /* buffer to hold line from charset file */ data/crunch-3.6/crunch.c:2284:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((optr = fopen(charfilename,"r")) == NULL) { /* open file to read from */ data/crunch-3.6/crunch.c:2517:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). min = (size_t)atoi(argv[1]); data/crunch-3.6/crunch.c:2518:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max = (size_t)atoi(argv[2]); data/crunch-3.6/crunch.c:2648:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(charsetfilename, argv[i+1], strlen(argv[i+1])); data/crunch-3.6/crunch.c:2747:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fpath, "START", 5); data/crunch-3.6/crunch.c:2758:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fpath, argv[i+1], temp); data/crunch-3.6/crunch.c:2990:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char response[8]; data/crunch-3.6/crunch.c:360:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t slen = strlen(s); data/crunch-3.6/crunch.c:416:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = s ? strlen(s)+1 : 1; data/crunch-3.6/crunch.c:487:14: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = (1 + wcslen(s)) * sizeof(wchar_t); data/crunch-3.6/crunch.c:500:19: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < wcslen(string1); i++) { data/crunch-3.6/crunch.c:747:15: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (i < wcslen(options->min_string)) data/crunch-3.6/crunch.c:1206:21: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < wcslen(block); i++) data/crunch-3.6/crunch.c:1211:21: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < wcslen(block); i++) { data/crunch-3.6/crunch.c:1260:19: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t blocklen = wcslen(block); data/crunch-3.6/crunch.c:1436:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). finalnewfile = calloc((end*3)+5+strlen(fpath), sizeof(char)); /* max length will be 3x outname */ data/crunch-3.6/crunch.c:1442:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newfile = calloc((end*3)+5+strlen(fpath), sizeof(char)); /* max length will be 3x outname */ data/crunch-3.6/crunch.c:1449:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). comptype = calloc(strlen(compressalgo)+3, sizeof(char)); /* -t bzip2 plus CR */ data/crunch-3.6/crunch.c:1456:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). compoutput = calloc((end*3)+5+strlen(fpath), sizeof(char)); /* max length will be 3x outname */ data/crunch-3.6/crunch.c:1462:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(outputfilename, fpath, strlen(fpath)) != 0) { data/crunch-3.6/crunch.c:1477:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(newfile, buff, strlen(buff)-1); /* get rid of CR */ data/crunch-3.6/crunch.c:1477:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(newfile, buff, strlen(buff)-1); /* get rid of CR */ data/crunch-3.6/crunch.c:1487:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(newfile, "-"); /* build new filename */ data/crunch-3.6/crunch.c:1488:5: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(newfile, buff, strlen(buff)-1); /* get rid of CR */ data/crunch-3.6/crunch.c:1488:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(newfile, buff, strlen(buff)-1); /* get rid of CR */ data/crunch-3.6/crunch.c:1490:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(finalnewfile,fpath,strlen(fpath)-5); data/crunch-3.6/crunch.c:1490:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(finalnewfile,fpath,strlen(fpath)-5); data/crunch-3.6/crunch.c:1494:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(finalnewfile,newfile,strlen(newfile)); data/crunch-3.6/crunch.c:1494:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(finalnewfile,newfile,strlen(newfile)); data/crunch-3.6/crunch.c:1495:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(finalnewfile, ".txt", 4); data/crunch-3.6/crunch.c:1501:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(finalnewfile,newfile,strlen(newfile)); data/crunch-3.6/crunch.c:1501:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(finalnewfile,newfile,strlen(newfile)); data/crunch-3.6/crunch.c:1502:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(finalnewfile, ".txt", 4); data/crunch-3.6/crunch.c:1520:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(comptype,"-t", 2); data/crunch-3.6/crunch.c:1521:7: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(comptype, compressalgo, strlen(compressalgo)); data/crunch-3.6/crunch.c:1521:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncat(comptype, compressalgo, strlen(compressalgo)); data/crunch-3.6/crunch.c:1598:26: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (t = 0, j = 0; t < wcslen(pattern); t++) { data/crunch-3.6/crunch.c:1649:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). my_thread.bytecounter+=strlen(gconvbuffer); data/crunch-3.6/crunch.c:1895:34: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). my_thread.bytecounter += wcslen(wordarray[t]); data/crunch-3.6/crunch.c:1957:22: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(k = 0; k < wcslen(options.low_charset); k++) { data/crunch-3.6/crunch.c:1968:28: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(k = 0; k < wcslen(options.low_charset); k++) data/crunch-3.6/crunch.c:1979:28: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(k = 0; k < wcslen(options.upp_charset); k++) data/crunch-3.6/crunch.c:1990:28: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(k = 0; k < wcslen(options.num_charset); k++) data/crunch-3.6/crunch.c:2001:28: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(k = 0; k < wcslen(options.sym_charset); k++) data/crunch-3.6/crunch.c:2053:93: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (!finished(block2,options) && !ctrlbreak && (wcsncmp(block2,options.endstring,wcslen(options.endstring)) != 0) ) { data/crunch-3.6/crunch.c:2065:46: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (wcsncmp(block2,options.endstring,wcslen(options.endstring)) == 0) data/crunch-3.6/crunch.c:2077:80: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((options.endstring != NULL) && (wcsncmp(block2,options.endstring,wcslen(options.endstring)) == 0)) data/crunch-3.6/crunch.c:2108:82: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((options.endstring == NULL) || (wcsncmp(block2,options.endstring,wcslen(options.endstring)) != 0)) { data/crunch-3.6/crunch.c:2151:80: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((options.endstring != NULL) && (wcsncmp(block2,options.endstring,wcslen(options.endstring)) == 0)) data/crunch-3.6/crunch.c:2201:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). my_thread.bytecounter += (unsigned long long)strlen(buff); data/crunch-3.6/crunch.c:2204:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). my_thread.bytecounter -= (unsigned long long)strlen(buff); data/crunch-3.6/crunch.c:2213:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buff[strlen(buff)-1]='\0'; data/crunch-3.6/crunch.c:2219:21: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (j = 0; j < wcslen(startblock); j++) { data/crunch-3.6/crunch.c:2220:22: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(k = 0; k < wcslen(charset); k++) data/crunch-3.6/crunch.c:2249:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). charset = calloc(strlen(chars), sizeof(char)); data/crunch-3.6/crunch.c:2254:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(&chars[(strlen(chars)-1)], "]", 1) == 0) data/crunch-3.6/crunch.c:2255:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(charset, chars, strlen(chars)-1); /* don't strip off space only ]*/ data/crunch-3.6/crunch.c:2257:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(charset, chars, strlen(chars)-2); /* strip off ] */ data/crunch-3.6/crunch.c:2303:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buff[strlen(buff)-1]='\0'; data/crunch-3.6/crunch.c:2319:16: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = wcslen(src); data/crunch-3.6/crunch.c:2325:7: [1] (buffer) wcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. wcsncat(dest,&src[i],1); data/crunch-3.6/crunch.c:2440:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). templen = strlen(argv[i])+1; data/crunch-3.6/crunch.c:2460:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). templen = strlen(argv[i])+1; data/crunch-3.6/crunch.c:2480:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). templen = strlen(argv[i])+1; data/crunch-3.6/crunch.c:2500:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). templen = strlen(argv[i])+1; data/crunch-3.6/crunch.c:2538:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). arglen = strlen(bcountval); data/crunch-3.6/crunch.c:2627:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). templen = strlen(argv[i+1])+1; data/crunch-3.6/crunch.c:2643:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). charsetfilename = calloc(strlen(argv[i+1])+1, sizeof(char)); data/crunch-3.6/crunch.c:2648:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(charsetfilename, argv[i+1], strlen(argv[i+1])); data/crunch-3.6/crunch.c:2660:27: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). numofelements = wcslen(charset); data/crunch-3.6/crunch.c:2751:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp = strlen(argv[i+1])-strlen(hold)+1; data/crunch-3.6/crunch.c:2751:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). temp = strlen(argv[i+1])-strlen(hold)+1; data/crunch-3.6/crunch.c:2759:11: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. Risk is low because the source is a constant string. strncat(fpath, "START", 5); data/crunch-3.6/crunch.c:2775:27: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). numofelements = wcslen(tempwcs); data/crunch-3.6/crunch.c:2836:13: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (wcslen(startblock) != min) { data/crunch-3.6/crunch.c:2837:73: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr,"Warning: minimum length should be %d\n", (int)wcslen(startblock)); data/crunch-3.6/crunch.c:2851:20: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((max > wcslen(pattern)) || (min < wcslen(pattern))) { data/crunch-3.6/crunch.c:2851:47: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((max > wcslen(pattern)) || (min < wcslen(pattern))) { data/crunch-3.6/crunch.c:2853:100: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr,"min = %d max = %d strlen(%s)=%d\n",(int)min, (int)max, argv[i+1], (int)wcslen(pattern)); data/crunch-3.6/crunch.c:2891:9: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (wcslen(literalstring) != wcslen(pattern)) { data/crunch-3.6/crunch.c:2891:34: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (wcslen(literalstring) != wcslen(pattern)) { data/crunch-3.6/crunch.c:2905:16: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (max != wcslen(endstring)) { data/crunch-3.6/crunch.c:2912:27: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (temp = 0; temp < wcslen(startblock); temp++) { data/crunch-3.6/crunch.c:2963:28: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). options.clen = charset ? wcslen(charset) : 0; data/crunch-3.6/crunch.c:2964:32: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). options.ulen = upp_charset ? wcslen(upp_charset) : 0; data/crunch-3.6/crunch.c:2965:32: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). options.nlen = num_charset ? wcslen(num_charset) : 0; data/crunch-3.6/crunch.c:2966:32: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). options.slen = sym_charset ? wcslen(sym_charset) : 0; data/crunch-3.6/crunch.c:2968:28: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). options.plen = pattern ? wcslen(pattern) : 0; data/crunch-3.6/crunch.c:3021:13: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). min = wcslen(startblock); data/crunch-3.6/crunch.c:3122:29: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (temp = 0; temp < wcslen(pattern); temp++) { data/crunch-3.6/crunch.c:3126:41: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). my_thread.finallinecount *= wcslen(charset); data/crunch-3.6/crunch.c:3131:41: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). my_thread.finallinecount *= wcslen(upp_charset); data/crunch-3.6/crunch.c:3136:41: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). my_thread.finallinecount *= wcslen(num_charset); data/crunch-3.6/crunch.c:3141:41: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). my_thread.finallinecount *= wcslen(sym_charset); data/crunch-3.6/crunch.c:3154:31: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (temp = 0; temp < wcslen(pattern); temp++) { data/crunch-3.6/crunch.c:3158:64: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extra_unicode_bytes += (wcstombs(NULL,charset,0)-wcslen(charset))*my_thread.finallinecount/wcslen(charset); data/crunch-3.6/crunch.c:3158:106: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extra_unicode_bytes += (wcstombs(NULL,charset,0)-wcslen(charset))*my_thread.finallinecount/wcslen(charset); data/crunch-3.6/crunch.c:3163:68: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extra_unicode_bytes += (wcstombs(NULL,upp_charset,0)-wcslen(upp_charset))*my_thread.finallinecount/wcslen(upp_charset); data/crunch-3.6/crunch.c:3163:114: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extra_unicode_bytes += (wcstombs(NULL,upp_charset,0)-wcslen(upp_charset))*my_thread.finallinecount/wcslen(upp_charset); data/crunch-3.6/crunch.c:3168:68: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extra_unicode_bytes += (wcstombs(NULL,num_charset,0)-wcslen(num_charset))*my_thread.finallinecount/wcslen(num_charset); data/crunch-3.6/crunch.c:3168:114: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extra_unicode_bytes += (wcstombs(NULL,num_charset,0)-wcslen(num_charset))*my_thread.finallinecount/wcslen(num_charset); data/crunch-3.6/crunch.c:3173:68: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extra_unicode_bytes += (wcstombs(NULL,sym_charset,0)-wcslen(sym_charset))*my_thread.finallinecount/wcslen(sym_charset); data/crunch-3.6/crunch.c:3173:114: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extra_unicode_bytes += (wcstombs(NULL,sym_charset,0)-wcslen(sym_charset))*my_thread.finallinecount/wcslen(sym_charset); ANALYSIS SUMMARY: Hits = 135 Lines analyzed = 3241 in approximately 0.15 seconds (22105 lines/second) Physical Source Lines of Code (SLOC) = 2506 Hits@level = [0] 192 [1] 96 [2] 29 [3] 0 [4] 10 [5] 0 Hits@level+ = [0+] 327 [1+] 135 [2+] 39 [3+] 10 [4+] 10 [5+] 0 Hits/KSLOC@level+ = [0+] 130.487 [1+] 53.8707 [2+] 15.5626 [3+] 3.99042 [4+] 3.99042 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.