Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/cunit-2.1-3-dfsg/CUnit/Headers/Automated.h
Examining data/cunit-2.1-3-dfsg/CUnit/Headers/Basic.h
Examining data/cunit-2.1-3-dfsg/CUnit/Headers/CUCurses.h
Examining data/cunit-2.1-3-dfsg/CUnit/Headers/CUError.h
Examining data/cunit-2.1-3-dfsg/CUnit/Headers/CUnit.h
Examining data/cunit-2.1-3-dfsg/CUnit/Headers/CUnit_intl.h
Examining data/cunit-2.1-3-dfsg/CUnit/Headers/Console.h
Examining data/cunit-2.1-3-dfsg/CUnit/Headers/MyMem.h
Examining data/cunit-2.1-3-dfsg/CUnit/Headers/TestDB.h
Examining data/cunit-2.1-3-dfsg/CUnit/Headers/TestRun.h
Examining data/cunit-2.1-3-dfsg/CUnit/Headers/Util.h
Examining data/cunit-2.1-3-dfsg/CUnit/Headers/wxWidget.h
Examining data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c
Examining data/cunit-2.1-3-dfsg/CUnit/Sources/Basic/Basic.c
Examining data/cunit-2.1-3-dfsg/CUnit/Sources/Console/Console.c
Examining data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c
Examining data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/CUError.c
Examining data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/MyMem.c
Examining data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestDB.c
Examining data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestRun.c
Examining data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c
Examining data/cunit-2.1-3-dfsg/CUnit/Sources/Test/test_cunit.c
Examining data/cunit-2.1-3-dfsg/CUnit/Sources/Test/test_cunit.h
Examining data/cunit-2.1-3-dfsg/CUnit/Sources/Win/Win.c
Examining data/cunit-2.1-3-dfsg/CUnit/Sources/Win/Win.h
Examining data/cunit-2.1-3-dfsg/CUnit/Sources/Win/resource.h
Examining data/cunit-2.1-3-dfsg/CUnit/Sources/wxWidget/wxWidget.cpp
Examining data/cunit-2.1-3-dfsg/Examples/AutomatedTest/AutomatedTest.c
Examining data/cunit-2.1-3-dfsg/Examples/AutomatedTest/AutomatedTest_v1.c
Examining data/cunit-2.1-3-dfsg/Examples/BasicTest/BasicTest.c
Examining data/cunit-2.1-3-dfsg/Examples/ConsoleTest/ConsoleTest.c
Examining data/cunit-2.1-3-dfsg/Examples/ConsoleTest/ConsoleTest_v1.c
Examining data/cunit-2.1-3-dfsg/Examples/CursesTest/CursesTest.c
Examining data/cunit-2.1-3-dfsg/Examples/CursesTest/CursesTest_v1.c
Examining data/cunit-2.1-3-dfsg/Examples/Demo_fprintf/CUnitExample.c
Examining data/cunit-2.1-3-dfsg/Examples/ExampleTests.c
Examining data/cunit-2.1-3-dfsg/Examples/ExampleTests.h
Examining data/cunit-2.1-3-dfsg/Examples/WinTest/StdAfx.cpp
Examining data/cunit-2.1-3-dfsg/Examples/WinTest/StdAfx.h
Examining data/cunit-2.1-3-dfsg/Examples/WinTest/WinTest.cpp
Examining data/cunit-2.1-3-dfsg/Examples/WinTest/WinTest_v1.cpp
Examining data/cunit-2.1-3-dfsg/Examples/wxWidgetsTest/wxWidgetsTest.c
Examining data/cunit-2.1-3-dfsg/config.h
Examining data/cunit-2.1-3-dfsg/doc/headers/Automated.h
Examining data/cunit-2.1-3-dfsg/doc/headers/Basic.h
Examining data/cunit-2.1-3-dfsg/doc/headers/CUCurses.h
Examining data/cunit-2.1-3-dfsg/doc/headers/CUError.h
Examining data/cunit-2.1-3-dfsg/doc/headers/CUnit.h
Examining data/cunit-2.1-3-dfsg/doc/headers/CUnit_intl.h
Examining data/cunit-2.1-3-dfsg/doc/headers/Console.h
Examining data/cunit-2.1-3-dfsg/doc/headers/MyMem.h
Examining data/cunit-2.1-3-dfsg/doc/headers/TestDB.h
Examining data/cunit-2.1-3-dfsg/doc/headers/TestRun.h
Examining data/cunit-2.1-3-dfsg/doc/headers/Util.h
Examining data/cunit-2.1-3-dfsg/doc/headers/Win.h
Examining data/cunit-2.1-3-dfsg/doc/headers/wxWidget.h
Examining data/cunit-2.1-3-dfsg/debian/tests/test.c
FINAL RESULTS:
data/cunit-2.1-3-dfsg/CUnit/Headers/CUnit.h:105:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/cunit-2.1-3-dfsg/CUnit/Headers/CUnit.h:105:22: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:151:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(f_szTestListFileName, szListEnding);
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:162:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(f_szTestResultFileName, szResultEnding);
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:453:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(szTemp, STRING_LENGTH, _(szRunSummary),
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:570:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szString, szStr);
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestDB.c:216:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pSuite->pName, strNewName);
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestDB.c:418:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pTest->pName, strNewName);
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestDB.c:672:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pRetValue->pName, strName);
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestDB.c:794:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pRetValue->pName, strName);
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestRun.c:707:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pFailureNew->strFileName, szFileName);
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestRun.c:719:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pFailureNew->strCondition, szCondition);
data/cunit-2.1-3-dfsg/doc/headers/CUnit.h:105:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/cunit-2.1-3-dfsg/doc/headers/CUnit.h:105:22: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/cunit-2.1-3-dfsg/CUnit/Headers/TestRun.h:110:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PackageName[50];
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:74:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char f_szTestListFileName[MAX_FILENAME_LENGTH] = ""; /**< Current output file name for the test listing file. */
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:75:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char f_szTestResultFileName[MAX_FILENAME_LENGTH] = ""; /**< Current output file name for the test results file. */
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:81:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char _gPackageName[50] = "";
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:219:41: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (NULL == (f_pTestResultFile = fopen(szFilename, "w"))) {
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:644:37: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
else if (NULL == (pTestListFile = fopen(f_szTestListFileName, "w"))) {
data/cunit-2.1-3-dfsg/CUnit/Sources/Console/Console.c:158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTemp[256];
data/cunit-2.1-3-dfsg/CUnit/Sources/Console/Console.c:234:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTemp[256];
data/cunit-2.1-3-dfsg/CUnit/Sources/Console/Console.c:314:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTemp[256];
data/cunit-2.1-3-dfsg/CUnit/Sources/Console/Console.c:408:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/cunit-2.1-3-dfsg/CUnit/Sources/Console/Console.c:425:36: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*ppTest = CU_get_test_by_index(atol(buffer), pSuite);
data/cunit-2.1-3-dfsg/CUnit/Sources/Console/Console.c:447:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/cunit-2.1-3-dfsg/CUnit/Sources/Console/Console.c:464:38: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*ppSuite = CU_get_suite_by_index(atol(buffer), pRegistry);
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:378:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPackageTitle[STRING_LENGTH];
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:416:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTemp[STRING_LENGTH];
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:448:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTemp[STRING_LENGTH];
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:561:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szTemp[128] = "";
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:562:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szString[128] = "";
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:602:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szSuiteNumber[STRING_LENGTH];
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:605:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTemp[STRING_LENGTH];
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:630:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
suite_num = atol(szSuiteNumber);
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:663:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
suite_num = atol(szSuiteNumber);
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:711:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTestNumber[STRING_LENGTH];
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:712:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTemp[STRING_LENGTH];
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:743:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
test_num = atol(szTestNumber);
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:776:22: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
test_num = atol(szTestNumber);
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:944:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTemp[STRING_LENGTH];
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:978:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTemp[STRING_LENGTH];
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:1044:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTemp[STRING_LENGTH];
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:1121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTemp[STRING_LENGTH];
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:1147:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTemp[STRING_LENGTH];
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:1164:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
option_num = atol(szTemp);
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/MyMem.c:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AllocFilename[MAX_FILE_NAME_LENGTH];
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/MyMem.c:80:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DeallocFilename[MAX_FILE_NAME_LENGTH];
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/MyMem.c:338:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (pFile = fopen(szDumpFileName, "w"))) {
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestRun.c:1197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[500];
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:140:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szDest, CU_bindings[conv_index].replacement, repl_len);
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:247:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[33];
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:265:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest_buf[BUF_LEN];
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:267:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ref_buf[BUF_LEN];
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:318:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest, "random initialized string");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:437:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[MAX_LEN];
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:447:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, " ");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:451:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, " b");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:455:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, " B");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:459:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "s ");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:463:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "S ");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:467:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, " 5 ");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:471:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "~ & ^ ( ^ ");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:475:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, " ~ & ^ ( ^");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:479:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, " ~ & ^ ( ^ ");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:486:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[MAX_LEN];
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:496:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, " ");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:500:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, " b");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:504:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, " B");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:508:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "s ");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:512:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "S ");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:516:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, " 5 ");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:520:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "~ & ^ ( ^ ");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:524:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, " ~ & ^ ( ^");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:528:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, " ~ & ^ ( ^ ");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:535:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[MAX_LEN];
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:545:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, " ");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:549:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, " b");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:553:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, " B");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:557:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "s ");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:561:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "S ");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:565:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, " 5 ");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:569:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "~ & ^ ( ^ ");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:573:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, " ~ & ^ ( ^");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:577:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, " ~ & ^ ( ^ ");
data/cunit-2.1-3-dfsg/Examples/Demo_fprintf/CUnitExample.c:41:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (NULL == (temp_file = fopen("temp.txt", "w+"))) {
data/cunit-2.1-3-dfsg/Examples/Demo_fprintf/CUnitExample.c:86:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[20];
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:111:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strlen(f_szTestResultFileName)) {
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:144:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(f_szTestListFileName, szFilenameRoot, MAX_FILENAME_LENGTH - strlen(szListEnding) - 1);
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:144:73: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(f_szTestListFileName, szFilenameRoot, MAX_FILENAME_LENGTH - strlen(szListEnding) - 1);
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:147:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(f_szTestListFileName, f_szDefaultFileRoot, MAX_FILENAME_LENGTH - strlen(szListEnding) - 1);
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:147:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(f_szTestListFileName, f_szDefaultFileRoot, MAX_FILENAME_LENGTH - strlen(szListEnding) - 1);
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:150:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f_szTestListFileName[MAX_FILENAME_LENGTH - strlen(szListEnding) - 1] = '\0';
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:155:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(f_szTestResultFileName, szFilenameRoot, MAX_FILENAME_LENGTH - strlen(szResultEnding) - 1);
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:155:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(f_szTestResultFileName, szFilenameRoot, MAX_FILENAME_LENGTH - strlen(szResultEnding) - 1);
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:158:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(f_szTestResultFileName, f_szDefaultFileRoot, MAX_FILENAME_LENGTH - strlen(szResultEnding) - 1);
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:158:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(f_szTestResultFileName, f_szDefaultFileRoot, MAX_FILENAME_LENGTH - strlen(szResultEnding) - 1);
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:161:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f_szTestResultFileName[MAX_FILENAME_LENGTH - strlen(szResultEnding) - 1] = '\0';
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:169:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strlen(f_szTestListFileName)) {
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:216:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL == szFilename) || (strlen(szFilename) == 0)) {
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:641:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if ((NULL == szFilename) || (0 == strlen(szFilename))) {
data/cunit-2.1-3-dfsg/CUnit/Sources/Automated/Automated.c:757:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(_gPackageName, pName, sizeof(_gPackageName) - 1);
data/cunit-2.1-3-dfsg/CUnit/Sources/Console/Console.c:130:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f_yes_width = strlen(_("Yes"));
data/cunit-2.1-3-dfsg/CUnit/Sources/Console/Console.c:131:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f_no_width = strlen(_("No"));
data/cunit-2.1-3-dfsg/CUnit/Sources/Console/Console.c:166:24: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
chChoice = toupper(getchar());
data/cunit-2.1-3-dfsg/CUnit/Sources/Console/Console.c:245:24: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
chChoice = toupper(getchar());
data/cunit-2.1-3-dfsg/CUnit/Sources/Console/Console.c:324:16: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
chChoice = getchar();
data/cunit-2.1-3-dfsg/CUnit/Sources/Console/Console.c:497:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width[2] = CU_MAX(strlen(_("Init?")), CU_MAX(f_yes_width, f_no_width)) + 1;
data/cunit-2.1-3-dfsg/CUnit/Sources/Console/Console.c:498:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width[3] = CU_MAX(strlen(_("Cleanup?")), CU_MAX(f_yes_width, f_no_width)) + 1;
data/cunit-2.1-3-dfsg/CUnit/Sources/Console/Console.c:499:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width[4] = CU_MAX(strlen(_("#Tests")), CU_number_width(pRegistry->uiNumberOfTests) + 1) + 1;
data/cunit-2.1-3-dfsg/CUnit/Sources/Console/Console.c:500:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width[5] = CU_MAX(strlen(_("Active?")), CU_MAX(f_yes_width, f_no_width)) + 1;
data/cunit-2.1-3-dfsg/CUnit/Sources/Console/Console.c:554:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width[2] = CU_MAX(strlen(_("Active?")), CU_MAX(f_yes_width, f_no_width)) + 1;
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:233:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f_yes_width = strlen(_("Yes"));
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:234:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f_no_width = strlen(_("No"));
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:391:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
0, f_nLeft + (f_nWidth - strlen(szPackageTitle))/2,
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:395:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mvwprintw(application_windows.pTitleWin, 1, f_nLeft + (f_nWidth - strlen(_(szSite)))/2,
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:437:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(256 >= strlen(msg));
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:472:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f_nLeft + (f_nWidth - strlen(_(szDetailsTitle)))/2, "%s", _(szDetailsTitle));
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:510:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nStart = strlen(_(f_szProgress));
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:1002:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width[2] = CU_MAX(strlen(_("Init?")), CU_MAX(f_yes_width, f_no_width)) + 1;
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:1003:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width[3] = CU_MAX(strlen(_("Cleanup?")), CU_MAX(f_yes_width, f_no_width)) + 1;
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:1004:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width[4] = CU_MAX(strlen(_("#Tests")), CU_number_width(pRegistry->uiNumberOfTests) + 1) + 1;
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:1005:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width[5] = CU_MAX(strlen(_("Active?")), CU_MAX(f_yes_width, f_no_width)) + 1;
data/cunit-2.1-3-dfsg/CUnit/Sources/Curses/Curses.c:1067:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width[2] = CU_MAX(strlen(_("Active?")), CU_MAX(f_yes_width, f_no_width)) + 1;
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/MyMem.c:165:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pMemoryEvent->AllocFilename, alloc_filename, (size_t) MAX_FILE_NAME_LENGTH-1);
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/MyMem.c:245:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pTempEvent->DeallocFilename, szDeletionFileName, MAX_FILE_NAME_LENGTH-1);
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/MyMem.c:334:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((NULL != szFilename) && strlen(szFilename) > 0) {
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestDB.c:215:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pSuite->pName = (char *)CU_MALLOC(strlen(strNewName)+1);
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestDB.c:417:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pTest->pName = (char *)CU_MALLOC(strlen(strNewName)+1);
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestDB.c:670:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pRetValue->pName = (char *)CU_MALLOC(strlen(strName)+1);
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestDB.c:792:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pRetValue->pName = (char *)CU_MALLOC(strlen(strName)+1);
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestRun.c:575:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width[0] = strlen(_("Run Summary:"));
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestRun.c:577:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CU_MAX(strlen(_("Type")),
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestRun.c:578:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CU_MAX(strlen(_("suites")),
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestRun.c:579:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CU_MAX(strlen(_("tests")),
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestRun.c:580:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(_("asserts")))))) + 1;
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestRun.c:582:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CU_MAX(strlen(_("Total")),
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestRun.c:587:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CU_MAX(strlen(_("Ran")),
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestRun.c:592:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CU_MAX(strlen(_("Passed")),
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestRun.c:593:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CU_MAX(strlen(_("n/a")),
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestRun.c:597:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CU_MAX(strlen(_("Failed")),
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestRun.c:602:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CU_MAX(strlen(_("Inactive")),
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestRun.c:605:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(_("n/a")))))) + 1;
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestRun.c:607:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width[7] = strlen(_("Elapsed time = "));
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestRun.c:608:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
width[8] = strlen(_(" seconds"));
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestRun.c:702:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pFailureNew->strFileName = (char*)CU_MALLOC(strlen(szFileName) + 1);
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/TestRun.c:711:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pFailureNew->strCondition = (char*)CU_MALLOC(strlen(szCondition) + 1);
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:139:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (maxlen > (repl_len = strlen(CU_bindings[conv_index].replacement))) {
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:175:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count += strlen(CU_bindings[conv_index].replacement);
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:233:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLength = strlen(szString);
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:251:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(buf));
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:322:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST(!strncmp(dest+strlen(dest)+1, ref_buf, MAX_LEN-strlen(dest)-1));
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:322:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TEST(!strncmp(dest+strlen(dest)+1, ref_buf, MAX_LEN-strlen(dest)-1));
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:439:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(string, "");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:443:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(string, " ");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:488:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(string, "");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:492:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(string, " ");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:537:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(string, "");
data/cunit-2.1-3-dfsg/CUnit/Sources/Framework/Util.c:541:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(string, " ");
data/cunit-2.1-3-dfsg/Examples/AutomatedTest/AutomatedTest_v1.c:130:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_NSTRING_EQUAL(str1, str2, strlen(str1)) ;
data/cunit-2.1-3-dfsg/Examples/AutomatedTest/AutomatedTest_v1.c:131:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_NSTRING_EQUAL(str1, str1, strlen(str1)) ;
data/cunit-2.1-3-dfsg/Examples/AutomatedTest/AutomatedTest_v1.c:132:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_NSTRING_EQUAL(str1, str1, strlen(str1) + 1) ;
data/cunit-2.1-3-dfsg/Examples/AutomatedTest/AutomatedTest_v1.c:142:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_NSTRING_NOT_EQUAL(str1, str3, strlen(str1) + 1) ;
data/cunit-2.1-3-dfsg/Examples/ConsoleTest/ConsoleTest_v1.c:130:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_NSTRING_EQUAL(str1, str2, strlen(str1)) ;
data/cunit-2.1-3-dfsg/Examples/ConsoleTest/ConsoleTest_v1.c:131:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_NSTRING_EQUAL(str1, str1, strlen(str1)) ;
data/cunit-2.1-3-dfsg/Examples/ConsoleTest/ConsoleTest_v1.c:132:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_NSTRING_EQUAL(str1, str1, strlen(str1) + 1) ;
data/cunit-2.1-3-dfsg/Examples/ConsoleTest/ConsoleTest_v1.c:142:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_NSTRING_NOT_EQUAL(str1, str3, strlen(str1) + 1) ;
data/cunit-2.1-3-dfsg/Examples/CursesTest/CursesTest_v1.c:133:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_NSTRING_EQUAL(str1, str2, strlen(str1)) ;
data/cunit-2.1-3-dfsg/Examples/CursesTest/CursesTest_v1.c:134:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_NSTRING_EQUAL(str1, str1, strlen(str1)) ;
data/cunit-2.1-3-dfsg/Examples/CursesTest/CursesTest_v1.c:135:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_NSTRING_EQUAL(str1, str1, strlen(str1) + 1) ;
data/cunit-2.1-3-dfsg/Examples/CursesTest/CursesTest_v1.c:145:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_NSTRING_NOT_EQUAL(str1, str3, strlen(str1) + 1) ;
data/cunit-2.1-3-dfsg/Examples/ExampleTests.c:178:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CU_ASSERT_NSTRING_EQUAL(str1, str2, strlen(str1));
data/cunit-2.1-3-dfsg/Examples/ExampleTests.c:179:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CU_ASSERT_NSTRING_EQUAL(str1, str1, strlen(str1));
data/cunit-2.1-3-dfsg/Examples/ExampleTests.c:180:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CU_ASSERT_NSTRING_EQUAL(str1, str1, strlen(str1) + 1);
data/cunit-2.1-3-dfsg/Examples/ExampleTests.c:183:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CU_ASSERT_NSTRING_EQUAL(str1, str3, strlen(str1));
data/cunit-2.1-3-dfsg/Examples/ExampleTests.c:193:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CU_ASSERT_NSTRING_NOT_EQUAL(str1, str3, strlen(str1) + 1);
ANALYSIS SUMMARY:
Hits = 176
Lines analyzed = 19573 in approximately 0.77 seconds (25456 lines/second)
Physical Source Lines of Code (SLOC) = 11114
Hits@level = [0] 232 [1] 89 [2] 73 [3] 0 [4] 14 [5] 0
Hits@level+ = [0+] 408 [1+] 176 [2+] 87 [3+] 14 [4+] 14 [5+] 0
Hits/KSLOC@level+ = [0+] 36.7105 [1+] 15.8359 [2+] 7.82796 [3+] 1.25967 [4+] 1.25967 [5+] 0
Dot directories skipped = 12 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.