Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/glulxe-0.5.4/accel.c Examining data/glulxe-0.5.4/debugger.c Examining data/glulxe-0.5.4/exec.c Examining data/glulxe-0.5.4/files.c Examining data/glulxe-0.5.4/float.c Examining data/glulxe-0.5.4/funcs.c Examining data/glulxe-0.5.4/gestalt.c Examining data/glulxe-0.5.4/gestalt.h Examining data/glulxe-0.5.4/glkop.c Examining data/glulxe-0.5.4/glulxdump.c Examining data/glulxe-0.5.4/glulxe.h Examining data/glulxe-0.5.4/heap.c Examining data/glulxe-0.5.4/iosstart.h Examining data/glulxe-0.5.4/macstart.c Examining data/glulxe-0.5.4/main.c Examining data/glulxe-0.5.4/opcodes.h Examining data/glulxe-0.5.4/operand.c Examining data/glulxe-0.5.4/osdepend.c Examining data/glulxe-0.5.4/profile.c Examining data/glulxe-0.5.4/search.c Examining data/glulxe-0.5.4/serial.c Examining data/glulxe-0.5.4/string.c Examining data/glulxe-0.5.4/unixstrt.c Examining data/glulxe-0.5.4/vm.c Examining data/glulxe-0.5.4/winstart.c FINAL RESULTS: data/glulxe-0.5.4/debugger.c:1728:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(linebuf, prefix); data/glulxe-0.5.4/debugger.c:1729:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(linebuf, msg); data/glulxe-0.5.4/profile.c:416:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(linebuf, " <function addr=\"%lx\" call_count=\"%ld\" accel_count=\"%ld\" total_ops=\"%ld\" total_time=\"%s\" self_ops=\"%ld\" self_time=\"%s\" max_depth=\"%ld\" max_stack_use=\"%ld\" />\n", data/glulxe-0.5.4/winstart.c:86:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pszSeparator,Extensions[iExtLoop]); data/glulxe-0.5.4/winstart.c:109:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sFileName,pszFileName); data/glulxe-0.5.4/winstart.c:139:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pszPeriod,Extensions[iExtLoop]); data/glulxe-0.5.4/winstart.c:179:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sFileName,pszFileName); data/glulxe-0.5.4/osdepend.c:48:3: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(seed); data/glulxe-0.5.4/osdepend.c:54:11: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return (random() << 16) ^ random(); data/glulxe-0.5.4/osdepend.c:54:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return (random() << 16) ^ random(); data/glulxe-0.5.4/osdepend.c:136:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(seed); data/glulxe-0.5.4/debugger.c:1246:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(linebuf, " "); data/glulxe-0.5.4/debugger.c:1260:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(linebuf, "(no locals)"); data/glulxe-0.5.4/debugger.c:1306:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(linebuf, "This does not look like a function address: "); data/glulxe-0.5.4/debugger.c:1337:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(linebuf, "Breakpoint is already set for function: "); data/glulxe-0.5.4/debugger.c:1349:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(linebuf, "Breakpoint set for function: "); data/glulxe-0.5.4/debugger.c:1379:21: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(linebuf, "This does not look like a function address: "); data/glulxe-0.5.4/debugger.c:1413:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(linebuf, "Cleared breakpoint for function: "); data/glulxe-0.5.4/debugger.c:1421:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(linebuf, "No breakpoint found for function: "); data/glulxe-0.5.4/files.c:15:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[8]; data/glulxe-0.5.4/glkop.c:1405:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. val = ((char *)array)[ix]; data/glulxe-0.5.4/glkop.c:1498:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[2*64+2]; data/glulxe-0.5.4/glulxdump.c:63:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( (glui32)(((unsigned char *)(ptr))[0] << 24) \ data/glulxe-0.5.4/glulxdump.c:64:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. | (glui32)(((unsigned char *)(ptr))[1] << 16) \ data/glulxe-0.5.4/glulxdump.c:65:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. | (glui32)(((unsigned char *)(ptr))[2] << 8) \ data/glulxe-0.5.4/glulxdump.c:66:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. | (glui32)(((unsigned char *)(ptr))[3])) data/glulxe-0.5.4/glulxdump.c:68:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( (glui32)(((unsigned char *)(ptr))[0] << 8) \ data/glulxe-0.5.4/glulxdump.c:69:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. | (glui32)(((unsigned char *)(ptr))[1])) data/glulxe-0.5.4/glulxdump.c:71:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char)(((unsigned char *)(ptr))[0])) data/glulxe-0.5.4/glulxdump.c:439:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fl = fopen(filename, "r"); data/glulxe-0.5.4/glulxdump.c:491:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4 * 9]; data/glulxe-0.5.4/glulxdump.c:808:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *labellist[6] = { data/glulxe-0.5.4/glulxe.h:79:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( (glui32)(((unsigned char *)(ptr))[0] << 24) \ data/glulxe-0.5.4/glulxe.h:80:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. | (glui32)(((unsigned char *)(ptr))[1] << 16) \ data/glulxe-0.5.4/glulxe.h:81:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. | (glui32)(((unsigned char *)(ptr))[2] << 8) \ data/glulxe-0.5.4/glulxe.h:82:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. | (glui32)(((unsigned char *)(ptr))[3])) data/glulxe-0.5.4/glulxe.h:84:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ( (glui16)(((unsigned char *)(ptr))[0] << 8) \ data/glulxe-0.5.4/glulxe.h:85:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. | (glui16)(((unsigned char *)(ptr))[1])) data/glulxe-0.5.4/glulxe.h:87:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char)(((unsigned char *)(ptr))[0])) data/glulxe-0.5.4/glulxe.h:98:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (((unsigned char *)(ptr))[0] = (vl)) data/glulxe-0.5.4/macstart.c:52:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[12]; data/glulxe-0.5.4/main.c:177:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/glulxe-0.5.4/profile.c:238:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%ld.%.6ld", (long)tv->tv_sec, (long)tv->tv_usec); data/glulxe-0.5.4/profile.c:377:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linebuf[512]; data/glulxe-0.5.4/profile.c:404:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char total_buf[20], self_buf[20]; data/glulxe-0.5.4/profile.c:425:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(linebuf, " <calls fromaddr=\"%lx\" toaddr=\"%lx\" count=\"%ld\" />\n", data/glulxe-0.5.4/search.c:62:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char keybuf[4]; data/glulxe-0.5.4/search.c:123:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char keybuf[4]; data/glulxe-0.5.4/search.c:191:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char keybuf[4]; data/glulxe-0.5.4/serial.c:579:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->ptr+dest->pos, ptr, len); data/glulxe-0.5.4/serial.c:595:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr, dest->ptr+dest->pos, len); data/glulxe-0.5.4/serial.c:610:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/glulxe-0.5.4/serial.c:617:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[2]; data/glulxe-0.5.4/serial.c:629:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/glulxe-0.5.4/serial.c:639:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[2]; data/glulxe-0.5.4/serial.c:1189:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/glulxe-0.5.4/string.c:136:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/glulxe-0.5.4/string.c:817:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char temp_buf[STATIC_TEMP_BUFSIZE+1]; data/glulxe-0.5.4/unixstrt.c:55:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[12]; data/glulxe-0.5.4/vm.c:46:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4 * 7]; data/glulxe-0.5.4/vm.c:158:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[0x100]; data/glulxe-0.5.4/winstart.c:48:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sExeName[_MAX_PATH]; data/glulxe-0.5.4/winstart.c:49:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sFileName[_MAX_PATH]; data/glulxe-0.5.4/winstart.c:50:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sWindowTitle[256]; data/glulxe-0.5.4/winstart.c:51:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sBuffer[12]; data/glulxe-0.5.4/winstart.c:72:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pszSeparator,".chm"); data/glulxe-0.5.4/winstart.c:97:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sOpenTitle[256]; data/glulxe-0.5.4/winstart.c:98:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sOpenFilter[256]; data/glulxe-0.5.4/debugger.c:1181:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmplen = strlen(linebuf); data/glulxe-0.5.4/debugger.c:1188:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmplen = strlen(linebuf); data/glulxe-0.5.4/debugger.c:1200:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmplen = strlen(linebuf); data/glulxe-0.5.4/debugger.c:1210:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmplen = strlen(linebuf); data/glulxe-0.5.4/debugger.c:1220:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmplen = strlen(linebuf); data/glulxe-0.5.4/debugger.c:1249:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int tmplen = strlen(linebuf); data/glulxe-0.5.4/debugger.c:1446:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(linebuf, ""); data/glulxe-0.5.4/debugger.c:1572:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(cmd); data/glulxe-0.5.4/debugger.c:1620:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ensure_line_buf(strlen(cmd) + 64); data/glulxe-0.5.4/debugger.c:1727:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ensure_line_buf(strlen(prefix) + strlen(msg)); data/glulxe-0.5.4/debugger.c:1727:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ensure_line_buf(strlen(prefix) + strlen(msg)); ANALYSIS SUMMARY: Hits = 79 Lines analyzed = 12441 in approximately 0.34 seconds (36939 lines/second) Physical Source Lines of Code (SLOC) = 9541 Hits@level = [0] 128 [1] 11 [2] 57 [3] 4 [4] 7 [5] 0 Hits@level+ = [0+] 207 [1+] 79 [2+] 68 [3+] 11 [4+] 7 [5+] 0 Hits/KSLOC@level+ = [0+] 21.6958 [1+] 8.28005 [2+] 7.12714 [3+] 1.15292 [4+] 0.733676 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.