Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/gpp-2.27/src/gpp.c FINAL RESULTS: data/gpp-2.27/src/gpp.c:28:9: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #define popen _popen data/gpp-2.27/src/gpp.c:339:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(PACKAGE_STRING "\n"); data/gpp-2.27/src/gpp.c:2358:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(incfile_name,includedir[j]); data/gpp-2.27/src/gpp.c:2361:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(incfile_name+strlen(includedir[j])+1, file_name); data/gpp-2.27/src/gpp.c:2669:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s + i + 1, t); data/gpp-2.27/src/gpp.c:2672:21: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. f = popen(s, "r"); data/gpp-2.27/src/gpp.c:2954:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(C->buf + 1, macros[id].macrotext); data/gpp-2.27/src/gpp.c:2957:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(C->buf + l, macros[id].define_specs->User.mArgS); data/gpp-2.27/src/gpp.c:2960:17: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(C->buf, macros[id].define_specs->User.mArgSep); data/gpp-2.27/src/gpp.c:2961:13: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(C->buf, argv[i]); data/gpp-2.27/src/gpp.c:2963:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(C->buf, macros[id].define_specs->User.mArgE); data/gpp-2.27/src/gpp.c:2968:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(C->buf + 1, macros[id].macrotext); data/gpp-2.27/src/gpp.c:3101:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(absfile, incfile); data/gpp-2.27/src/gpp.c:3143:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(f, include_directive_marker, lineno_buf, escapedfilename, marker); data/gpp-2.27/src/gpp.c:168:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *includedir[MAXINCL]; data/gpp-2.27/src/gpp.c:253:30: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. return newstr ? (char *) memcpy(newstr, s, len) : NULL ; data/gpp-2.27/src/gpp.c:292:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(P, Q, sizeof(struct SPECS)); data/gpp-2.27/src/gpp.c:298:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(y, x, sizeof(struct COMMENT)); data/gpp-2.27/src/gpp.c:661:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(macros[nmacros].argnames[argc - 1], s + l, i - l); data/gpp-2.27/src/gpp.c:834:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, C->buf, C->len); data/gpp-2.27/src/gpp.c:1281:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). WarningLevel = atoi(*arg); data/gpp-2.27/src/gpp.c:1310:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). WarningLevel = atoi(*arg); data/gpp-2.27/src/gpp.c:1361:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). C->in = fopen(*arg, "r"); data/gpp-2.27/src/gpp.c:1454:29: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). C->out->f = fopen(*arg, "w"); data/gpp-2.27/src/gpp.c:1734:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + 1, buf, l); data/gpp-2.27/src/gpp.c:2077:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(macros + i, macros + nmacros, sizeof(struct MACRO)); data/gpp-2.27/src/gpp.c:2110:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(t, "%d", i); data/gpp-2.27/src/gpp.c:2195:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *args[10]; /* can't have more than 10 arguments */ data/gpp-2.27/src/gpp.c:2324:59: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. S->stack_next->op_set=MakeCharsetSubset((unsigned char *)args[0]); data/gpp-2.27/src/gpp.c:2326:63: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. S->stack_next->ext_op_set=MakeCharsetSubset((unsigned char *)args[0]); data/gpp-2.27/src/gpp.c:2328:59: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. S->stack_next->id_set=MakeCharsetSubset((unsigned char *)args[0]); data/gpp-2.27/src/gpp.c:2349:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(file_name, "r"); data/gpp-2.27/src/gpp.c:2362:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f=fopen(incfile_name,"r"); data/gpp-2.27/src/gpp.c:2549:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(macros[nmacros].argnames[j], C->buf + argb[j], data/gpp-2.27/src/gpp.c:2719:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(macros[nmacros].argnames[j], C->buf + argb[j], data/gpp-2.27/src/gpp.c:2802:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_GPP_NUM_SIZE]; data/gpp-2.27/src/gpp.c:2803:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", C->lineno); data/gpp-2.27/src/gpp.c:2854:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_GPP_DATE_SIZE]; data/gpp-2.27/src/gpp.c:2877:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[MAXARGS]; data/gpp-2.27/src/gpp.c:3096:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return fopen(incfile, "r"); data/gpp-2.27/src/gpp.c:3102:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(absfile, "r"); data/gpp-2.27/src/gpp.c:3133:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char lineno_buf[MAX_GPP_NUM_SIZE]; data/gpp-2.27/src/gpp.c:3142:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(lineno_buf,"%d", lineno); data/gpp-2.27/src/gpp.c:251:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(s) + 1; data/gpp-2.27/src/gpp.c:409:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(macros[nmacros].username, s, len); data/gpp-2.27/src/gpp.c:427:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(S->User.mArgRef); data/gpp-2.27/src/gpp.c:443:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = malloc(strlen(s) + 1); data/gpp-2.27/src/gpp.c:462:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = malloc(strlen(s) + 1); data/gpp-2.27/src/gpp.c:626:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = s + strlen(s) - 1; data/gpp-2.27/src/gpp.c:629:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = t + strlen(t) - 1; data/gpp-2.27/src/gpp.c:676:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). macros[nmacros].macrolen = strlen(s + l); data/gpp-2.27/src/gpp.c:760:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(specif) != 3) data/gpp-2.27/src/gpp.c:858:17: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(C->in); data/gpp-2.27/src/gpp.c:1128:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int) strlen(s) != l) data/gpp-2.27/src/gpp.c:1772:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(sep); data/gpp-2.27/src/gpp.c:2044:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(buf + pos1, "length(", strlen("length(")) == 0) { data/gpp-2.27/src/gpp.c:2047:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *result = pos2 - pos1 - strlen("length()"); data/gpp-2.27/src/gpp.c:2085:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = findIdent("defined", strlen("defined")); data/gpp-2.27/src/gpp.c:2089:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newmacro("defined", strlen("defined"), 1); data/gpp-2.27/src/gpp.c:2100:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = findIdent("defined", strlen("defined")); data/gpp-2.27/src/gpp.c:2107:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!DoArithmEval(s, 0, strlen(s), &i)) data/gpp-2.27/src/gpp.c:2341:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(file_name); data/gpp-2.27/src/gpp.c:2357:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). realloc(incfile_name,len+strlen(includedir[j])+2); data/gpp-2.27/src/gpp.c:2359:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). incfile_name[strlen(includedir[j])]=SLASH; data/gpp-2.27/src/gpp.c:2361:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(incfile_name+strlen(includedir[j])+1, file_name); data/gpp-2.27/src/gpp.c:2393:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strcmp(file_name + strlen(file_name) - 2, ".h") data/gpp-2.27/src/gpp.c:2394:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || !strcmp(file_name + strlen(file_name) - 2, ".c")) data/gpp-2.27/src/gpp.c:2531:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). macros[nmacros].macrolen = strlen(macros[nmacros].macrotext); data/gpp-2.27/src/gpp.c:2666:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(s); data/gpp-2.27/src/gpp.c:2667:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = realloc(s, i + strlen(t) + 2); data/gpp-2.27/src/gpp.c:2677:33: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = fgetc(f)) != EOF) data/gpp-2.27/src/gpp.c:2701:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). macros[nmacros].macrolen = strlen(macros[nmacros].macrotext); data/gpp-2.27/src/gpp.c:2805:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sendout(buf, strlen(buf), 0); data/gpp-2.27/src/gpp.c:2811:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sendout(C->filename, strlen(C->filename), 0); data/gpp-2.27/src/gpp.c:2862:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sendout(buf, strlen(buf), 0); data/gpp-2.27/src/gpp.c:2890:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sendout(C->argv[i], strlen(C->argv[i]), 0); data/gpp-2.27/src/gpp.c:2910:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t = s + strlen(s) - 1; data/gpp-2.27/src/gpp.c:2917:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (findIdent(t, strlen(t)) >= 0) data/gpp-2.27/src/gpp.c:2945:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(macros[id].macrotext) + 2 data/gpp-2.27/src/gpp.c:2946:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(macros[id].define_specs->User.mArgS) data/gpp-2.27/src/gpp.c:2947:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + strlen(macros[id].define_specs->User.mArgE) data/gpp-2.27/src/gpp.c:2948:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + (argc - 1) * strlen(macros[id].define_specs->User.mArgSep); data/gpp-2.27/src/gpp.c:2950:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l += strlen(argv[i]); data/gpp-2.27/src/gpp.c:2952:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(macros[id].macrotext) + 1; data/gpp-2.27/src/gpp.c:2966:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). C->buf = C->malloced_buf = malloc(strlen(macros[id].macrotext) + 2); data/gpp-2.27/src/gpp.c:2970:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). C->len = strlen(C->buf); data/gpp-2.27/src/gpp.c:3014:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sendout(s, strlen(s), 0); data/gpp-2.27/src/gpp.c:3044:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sendout(C->argv[(int) c], strlen(C->argv[(int) c]), 0); data/gpp-2.27/src/gpp.c:3077:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(fname) - 1; i >= 0; i--) { data/gpp-2.27/src/gpp.c:3082:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dirname, fname, i); data/gpp-2.27/src/gpp.c:3099:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). absfile = calloc(strlen(C->filename) + strlen(incfile) + 1, 1); data/gpp-2.27/src/gpp.c:3099:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). absfile = calloc(strlen(C->filename) + strlen(incfile) + 1, 1); data/gpp-2.27/src/gpp.c:3155:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *outstr = malloc(2 * strlen(instr)); data/gpp-2.27/src/gpp.c:3175:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(includemarker_input); ANALYSIS SUMMARY: Hits = 94 Lines analyzed = 3233 in approximately 0.13 seconds (24363 lines/second) Physical Source Lines of Code (SLOC) = 2866 Hits@level = [0] 36 [1] 51 [2] 29 [3] 0 [4] 14 [5] 0 Hits@level+ = [0+] 130 [1+] 94 [2+] 43 [3+] 14 [4+] 14 [5+] 0 Hits/KSLOC@level+ = [0+] 45.3594 [1+] 32.7983 [2+] 15.0035 [3+] 4.88486 [4+] 4.88486 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.