Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gauche-c-wrapper-0.6.1/examples/sdl/sdl_helper.c
Examining data/gauche-c-wrapper-0.6.1/libffi/include/ffi_common.h
Examining data/gauche-c-wrapper-0.6.1/libffi/src/alpha/ffi.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/alpha/ffitarget.h
Examining data/gauche-c-wrapper-0.6.1/libffi/src/arm/ffi.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/arm/ffitarget.h
Examining data/gauche-c-wrapper-0.6.1/libffi/src/cris/ffi.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/cris/ffitarget.h
Examining data/gauche-c-wrapper-0.6.1/libffi/src/debug.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/frv/ffi.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/frv/ffitarget.h
Examining data/gauche-c-wrapper-0.6.1/libffi/src/ia64/ffi.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/ia64/ffitarget.h
Examining data/gauche-c-wrapper-0.6.1/libffi/src/ia64/ia64_flags.h
Examining data/gauche-c-wrapper-0.6.1/libffi/src/java_raw_api.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/m32r/ffi.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/m32r/ffitarget.h
Examining data/gauche-c-wrapper-0.6.1/libffi/src/m68k/ffi.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/m68k/ffitarget.h
Examining data/gauche-c-wrapper-0.6.1/libffi/src/mips/ffi.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/mips/ffitarget.h
Examining data/gauche-c-wrapper-0.6.1/libffi/src/pa/ffi.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/pa/ffitarget.h
Examining data/gauche-c-wrapper-0.6.1/libffi/src/powerpc/asm.h
Examining data/gauche-c-wrapper-0.6.1/libffi/src/powerpc/ffi.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/powerpc/ffi_darwin.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/powerpc/ffitarget.h
Examining data/gauche-c-wrapper-0.6.1/libffi/src/prep_cif.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/raw_api.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/s390/ffi.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/s390/ffitarget.h
Examining data/gauche-c-wrapper-0.6.1/libffi/src/sh/ffi.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/sh/ffitarget.h
Examining data/gauche-c-wrapper-0.6.1/libffi/src/sh64/ffi.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/sh64/ffitarget.h
Examining data/gauche-c-wrapper-0.6.1/libffi/src/sparc/ffi.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/sparc/ffitarget.h
Examining data/gauche-c-wrapper-0.6.1/libffi/src/types.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/x86/ffi.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/x86/ffi64.c
Examining data/gauche-c-wrapper-0.6.1/libffi/src/x86/ffitarget.h
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/closure_fn0.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/closure_fn1.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/closure_fn2.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/closure_fn3.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/closure_fn4.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/closure_fn5.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_12byte.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_16byte.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_18byte.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_19byte.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_1_1byte.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_20byte.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_20byte1.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_24byte.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_2byte.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_3_1byte.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_3byte1.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_3byte2.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_4_1byte.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_4byte.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_5_1_byte.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_5byte.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_64byte.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_6_1_byte.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_6byte.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_7_1_byte.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_7byte.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_8byte.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_9byte1.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_9byte2.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_align_double.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_align_float.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_align_longdouble.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_align_pointer.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_align_sint16.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_align_sint32.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_align_sint64.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_align_uint16.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_align_uint32.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_align_uint64.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_double.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_float.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_multi_schar.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_multi_sshort.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_multi_sshortchar.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_multi_uchar.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_multi_ushort.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_multi_ushortchar.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_schar.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_sint.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_sshort.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_uchar.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_uint.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_ulonglong.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_ushort.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/ffitest.h
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/float.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/float1.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/float2.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/float3.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/many.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/many_win32.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/negint.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/nested_struct.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/nested_struct1.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/nested_struct2.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/nested_struct3.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/problem1.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/promotion.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/pyobjc-tc.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/return_ll.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/return_ll1.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/return_sc.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/return_uc.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/strlen.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/strlen_win32.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/struct1.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/struct2.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/struct3.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/struct4.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/struct5.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/struct6.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/struct7.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/struct8.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/struct9.c
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.special/ffitestcxx.h
Examining data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.special/unwindtest.cc
Examining data/gauche-c-wrapper-0.6.1/src/c-ffi.c
Examining data/gauche-c-wrapper-0.6.1/src/c-ffi.h
Examining data/gauche-c-wrapper-0.6.1/src/c-lex.c
Examining data/gauche-c-wrapper-0.6.1/src/c-lex.h
Examining data/gauche-c-wrapper-0.6.1/src/c-parser.h
Examining data/gauche-c-wrapper-0.6.1/src/closure_alloc.h
Examining data/gauche-c-wrapper-0.6.1/src/ObjCError.c
Examining data/gauche-c-wrapper-0.6.1/src/ObjCError.h
Examining data/gauche-c-wrapper-0.6.1/src/util.h
Examining data/gauche-c-wrapper-0.6.1/src/y.tab.c
Examining data/gauche-c-wrapper-0.6.1/src/c-parser.c
Examining data/gauche-c-wrapper-0.6.1/src/closure_alloc.c
Examining data/gauche-c-wrapper-0.6.1/testsuite/array_qualifier.h
Examining data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c
Examining data/gauche-c-wrapper-0.6.1/testsuite/ffitest.h
Examining data/gauche-c-wrapper-0.6.1/testsuite/fptr_array.c
Examining data/gauche-c-wrapper-0.6.1/testsuite/fptr_array.h
Examining data/gauche-c-wrapper-0.6.1/testsuite/gcc_extension.c
Examining data/gauche-c-wrapper-0.6.1/testsuite/gcc_extension.h
Examining data/gauche-c-wrapper-0.6.1/testsuite/objc-test.h
Examining data/gauche-c-wrapper-0.6.1/testsuite/struct_in_union.h
FINAL RESULTS:
data/gauche-c-wrapper-0.6.1/libffi/src/pa/ffi.c:43:57: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define debug(lvl, x...) do { if (lvl <= DEBUG_LEVEL) { printf(x); } } while (0)
data/gauche-c-wrapper-0.6.1/src/y.tab.c:2768:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:147:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, v1);
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:148:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result, v2);
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:309:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result[i], v1[i]);
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:310:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result[i], v2[i]);
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:533:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result.value, v1.value);
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:534:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result.value, v2.value);
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:573:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result.value[i], v1.value[i]);
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:574:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result.value[i], v2.value[i]);
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:600:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result.str, v1.str);
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:601:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result.str, v2.str);
data/gauche-c-wrapper-0.6.1/src/c-ffi.c:875:27: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
void *handle = (void*)LoadLibrary(SCM_MBS2WCS(path));
data/gauche-c-wrapper-0.6.1/libffi/include/ffi_common.h:40:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memcpy(d, s, n) bcopy ((s), (d), (n))
data/gauche-c-wrapper-0.6.1/libffi/include/ffi_common.h:40:27: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memcpy(d, s, n) bcopy ((s), (d), (n))
data/gauche-c-wrapper-0.6.1/libffi/src/alpha/ffi.c:133:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argp, *avalue, (*arg_types)->size);
data/gauche-c-wrapper-0.6.1/libffi/src/arm/ffi.c:99:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/cris/ffi.c:93:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/cris/ffi.c:98:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/cris/ffi.c:109:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((stack + uiLocOnStack), *p_argv, (*p_arg)->size);
data/gauche-c-wrapper-0.6.1/libffi/src/cris/ffi.c:145:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/cris/ffi.c:373:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (closure->tramp, ffi_cris_trampoline_template,
data/gauche-c-wrapper-0.6.1/libffi/src/cris/ffi.c:375:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (closure->tramp + ffi_cris_trampoline_fn_offset,
data/gauche-c-wrapper-0.6.1/libffi/src/cris/ffi.c:377:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (closure->tramp + ffi_cris_trampoline_closure_offset,
data/gauche-c-wrapper-0.6.1/libffi/src/frv/ffi.c:100:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/ia64/ffi.c:330:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&stack->gp_regs[gpcount], avalue[i], 16);
data/gauche-c-wrapper-0.6.1/libffi/src/ia64/ffi.c:362:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&stack->gp_regs[gpcount], avalue[i], size);
data/gauche-c-wrapper-0.6.1/libffi/src/ia64/ffi.c:544:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (addr + offset, (char *)stack->gp_regs + gp_offset,
data/gauche-c-wrapper-0.6.1/libffi/src/java_raw_api.c:222:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((void*) raw->data, (void*)*args, (*tp)->size);
data/gauche-c-wrapper-0.6.1/libffi/src/m32r/ffi.c:96:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/m32r/ffi.c:98:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (argp + 4 - z, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/m32r/ffi.c:121:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/m32r/ffi.c:128:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/m32r/ffi.c:228:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ecif.rvalue, ecif.rvalue + 8-size, size);
data/gauche-c-wrapper-0.6.1/libffi/src/m32r/ffi.c:236:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ecif.rvalue, ecif.rvalue + 8-size, size);
data/gauche-c-wrapper-0.6.1/libffi/src/m68k/ffi.c:66:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (argp + sizeof (int) - z, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/m68k/ffi.c:75:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/mips/ffi.c:141:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argp, *p_argv, (*p_arg)->size);
data/gauche-c-wrapper-0.6.1/libffi/src/mips/ffi.c:148:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/mips/ffi.c:158:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/mips/ffi.c:163:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argp, *p_argv, portion);
data/gauche-c-wrapper-0.6.1/libffi/src/mips/ffi.c:165:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argp,
data/gauche-c-wrapper-0.6.1/libffi/src/pa/ffi.c:214:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)dest_cpy, (char *)*p_argv, (*p_arg)->size);
data/gauche-c-wrapper-0.6.1/libffi/src/pa/ffi.c:223:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)dest_cpy, (char *)*p_argv, (*p_arg)->size);
data/gauche-c-wrapper-0.6.1/libffi/src/pa/ffi.c:542:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)tmp, &ret[0], cif->rtype->size);
data/gauche-c-wrapper-0.6.1/libffi/src/pa/ffi.c:562:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char *)ret2 + off, ret, 8 - off);
data/gauche-c-wrapper-0.6.1/libffi/src/powerpc/ffi.c:214:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy_space, (char *)*p_argv, (*ptr)->size);
data/gauche-c-wrapper-0.6.1/libffi/src/powerpc/ffi.c:392:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) next_arg, (char *) *p_argv, first);
data/gauche-c-wrapper-0.6.1/libffi/src/powerpc/ffi.c:393:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *) rest, (char *) *p_argv + first,
data/gauche-c-wrapper-0.6.1/libffi/src/powerpc/ffi.c:406:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (where, (char *) *p_argv, (*ptr)->size);
data/gauche-c-wrapper-0.6.1/libffi/src/powerpc/ffi.c:788:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (tramp, (char *) ffi_closure_LINUX64, 16);
data/gauche-c-wrapper-0.6.1/libffi/src/powerpc/ffi_darwin.c:202:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)dest_cpy, (char *)*p_argv, size_al);
data/gauche-c-wrapper-0.6.1/libffi/src/powerpc/ffi_darwin.c:742:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&temp_ld.lb[0], pfr, sizeof(ldbits));
data/gauche-c-wrapper-0.6.1/libffi/src/powerpc/ffi_darwin.c:743:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&temp_ld.lb[1], pgr + 2, sizeof(ldbits));
data/gauche-c-wrapper-0.6.1/libffi/src/raw_api.c:176:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((void*) raw->data, (void*)*args, (*tp)->size);
data/gauche-c-wrapper-0.6.1/libffi/src/s390/ffi.c:219:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p_struct, (char *)arg, (*ptr)->size);
data/gauche-c-wrapper-0.6.1/libffi/src/sh/ffi.c:203:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/sh/ffi.c:218:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/sh/ffi.c:294:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/sh/ffi.c:313:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/sh/ffi.c:462:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (rvalue, &trvalue, cif->rtype->size);
data/gauche-c-wrapper-0.6.1/libffi/src/sh64/ffi.c:106:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/sh64/ffi.c:147:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/sh64/ffi.c:288:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (rvalue, &trvalue, cif->rtype->size);
data/gauche-c-wrapper-0.6.1/libffi/src/sparc/ffi.c:111:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/sparc/ffi.c:216:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/sparc/ffi.c:227:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/sparc/ffi.c:238:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/x86/ffi.c:109:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(argp, *p_argv, z);
data/gauche-c-wrapper-0.6.1/libffi/src/x86/ffi.c:402:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (stack, ecif->avalue, ecif->cif->bytes);
data/gauche-c-wrapper-0.6.1/libffi/src/x86/ffi64.c:395:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (argp, avalue[i], size);
data/gauche-c-wrapper-0.6.1/libffi/src/x86/ffi64.c:401:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *a = (char *) avalue[i];
data/gauche-c-wrapper-0.6.1/libffi/src/x86/ffi64.c:411:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (®_args->gpr[gprcount], a, size < 8 ? size : 8);
data/gauche-c-wrapper-0.6.1/libffi/src/x86/ffi64.c:555:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (a, ®_args->sse[ssecount++], 8);
data/gauche-c-wrapper-0.6.1/libffi/src/x86/ffi64.c:557:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (a, ®_args->gpr[gprcount++], 8);
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_multi_schar.c:26:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
a1 = *(signed char *)avals[0];
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_multi_schar.c:27:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
a2 = *(signed char *)avals[1];
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_multi_sshortchar.c:28:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
a1 = *(signed char *)avals[0];
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_multi_sshortchar.c:30:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
a3 = *(signed char *)avals[2];
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_multi_uchar.c:27:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
a1 = *(unsigned char *)avals[0];
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_multi_uchar.c:28:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
a2 = *(unsigned char *)avals[1];
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_multi_uchar.c:29:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
a3 = *(unsigned char *)avals[2];
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_multi_uchar.c:30:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
a4 = *(unsigned char *)avals[3];
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_multi_uchar.c:40:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
printf("%d %d %d %d\n", *(unsigned char *)avals[0],
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_multi_uchar.c:41:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*(unsigned char *)avals[1], *(unsigned char *)avals[2],
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_multi_uchar.c:41:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*(unsigned char *)avals[1], *(unsigned char *)avals[2],
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_multi_uchar.c:42:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*(unsigned char *)avals[3]);
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_multi_ushortchar.c:28:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
a1 = *(unsigned char *)avals[0];
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_multi_ushortchar.c:30:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
a3 = *(unsigned char *)avals[2];
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_schar.c:13:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*(ffi_arg*)resp = *(signed char *)args[0];
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_schar.c:14:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
printf("%d: %d\n",*(signed char *)args[0],
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_uchar.c:13:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
*(ffi_arg*)resp = *(unsigned char *)args[0];
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/cls_uchar.c:14:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
printf("%d: %d\n",*(unsigned char *)args[0],
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/ffitest.h:51:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev_zero_fd = open ("/dev/zero", O_RDONLY);
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/float1.c:14:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[sizeof (double)];
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.special/ffitestcxx.h:49:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev_zero_fd = open ("/dev/zero", O_RDONLY);
data/gauche-c-wrapper-0.6.1/src/c-ffi.c:115:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(SCM_UVECTOR_ELEMENTS(uvec), &ptr, sizeof(void*));
data/gauche-c-wrapper-0.6.1/src/c-ffi.c:122:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ptr, SCM_UVECTOR_ELEMENTS(uvec), sizeof(void*));
data/gauche-c-wrapper-0.6.1/src/c-ffi.c:248:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(follow_elem_type, elem_type, sizeof(ffi_type));
data/gauche-c-wrapper-0.6.1/src/c-ffi.c:685:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(atypes, c_subr_info->cif->arg_types, sizeof(ffi_type*) * c_subr_info->cif->nargs);
data/gauche-c-wrapper-0.6.1/src/c-ffi.c:703:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rvalue, &result, cif->rtype->size);
data/gauche-c-wrapper-0.6.1/src/c-ffi.c:705:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rvalue,
data/gauche-c-wrapper-0.6.1/src/c-ffi.c:710:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rvalue, &result, cif->rtype->size);
data/gauche-c-wrapper-0.6.1/src/c-ffi.c:793:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rvalue, &result, cif->rtype->size);
data/gauche-c-wrapper-0.6.1/src/c-ffi.c:795:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rvalue,
data/gauche-c-wrapper-0.6.1/src/c-ffi.c:800:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rvalue, &result, cif->rtype->size);
data/gauche-c-wrapper-0.6.1/src/c-ffi.c:830:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rvalue, proc_result_ptr, cif->rtype->size);
data/gauche-c-wrapper-0.6.1/src/c-ffi.c:832:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rvalue + sizeof(ffi_arg) - cif->rtype->size,
data/gauche-c-wrapper-0.6.1/src/c-ffi.c:836:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rvalue, proc_result_ptr, cif->rtype->size);
data/gauche-c-wrapper-0.6.1/src/c-ffi.c:839:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rvalue, proc_result_ptr, cif->rtype->size);
data/gauche-c-wrapper-0.6.1/src/c-ffi.c:900:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/gauche-c-wrapper-0.6.1/src/c-ffi.c:901:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "rror code %d", GetLastError());
data/gauche-c-wrapper-0.6.1/src/c-parser.c:801:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbuf[50];
data/gauche-c-wrapper-0.6.1/src/y.tab.c:3068:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/gauche-c-wrapper-0.6.1/src/y.tab.c:3085:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/gauche-c-wrapper-0.6.1/src/y.tab.c:3275:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:624:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(var_string, "bar");
data/gauche-c-wrapper-0.6.1/testsuite/fptr_array.h:3:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *(*c[10])(int *p);
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/strlen.c:12:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(s));
data/gauche-c-wrapper-0.6.1/libffi/testsuite/libffi.call/strlen_win32.c:13:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (strlen(s));
data/gauche-c-wrapper-0.6.1/src/c-ffi.c:934:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tagname_len = strlen(tagname_str);
data/gauche-c-wrapper-0.6.1/src/c-ffi.c:952:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tagname_len = strlen(tagname_str);
data/gauche-c-wrapper-0.6.1/src/y.tab.c:2949:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:146:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *result = (char*) malloc(strlen(v1) + strlen(v2) + 1);
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:146:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *result = (char*) malloc(strlen(v1) + strlen(v2) + 1);
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:308:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result[i] = (char*) malloc(strlen(v1[i]) + strlen(v2[i]) + 1);
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:308:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result[i] = (char*) malloc(strlen(v1[i]) + strlen(v2[i]) + 1);
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:532:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result.value = (char*) malloc(strlen(v1.value) + strlen(v2.value) + 1);
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:532:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result.value = (char*) malloc(strlen(v1.value) + strlen(v2.value) + 1);
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:572:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
= (char*) malloc(strlen(v1.value[i]) + strlen(v2.value[i]) + 1);
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:572:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
= (char*) malloc(strlen(v1.value[i]) + strlen(v2.value[i]) + 1);
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:599:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result.str = (char*) malloc(strlen(v1.str) + strlen(v2.str) + 1);
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:599:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result.str = (char*) malloc(strlen(v1.str) + strlen(v2.str) + 1);
data/gauche-c-wrapper-0.6.1/testsuite/ffitest.c:676:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(str, "foobar", 7);
ANALYSIS SUMMARY:
Hits = 134
Lines analyzed = 31839 in approximately 0.89 seconds (35938 lines/second)
Physical Source Lines of Code (SLOC) = 22875
Hits@level = [0] 491 [1] 16 [2] 105 [3] 1 [4] 12 [5] 0
Hits@level+ = [0+] 625 [1+] 134 [2+] 118 [3+] 13 [4+] 12 [5+] 0
Hits/KSLOC@level+ = [0+] 27.3224 [1+] 5.85792 [2+] 5.15847 [3+] 0.568306 [4+] 0.52459 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.