Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/glulxe-0.5.4/accel.c
Examining data/glulxe-0.5.4/debugger.c
Examining data/glulxe-0.5.4/exec.c
Examining data/glulxe-0.5.4/files.c
Examining data/glulxe-0.5.4/float.c
Examining data/glulxe-0.5.4/funcs.c
Examining data/glulxe-0.5.4/gestalt.c
Examining data/glulxe-0.5.4/gestalt.h
Examining data/glulxe-0.5.4/glkop.c
Examining data/glulxe-0.5.4/glulxdump.c
Examining data/glulxe-0.5.4/glulxe.h
Examining data/glulxe-0.5.4/heap.c
Examining data/glulxe-0.5.4/iosstart.h
Examining data/glulxe-0.5.4/macstart.c
Examining data/glulxe-0.5.4/main.c
Examining data/glulxe-0.5.4/opcodes.h
Examining data/glulxe-0.5.4/operand.c
Examining data/glulxe-0.5.4/osdepend.c
Examining data/glulxe-0.5.4/profile.c
Examining data/glulxe-0.5.4/search.c
Examining data/glulxe-0.5.4/serial.c
Examining data/glulxe-0.5.4/string.c
Examining data/glulxe-0.5.4/unixstrt.c
Examining data/glulxe-0.5.4/vm.c
Examining data/glulxe-0.5.4/winstart.c
FINAL RESULTS:
data/glulxe-0.5.4/debugger.c:1728:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(linebuf, prefix);
data/glulxe-0.5.4/debugger.c:1729:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(linebuf, msg);
data/glulxe-0.5.4/profile.c:416:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(linebuf, " <function addr=\"%lx\" call_count=\"%ld\" accel_count=\"%ld\" total_ops=\"%ld\" total_time=\"%s\" self_ops=\"%ld\" self_time=\"%s\" max_depth=\"%ld\" max_stack_use=\"%ld\" />\n",
data/glulxe-0.5.4/winstart.c:86:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pszSeparator,Extensions[iExtLoop]);
data/glulxe-0.5.4/winstart.c:109:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sFileName,pszFileName);
data/glulxe-0.5.4/winstart.c:139:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pszPeriod,Extensions[iExtLoop]);
data/glulxe-0.5.4/winstart.c:179:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sFileName,pszFileName);
data/glulxe-0.5.4/osdepend.c:48:3: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(seed);
data/glulxe-0.5.4/osdepend.c:54:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return (random() << 16) ^ random();
data/glulxe-0.5.4/osdepend.c:54:29: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return (random() << 16) ^ random();
data/glulxe-0.5.4/osdepend.c:136:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/glulxe-0.5.4/debugger.c:1246:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(linebuf, " ");
data/glulxe-0.5.4/debugger.c:1260:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(linebuf, "(no locals)");
data/glulxe-0.5.4/debugger.c:1306:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(linebuf, "This does not look like a function address: ");
data/glulxe-0.5.4/debugger.c:1337:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(linebuf, "Breakpoint is already set for function: ");
data/glulxe-0.5.4/debugger.c:1349:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(linebuf, "Breakpoint set for function: ");
data/glulxe-0.5.4/debugger.c:1379:21: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(linebuf, "This does not look like a function address: ");
data/glulxe-0.5.4/debugger.c:1413:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(linebuf, "Cleared breakpoint for function: ");
data/glulxe-0.5.4/debugger.c:1421:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(linebuf, "No breakpoint found for function: ");
data/glulxe-0.5.4/files.c:15:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[8];
data/glulxe-0.5.4/glkop.c:1405:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
val = ((char *)array)[ix];
data/glulxe-0.5.4/glkop.c:1498:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[2*64+2];
data/glulxe-0.5.4/glulxdump.c:63:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
( (glui32)(((unsigned char *)(ptr))[0] << 24) \
data/glulxe-0.5.4/glulxdump.c:64:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
| (glui32)(((unsigned char *)(ptr))[1] << 16) \
data/glulxe-0.5.4/glulxdump.c:65:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
| (glui32)(((unsigned char *)(ptr))[2] << 8) \
data/glulxe-0.5.4/glulxdump.c:66:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
| (glui32)(((unsigned char *)(ptr))[3]))
data/glulxe-0.5.4/glulxdump.c:68:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
( (glui32)(((unsigned char *)(ptr))[0] << 8) \
data/glulxe-0.5.4/glulxdump.c:69:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
| (glui32)(((unsigned char *)(ptr))[1]))
data/glulxe-0.5.4/glulxdump.c:71:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char)(((unsigned char *)(ptr))[0]))
data/glulxe-0.5.4/glulxdump.c:439:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fl = fopen(filename, "r");
data/glulxe-0.5.4/glulxdump.c:491:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4 * 9];
data/glulxe-0.5.4/glulxdump.c:808:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *labellist[6] = {
data/glulxe-0.5.4/glulxe.h:79:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
( (glui32)(((unsigned char *)(ptr))[0] << 24) \
data/glulxe-0.5.4/glulxe.h:80:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
| (glui32)(((unsigned char *)(ptr))[1] << 16) \
data/glulxe-0.5.4/glulxe.h:81:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
| (glui32)(((unsigned char *)(ptr))[2] << 8) \
data/glulxe-0.5.4/glulxe.h:82:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
| (glui32)(((unsigned char *)(ptr))[3]))
data/glulxe-0.5.4/glulxe.h:84:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
( (glui16)(((unsigned char *)(ptr))[0] << 8) \
data/glulxe-0.5.4/glulxe.h:85:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
| (glui16)(((unsigned char *)(ptr))[1]))
data/glulxe-0.5.4/glulxe.h:87:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char)(((unsigned char *)(ptr))[0]))
data/glulxe-0.5.4/glulxe.h:98:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(((unsigned char *)(ptr))[0] = (vl))
data/glulxe-0.5.4/macstart.c:52:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[12];
data/glulxe-0.5.4/main.c:177:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/glulxe-0.5.4/profile.c:238:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%ld.%.6ld", (long)tv->tv_sec, (long)tv->tv_usec);
data/glulxe-0.5.4/profile.c:377:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[512];
data/glulxe-0.5.4/profile.c:404:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char total_buf[20], self_buf[20];
data/glulxe-0.5.4/profile.c:425:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(linebuf, " <calls fromaddr=\"%lx\" toaddr=\"%lx\" count=\"%ld\" />\n",
data/glulxe-0.5.4/search.c:62:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keybuf[4];
data/glulxe-0.5.4/search.c:123:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keybuf[4];
data/glulxe-0.5.4/search.c:191:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keybuf[4];
data/glulxe-0.5.4/serial.c:579:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->ptr+dest->pos, ptr, len);
data/glulxe-0.5.4/serial.c:595:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, dest->ptr+dest->pos, len);
data/glulxe-0.5.4/serial.c:610:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/glulxe-0.5.4/serial.c:617:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2];
data/glulxe-0.5.4/serial.c:629:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/glulxe-0.5.4/serial.c:639:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[2];
data/glulxe-0.5.4/serial.c:1189:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/glulxe-0.5.4/string.c:136:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/glulxe-0.5.4/string.c:817:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char temp_buf[STATIC_TEMP_BUFSIZE+1];
data/glulxe-0.5.4/unixstrt.c:55:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[12];
data/glulxe-0.5.4/vm.c:46:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4 * 7];
data/glulxe-0.5.4/vm.c:158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[0x100];
data/glulxe-0.5.4/winstart.c:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sExeName[_MAX_PATH];
data/glulxe-0.5.4/winstart.c:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sFileName[_MAX_PATH];
data/glulxe-0.5.4/winstart.c:50:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sWindowTitle[256];
data/glulxe-0.5.4/winstart.c:51:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sBuffer[12];
data/glulxe-0.5.4/winstart.c:72:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pszSeparator,".chm");
data/glulxe-0.5.4/winstart.c:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sOpenTitle[256];
data/glulxe-0.5.4/winstart.c:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sOpenFilter[256];
data/glulxe-0.5.4/debugger.c:1181:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen = strlen(linebuf);
data/glulxe-0.5.4/debugger.c:1188:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen = strlen(linebuf);
data/glulxe-0.5.4/debugger.c:1200:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen = strlen(linebuf);
data/glulxe-0.5.4/debugger.c:1210:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen = strlen(linebuf);
data/glulxe-0.5.4/debugger.c:1220:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen = strlen(linebuf);
data/glulxe-0.5.4/debugger.c:1249:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int tmplen = strlen(linebuf);
data/glulxe-0.5.4/debugger.c:1446:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(linebuf, "");
data/glulxe-0.5.4/debugger.c:1572:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(cmd);
data/glulxe-0.5.4/debugger.c:1620:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ensure_line_buf(strlen(cmd) + 64);
data/glulxe-0.5.4/debugger.c:1727:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ensure_line_buf(strlen(prefix) + strlen(msg));
data/glulxe-0.5.4/debugger.c:1727:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ensure_line_buf(strlen(prefix) + strlen(msg));
ANALYSIS SUMMARY:
Hits = 79
Lines analyzed = 12441 in approximately 0.34 seconds (36939 lines/second)
Physical Source Lines of Code (SLOC) = 9541
Hits@level = [0] 128 [1] 11 [2] 57 [3] 4 [4] 7 [5] 0
Hits@level+ = [0+] 207 [1+] 79 [2+] 68 [3+] 11 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 21.6958 [1+] 8.28005 [2+] 7.12714 [3+] 1.15292 [4+] 0.733676 [5+] 0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.