Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gpp-2.27/src/gpp.c
FINAL RESULTS:
data/gpp-2.27/src/gpp.c:28:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define popen _popen
data/gpp-2.27/src/gpp.c:339:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PACKAGE_STRING "\n");
data/gpp-2.27/src/gpp.c:2358:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(incfile_name,includedir[j]);
data/gpp-2.27/src/gpp.c:2361:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(incfile_name+strlen(includedir[j])+1, file_name);
data/gpp-2.27/src/gpp.c:2669:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s + i + 1, t);
data/gpp-2.27/src/gpp.c:2672:21: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
f = popen(s, "r");
data/gpp-2.27/src/gpp.c:2954:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(C->buf + 1, macros[id].macrotext);
data/gpp-2.27/src/gpp.c:2957:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(C->buf + l, macros[id].define_specs->User.mArgS);
data/gpp-2.27/src/gpp.c:2960:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(C->buf, macros[id].define_specs->User.mArgSep);
data/gpp-2.27/src/gpp.c:2961:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(C->buf, argv[i]);
data/gpp-2.27/src/gpp.c:2963:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(C->buf, macros[id].define_specs->User.mArgE);
data/gpp-2.27/src/gpp.c:2968:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(C->buf + 1, macros[id].macrotext);
data/gpp-2.27/src/gpp.c:3101:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(absfile, incfile);
data/gpp-2.27/src/gpp.c:3143:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(f, include_directive_marker, lineno_buf, escapedfilename, marker);
data/gpp-2.27/src/gpp.c:168:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *includedir[MAXINCL];
data/gpp-2.27/src/gpp.c:253:30: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
return newstr ? (char *) memcpy(newstr, s, len) : NULL ;
data/gpp-2.27/src/gpp.c:292:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(P, Q, sizeof(struct SPECS));
data/gpp-2.27/src/gpp.c:298:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(y, x, sizeof(struct COMMENT));
data/gpp-2.27/src/gpp.c:661:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(macros[nmacros].argnames[argc - 1], s + l, i - l);
data/gpp-2.27/src/gpp.c:834:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, C->buf, C->len);
data/gpp-2.27/src/gpp.c:1281:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
WarningLevel = atoi(*arg);
data/gpp-2.27/src/gpp.c:1310:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
WarningLevel = atoi(*arg);
data/gpp-2.27/src/gpp.c:1361:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
C->in = fopen(*arg, "r");
data/gpp-2.27/src/gpp.c:1454:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
C->out->f = fopen(*arg, "w");
data/gpp-2.27/src/gpp.c:1734:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s + 1, buf, l);
data/gpp-2.27/src/gpp.c:2077:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(macros + i, macros + nmacros, sizeof(struct MACRO));
data/gpp-2.27/src/gpp.c:2110:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(t, "%d", i);
data/gpp-2.27/src/gpp.c:2195:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *args[10]; /* can't have more than 10 arguments */
data/gpp-2.27/src/gpp.c:2324:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
S->stack_next->op_set=MakeCharsetSubset((unsigned char *)args[0]);
data/gpp-2.27/src/gpp.c:2326:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
S->stack_next->ext_op_set=MakeCharsetSubset((unsigned char *)args[0]);
data/gpp-2.27/src/gpp.c:2328:59: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
S->stack_next->id_set=MakeCharsetSubset((unsigned char *)args[0]);
data/gpp-2.27/src/gpp.c:2349:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file_name, "r");
data/gpp-2.27/src/gpp.c:2362:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f=fopen(incfile_name,"r");
data/gpp-2.27/src/gpp.c:2549:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(macros[nmacros].argnames[j], C->buf + argb[j],
data/gpp-2.27/src/gpp.c:2719:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(macros[nmacros].argnames[j], C->buf + argb[j],
data/gpp-2.27/src/gpp.c:2802:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_GPP_NUM_SIZE];
data/gpp-2.27/src/gpp.c:2803:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", C->lineno);
data/gpp-2.27/src/gpp.c:2854:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_GPP_DATE_SIZE];
data/gpp-2.27/src/gpp.c:2877:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[MAXARGS];
data/gpp-2.27/src/gpp.c:3096:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(incfile, "r");
data/gpp-2.27/src/gpp.c:3102:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(absfile, "r");
data/gpp-2.27/src/gpp.c:3133:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lineno_buf[MAX_GPP_NUM_SIZE];
data/gpp-2.27/src/gpp.c:3142:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lineno_buf,"%d", lineno);
data/gpp-2.27/src/gpp.c:251:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(s) + 1;
data/gpp-2.27/src/gpp.c:409:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(macros[nmacros].username, s, len);
data/gpp-2.27/src/gpp.c:427:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(S->User.mArgRef);
data/gpp-2.27/src/gpp.c:443:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = malloc(strlen(s) + 1);
data/gpp-2.27/src/gpp.c:462:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = malloc(strlen(s) + 1);
data/gpp-2.27/src/gpp.c:626:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = s + strlen(s) - 1;
data/gpp-2.27/src/gpp.c:629:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = t + strlen(t) - 1;
data/gpp-2.27/src/gpp.c:676:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
macros[nmacros].macrolen = strlen(s + l);
data/gpp-2.27/src/gpp.c:760:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(specif) != 3)
data/gpp-2.27/src/gpp.c:858:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(C->in);
data/gpp-2.27/src/gpp.c:1128:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int) strlen(s) != l)
data/gpp-2.27/src/gpp.c:1772:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(sep);
data/gpp-2.27/src/gpp.c:2044:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(buf + pos1, "length(", strlen("length(")) == 0) {
data/gpp-2.27/src/gpp.c:2047:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*result = pos2 - pos1 - strlen("length()");
data/gpp-2.27/src/gpp.c:2085:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = findIdent("defined", strlen("defined"));
data/gpp-2.27/src/gpp.c:2089:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newmacro("defined", strlen("defined"), 1);
data/gpp-2.27/src/gpp.c:2100:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = findIdent("defined", strlen("defined"));
data/gpp-2.27/src/gpp.c:2107:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!DoArithmEval(s, 0, strlen(s), &i))
data/gpp-2.27/src/gpp.c:2341:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(file_name);
data/gpp-2.27/src/gpp.c:2357:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
realloc(incfile_name,len+strlen(includedir[j])+2);
data/gpp-2.27/src/gpp.c:2359:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
incfile_name[strlen(includedir[j])]=SLASH;
data/gpp-2.27/src/gpp.c:2361:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(incfile_name+strlen(includedir[j])+1, file_name);
data/gpp-2.27/src/gpp.c:2393:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strcmp(file_name + strlen(file_name) - 2, ".h")
data/gpp-2.27/src/gpp.c:2394:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| !strcmp(file_name + strlen(file_name) - 2, ".c"))
data/gpp-2.27/src/gpp.c:2531:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
macros[nmacros].macrolen = strlen(macros[nmacros].macrotext);
data/gpp-2.27/src/gpp.c:2666:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(s);
data/gpp-2.27/src/gpp.c:2667:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = realloc(s, i + strlen(t) + 2);
data/gpp-2.27/src/gpp.c:2677:33: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(f)) != EOF)
data/gpp-2.27/src/gpp.c:2701:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
macros[nmacros].macrolen = strlen(macros[nmacros].macrotext);
data/gpp-2.27/src/gpp.c:2805:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendout(buf, strlen(buf), 0);
data/gpp-2.27/src/gpp.c:2811:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendout(C->filename, strlen(C->filename), 0);
data/gpp-2.27/src/gpp.c:2862:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendout(buf, strlen(buf), 0);
data/gpp-2.27/src/gpp.c:2890:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendout(C->argv[i], strlen(C->argv[i]), 0);
data/gpp-2.27/src/gpp.c:2910:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = s + strlen(s) - 1;
data/gpp-2.27/src/gpp.c:2917:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (findIdent(t, strlen(t)) >= 0)
data/gpp-2.27/src/gpp.c:2945:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(macros[id].macrotext) + 2
data/gpp-2.27/src/gpp.c:2946:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(macros[id].define_specs->User.mArgS)
data/gpp-2.27/src/gpp.c:2947:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(macros[id].define_specs->User.mArgE)
data/gpp-2.27/src/gpp.c:2948:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ (argc - 1) * strlen(macros[id].define_specs->User.mArgSep);
data/gpp-2.27/src/gpp.c:2950:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l += strlen(argv[i]);
data/gpp-2.27/src/gpp.c:2952:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(macros[id].macrotext) + 1;
data/gpp-2.27/src/gpp.c:2966:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
C->buf = C->malloced_buf = malloc(strlen(macros[id].macrotext) + 2);
data/gpp-2.27/src/gpp.c:2970:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
C->len = strlen(C->buf);
data/gpp-2.27/src/gpp.c:3014:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendout(s, strlen(s), 0);
data/gpp-2.27/src/gpp.c:3044:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendout(C->argv[(int) c], strlen(C->argv[(int) c]), 0);
data/gpp-2.27/src/gpp.c:3077:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(fname) - 1; i >= 0; i--) {
data/gpp-2.27/src/gpp.c:3082:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dirname, fname, i);
data/gpp-2.27/src/gpp.c:3099:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
absfile = calloc(strlen(C->filename) + strlen(incfile) + 1, 1);
data/gpp-2.27/src/gpp.c:3099:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
absfile = calloc(strlen(C->filename) + strlen(incfile) + 1, 1);
data/gpp-2.27/src/gpp.c:3155:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*outstr = malloc(2 * strlen(instr));
data/gpp-2.27/src/gpp.c:3175:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(includemarker_input);
ANALYSIS SUMMARY:
Hits = 94
Lines analyzed = 3233 in approximately 0.13 seconds (24363 lines/second)
Physical Source Lines of Code (SLOC) = 2866
Hits@level = [0] 36 [1] 51 [2] 29 [3] 0 [4] 14 [5] 0
Hits@level+ = [0+] 130 [1+] 94 [2+] 43 [3+] 14 [4+] 14 [5+] 0
Hits/KSLOC@level+ = [0+] 45.3594 [1+] 32.7983 [2+] 15.0035 [3+] 4.88486 [4+] 4.88486 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.