Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/htop-3.0.2/Action.c
Examining data/htop-3.0.2/Action.h
Examining data/htop-3.0.2/Affinity.c
Examining data/htop-3.0.2/Affinity.h
Examining data/htop-3.0.2/AffinityPanel.c
Examining data/htop-3.0.2/AffinityPanel.h
Examining data/htop-3.0.2/AvailableColumnsPanel.c
Examining data/htop-3.0.2/AvailableColumnsPanel.h
Examining data/htop-3.0.2/AvailableMetersPanel.c
Examining data/htop-3.0.2/AvailableMetersPanel.h
Examining data/htop-3.0.2/BatteryMeter.c
Examining data/htop-3.0.2/BatteryMeter.h
Examining data/htop-3.0.2/CPUMeter.c
Examining data/htop-3.0.2/CPUMeter.h
Examining data/htop-3.0.2/CRT.c
Examining data/htop-3.0.2/CRT.h
Examining data/htop-3.0.2/CategoriesPanel.c
Examining data/htop-3.0.2/CategoriesPanel.h
Examining data/htop-3.0.2/CheckItem.c
Examining data/htop-3.0.2/CheckItem.h
Examining data/htop-3.0.2/ClockMeter.c
Examining data/htop-3.0.2/ClockMeter.h
Examining data/htop-3.0.2/ColorsPanel.c
Examining data/htop-3.0.2/ColorsPanel.h
Examining data/htop-3.0.2/ColumnsPanel.c
Examining data/htop-3.0.2/ColumnsPanel.h
Examining data/htop-3.0.2/DisplayOptionsPanel.c
Examining data/htop-3.0.2/DisplayOptionsPanel.h
Examining data/htop-3.0.2/EnvScreen.c
Examining data/htop-3.0.2/EnvScreen.h
Examining data/htop-3.0.2/FunctionBar.c
Examining data/htop-3.0.2/FunctionBar.h
Examining data/htop-3.0.2/Hashtable.c
Examining data/htop-3.0.2/Hashtable.h
Examining data/htop-3.0.2/Header.c
Examining data/htop-3.0.2/Header.h
Examining data/htop-3.0.2/HostnameMeter.c
Examining data/htop-3.0.2/HostnameMeter.h
Examining data/htop-3.0.2/IncSet.c
Examining data/htop-3.0.2/IncSet.h
Examining data/htop-3.0.2/InfoScreen.c
Examining data/htop-3.0.2/InfoScreen.h
Examining data/htop-3.0.2/ListItem.c
Examining data/htop-3.0.2/ListItem.h
Examining data/htop-3.0.2/LoadAverageMeter.c
Examining data/htop-3.0.2/LoadAverageMeter.h
Examining data/htop-3.0.2/Macros.h
Examining data/htop-3.0.2/MainPanel.c
Examining data/htop-3.0.2/MainPanel.h
Examining data/htop-3.0.2/MemoryMeter.c
Examining data/htop-3.0.2/MemoryMeter.h
Examining data/htop-3.0.2/Meter.c
Examining data/htop-3.0.2/Meter.h
Examining data/htop-3.0.2/MetersPanel.c
Examining data/htop-3.0.2/MetersPanel.h
Examining data/htop-3.0.2/Object.c
Examining data/htop-3.0.2/Object.h
Examining data/htop-3.0.2/OpenFilesScreen.c
Examining data/htop-3.0.2/OpenFilesScreen.h
Examining data/htop-3.0.2/Panel.c
Examining data/htop-3.0.2/Panel.h
Examining data/htop-3.0.2/Process.c
Examining data/htop-3.0.2/Process.h
Examining data/htop-3.0.2/ProcessList.c
Examining data/htop-3.0.2/ProcessList.h
Examining data/htop-3.0.2/RichString.c
Examining data/htop-3.0.2/RichString.h
Examining data/htop-3.0.2/ScreenManager.c
Examining data/htop-3.0.2/ScreenManager.h
Examining data/htop-3.0.2/Settings.c
Examining data/htop-3.0.2/Settings.h
Examining data/htop-3.0.2/SignalsPanel.c
Examining data/htop-3.0.2/SignalsPanel.h
Examining data/htop-3.0.2/StringUtils.c
Examining data/htop-3.0.2/StringUtils.h
Examining data/htop-3.0.2/SwapMeter.c
Examining data/htop-3.0.2/SwapMeter.h
Examining data/htop-3.0.2/TasksMeter.c
Examining data/htop-3.0.2/TasksMeter.h
Examining data/htop-3.0.2/TraceScreen.c
Examining data/htop-3.0.2/TraceScreen.h
Examining data/htop-3.0.2/UptimeMeter.c
Examining data/htop-3.0.2/UptimeMeter.h
Examining data/htop-3.0.2/UsersTable.c
Examining data/htop-3.0.2/UsersTable.h
Examining data/htop-3.0.2/Vector.c
Examining data/htop-3.0.2/Vector.h
Examining data/htop-3.0.2/XAlloc.c
Examining data/htop-3.0.2/XAlloc.h
Examining data/htop-3.0.2/darwin/Battery.c
Examining data/htop-3.0.2/darwin/Battery.h
Examining data/htop-3.0.2/darwin/DarwinCRT.c
Examining data/htop-3.0.2/darwin/DarwinCRT.h
Examining data/htop-3.0.2/darwin/DarwinProcess.c
Examining data/htop-3.0.2/darwin/DarwinProcess.h
Examining data/htop-3.0.2/darwin/DarwinProcessList.c
Examining data/htop-3.0.2/darwin/DarwinProcessList.h
Examining data/htop-3.0.2/darwin/Platform.c
Examining data/htop-3.0.2/darwin/Platform.h
Examining data/htop-3.0.2/dragonflybsd/Battery.c
Examining data/htop-3.0.2/dragonflybsd/Battery.h
Examining data/htop-3.0.2/dragonflybsd/DragonFlyBSDCRT.c
Examining data/htop-3.0.2/dragonflybsd/DragonFlyBSDCRT.h
Examining data/htop-3.0.2/dragonflybsd/DragonFlyBSDProcess.c
Examining data/htop-3.0.2/dragonflybsd/DragonFlyBSDProcess.h
Examining data/htop-3.0.2/dragonflybsd/DragonFlyBSDProcessList.c
Examining data/htop-3.0.2/dragonflybsd/DragonFlyBSDProcessList.h
Examining data/htop-3.0.2/dragonflybsd/Platform.c
Examining data/htop-3.0.2/dragonflybsd/Platform.h
Examining data/htop-3.0.2/freebsd/Battery.c
Examining data/htop-3.0.2/freebsd/Battery.h
Examining data/htop-3.0.2/freebsd/FreeBSDCRT.c
Examining data/htop-3.0.2/freebsd/FreeBSDCRT.h
Examining data/htop-3.0.2/freebsd/FreeBSDProcess.c
Examining data/htop-3.0.2/freebsd/FreeBSDProcess.h
Examining data/htop-3.0.2/freebsd/FreeBSDProcessList.c
Examining data/htop-3.0.2/freebsd/FreeBSDProcessList.h
Examining data/htop-3.0.2/freebsd/Platform.c
Examining data/htop-3.0.2/freebsd/Platform.h
Examining data/htop-3.0.2/htop.c
Examining data/htop-3.0.2/linux/Battery.c
Examining data/htop-3.0.2/linux/Battery.h
Examining data/htop-3.0.2/linux/IOPriority.h
Examining data/htop-3.0.2/linux/IOPriorityPanel.c
Examining data/htop-3.0.2/linux/IOPriorityPanel.h
Examining data/htop-3.0.2/linux/LinuxCRT.c
Examining data/htop-3.0.2/linux/LinuxCRT.h
Examining data/htop-3.0.2/linux/LinuxProcess.c
Examining data/htop-3.0.2/linux/LinuxProcess.h
Examining data/htop-3.0.2/linux/LinuxProcessList.c
Examining data/htop-3.0.2/linux/LinuxProcessList.h
Examining data/htop-3.0.2/linux/Platform.c
Examining data/htop-3.0.2/linux/Platform.h
Examining data/htop-3.0.2/linux/PressureStallMeter.c
Examining data/htop-3.0.2/linux/PressureStallMeter.h
Examining data/htop-3.0.2/openbsd/Battery.c
Examining data/htop-3.0.2/openbsd/Battery.h
Examining data/htop-3.0.2/openbsd/OpenBSDCRT.c
Examining data/htop-3.0.2/openbsd/OpenBSDCRT.h
Examining data/htop-3.0.2/openbsd/OpenBSDProcess.c
Examining data/htop-3.0.2/openbsd/OpenBSDProcess.h
Examining data/htop-3.0.2/openbsd/OpenBSDProcessList.c
Examining data/htop-3.0.2/openbsd/OpenBSDProcessList.h
Examining data/htop-3.0.2/openbsd/Platform.c
Examining data/htop-3.0.2/openbsd/Platform.h
Examining data/htop-3.0.2/solaris/Battery.c
Examining data/htop-3.0.2/solaris/Battery.h
Examining data/htop-3.0.2/solaris/Platform.c
Examining data/htop-3.0.2/solaris/Platform.h
Examining data/htop-3.0.2/solaris/SolarisCRT.c
Examining data/htop-3.0.2/solaris/SolarisCRT.h
Examining data/htop-3.0.2/solaris/SolarisProcess.c
Examining data/htop-3.0.2/solaris/SolarisProcess.h
Examining data/htop-3.0.2/solaris/SolarisProcessList.c
Examining data/htop-3.0.2/solaris/SolarisProcessList.h
Examining data/htop-3.0.2/unsupported/Battery.c
Examining data/htop-3.0.2/unsupported/Battery.h
Examining data/htop-3.0.2/unsupported/Platform.c
Examining data/htop-3.0.2/unsupported/Platform.h
Examining data/htop-3.0.2/unsupported/UnsupportedCRT.c
Examining data/htop-3.0.2/unsupported/UnsupportedCRT.h
Examining data/htop-3.0.2/unsupported/UnsupportedProcess.c
Examining data/htop-3.0.2/unsupported/UnsupportedProcess.h
Examining data/htop-3.0.2/unsupported/UnsupportedProcessList.c
Examining data/htop-3.0.2/unsupported/UnsupportedProcessList.h
Examining data/htop-3.0.2/zfs/ZfsArcMeter.c
Examining data/htop-3.0.2/zfs/ZfsArcMeter.h
Examining data/htop-3.0.2/zfs/ZfsArcStats.c
Examining data/htop-3.0.2/zfs/ZfsArcStats.h
Examining data/htop-3.0.2/zfs/ZfsCompressedArcMeter.c
Examining data/htop-3.0.2/zfs/ZfsCompressedArcMeter.h
Examining data/htop-3.0.2/zfs/openzfs_sysctl.c
Examining data/htop-3.0.2/zfs/openzfs_sysctl.h

FINAL RESULTS:

data/htop-3.0.2/CRT.c:522:35:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define DIE(msg) do { CRT_done(); fprintf(stderr, msg); exit(1); } while(0)
data/htop-3.0.2/OpenFilesScreen.c:79:7:  [4] (shell) execlp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
      execlp("lsof", "lsof", "-P", "-p", buffer, "-F", NULL);
data/htop-3.0.2/TraceScreen.c:88:10:  [4] (shell) execlp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
         execlp("strace", "strace", "-T", "-tt", "-s", "512", "-p", buffer, NULL);
data/htop-3.0.2/XAlloc.c:46:58:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define xSnprintf(fmt, len, ...) do { int _l=len; int _n=snprintf(fmt, _l, __VA_ARGS__); if (!(_n > -1 && _n < _l)) { curs_set(1); endwin(); err(1, NULL); } } while(0)
data/htop-3.0.2/XAlloc.h:24:58:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define xSnprintf(fmt, len, ...) do { int _l=len; int _n=snprintf(fmt, _l, __VA_ARGS__); if (!(_n > -1 && _n < _l)) { curs_set(1); endwin(); err(1, NULL); } } while(0)
data/htop-3.0.2/htop.c:209:8:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
   if (access(PROCDIR, R_OK) != 0) {
data/htop-3.0.2/linux/LinuxProcessList.c:478:10:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
   if ( (access("/proc/vz", R_OK) != 0)) {
data/htop-3.0.2/CRT.c:582:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
   CRT_termType = getenv("TERM");
data/htop-3.0.2/Settings.c:323:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
   char* rcfile = getenv("HTOPRC");
data/htop-3.0.2/Settings.c:327:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      const char* home = getenv("HOME");
data/htop-3.0.2/Settings.c:329:35:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
      const char* xdgConfigHome = getenv("XDG_CONFIG_HOME");
data/htop-3.0.2/htop.c:101:18:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
   while ((opt = getopt_long(argc, argv, "hvmCs:td:u::Up:", long_opts, &opti))) {
data/htop-3.0.2/htop.c:140:25:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
               optarg = getenv("USER");
data/htop-3.0.2/htop.c:198:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
   char *lc_ctype = getenv("LC_CTYPE");
data/htop-3.0.2/htop.c:201:25:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
   else if ((lc_ctype = getenv("LC_ALL")))
data/htop-3.0.2/AffinityPanel.c:261:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buf[64], indent_buf[left + 1];
data/htop-3.0.2/AffinityPanel.c:369:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char number[16];
data/htop-3.0.2/AvailableColumnsPanel.c:74:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         char description[256];
data/htop-3.0.2/AvailableMetersPanel.c:112:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         char buffer[50];
data/htop-3.0.2/CPUMeter.c:26:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char caption[10];
data/htop-3.0.2/CPUMeter.c:44:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char cpuFrequencyBuffer[16];
data/htop-3.0.2/CPUMeter.c:63:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[50];
data/htop-3.0.2/CRT.c:42:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *CRT_treeStrAscii[TREE_STR_COUNT] = {
data/htop-3.0.2/CRT.c:54:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *CRT_treeStrUtf8[TREE_STR_COUNT] = {
data/htop-3.0.2/CRT.c:601:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char sequence[3] = "\033a";
data/htop-3.0.2/CRT.h:116:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern const char *CRT_treeStrAscii[TREE_STR_COUNT];
data/htop-3.0.2/CRT.h:120:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern const char *CRT_treeStrUtf8[TREE_STR_COUNT];
data/htop-3.0.2/Header.c:133:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(name, Meter_name(meter), nameLen);
data/htop-3.0.2/IncSet.h:24:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[INCMODE_MAX+1];
data/htop-3.0.2/ListItem.c:64:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(this->value + oldLen, text, textLen);
data/htop-3.0.2/LoadAverageMeter.c:27:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[20];
data/htop-3.0.2/LoadAverageMeter.c:47:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[20];
data/htop-3.0.2/MemoryMeter.c:38:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[50];
data/htop-3.0.2/Meter.c:128:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char mode[21];
data/htop-3.0.2/Meter.c:133:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char number[11];
data/htop-3.0.2/Meter.c:138:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[51];
data/htop-3.0.2/Meter.c:148:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[METER_BUFFER_LEN];
data/htop-3.0.2/Meter.c:168:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[METER_BUFFER_LEN];
data/htop-3.0.2/Meter.c:188:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char bar[w + 1];
data/htop-3.0.2/Meter.c:293:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[nValues];
data/htop-3.0.2/Meter.c:362:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[METER_BUFFER_LEN];
data/htop-3.0.2/OpenFilesScreen.c:55:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[1025];
data/htop-3.0.2/OpenFilesScreen.c:74:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      int fdnull = open("/dev/null", O_WRONLY);
data/htop-3.0.2/OpenFilesScreen.c:137:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         char entry[sizeEntry];
data/htop-3.0.2/Process.c:41:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char Process_pidFormat[20] = "%7d ";
data/htop-3.0.2/Process.c:43:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char Process_titleBuffer[20][20];
data/htop-3.0.2/Process.c:59:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[11];
data/htop-3.0.2/Process.c:107:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[14];
data/htop-3.0.2/Process.c:150:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[11];
data/htop-3.0.2/Process.c:226:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[256]; buffer[255] = '\0';
data/htop-3.0.2/Process.h:96:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char starttime_show[8];
data/htop-3.0.2/Process.h:141:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char Process_pidFormat[20];
data/htop-3.0.2/Process.h:170:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char Process_pidFormat[20];
data/htop-3.0.2/RichString.c:21:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(this->chptr, this->chstr, charBytes(this->chlen));
data/htop-3.0.2/RichString.c:25:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(this->chstr, this->chptr, charBytes(len));
data/htop-3.0.2/RichString.c:42:4:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   wchar_t data[len+1];
data/htop-3.0.2/Settings.c:50:18:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      modes[i] = atoi(ids[i]);
data/htop-3.0.2/Settings.c:102:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      int id = atoi(ids[i]) + 1;
data/htop-3.0.2/Settings.c:116:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   fd = fopen(fileName, "r");
data/htop-3.0.2/Settings.c:139:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->sortKey = atoi(option[1]) + 1;
data/htop-3.0.2/Settings.c:141:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->direction = atoi(option[1]);
data/htop-3.0.2/Settings.c:143:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->treeView = atoi(option[1]);
data/htop-3.0.2/Settings.c:145:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->hideThreads = atoi(option[1]);
data/htop-3.0.2/Settings.c:147:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->hideKernelThreads = atoi(option[1]);
data/htop-3.0.2/Settings.c:149:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->hideUserlandThreads = atoi(option[1]);
data/htop-3.0.2/Settings.c:151:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->shadowOtherUsers = atoi(option[1]);
data/htop-3.0.2/Settings.c:153:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->showThreadNames = atoi(option[1]);
data/htop-3.0.2/Settings.c:155:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->showProgramPath = atoi(option[1]);
data/htop-3.0.2/Settings.c:157:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->highlightBaseName = atoi(option[1]);
data/htop-3.0.2/Settings.c:159:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->highlightMegabytes = atoi(option[1]);
data/htop-3.0.2/Settings.c:161:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->highlightThreads = atoi(option[1]);
data/htop-3.0.2/Settings.c:163:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->headerMargin = atoi(option[1]);
data/htop-3.0.2/Settings.c:166:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->detailedCPUTime = atoi(option[1]);
data/htop-3.0.2/Settings.c:168:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->detailedCPUTime = atoi(option[1]);
data/htop-3.0.2/Settings.c:170:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->countCPUsFromZero = atoi(option[1]);
data/htop-3.0.2/Settings.c:172:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->showCPUUsage = atoi(option[1]);
data/htop-3.0.2/Settings.c:174:35:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->showCPUFrequency = atoi(option[1]);
data/htop-3.0.2/Settings.c:176:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->updateProcessNames = atoi(option[1]);
data/htop-3.0.2/Settings.c:178:41:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->accountGuestInCPUMeter = atoi(option[1]);
data/htop-3.0.2/Settings.c:180:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->delay = atoi(option[1]);
data/htop-3.0.2/Settings.c:182:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->colorScheme = atoi(option[1]);
data/htop-3.0.2/Settings.c:185:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->enableMouse = atoi(option[1]);
data/htop-3.0.2/Settings.c:200:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         this->topologyAffinity = !!atoi(option[1]);
data/htop-3.0.2/Settings.c:245:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   fd = fopen(this->filename, "w");
data/htop-3.0.2/SignalsPanel.c:36:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      static char buf[16];
data/htop-3.0.2/StringUtils.c:21:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(out, s1, l1);
data/htop-3.0.2/StringUtils.c:22:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(out+l1, s2, l2+1);
data/htop-3.0.2/StringUtils.c:95:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char match[50];
data/htop-3.0.2/SwapMeter.c:38:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[50];
data/htop-3.0.2/TasksMeter.c:36:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[20];
data/htop-3.0.2/TraceScreen.c:77:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[1001];
data/htop-3.0.2/TraceScreen.c:104:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[1001];
data/htop-3.0.2/UptimeMeter.c:31:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char daysbuf[32];
data/htop-3.0.2/darwin/DarwinProcessList.c:35:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char str[256] = {0};
data/htop-3.0.2/darwin/DarwinProcessList.c:40:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(k->version, version_, sizeof(version_));
data/htop-3.0.2/darwin/Platform.c:290:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
               memcpy(env, p, size);
data/htop-3.0.2/dragonflybsd/DragonFlyBSDProcess.c:88:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[256]; buffer[255] = '\0';
data/htop-3.0.2/dragonflybsd/DragonFlyBSDProcessList.c:46:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char errbuf[_POSIX2_LINE_MAX];
data/htop-3.0.2/dragonflybsd/DragonFlyBSDProcessList.c:336:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      jailid = atoi(strtok(curpos, " "));
data/htop-3.0.2/dragonflybsd/DragonFlyBSDProcessList.h:23:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char jail_errmsg[JAIL_ERRMSGLEN];
data/htop-3.0.2/freebsd/FreeBSDProcess.c:88:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[256]; buffer[255] = '\0';
data/htop-3.0.2/freebsd/FreeBSDProcessList.c:25:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char jail_errmsg[JAIL_ERRMSGLEN];
data/htop-3.0.2/freebsd/FreeBSDProcessList.c:46:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char errbuf[_POSIX2_LINE_MAX];
data/htop-3.0.2/freebsd/FreeBSDProcessList.c:338:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char   jnamebuf[MAXHOSTNAMELEN];
data/htop-3.0.2/freebsd/FreeBSDProcessList.h:19:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char jail_errmsg[JAIL_ERRMSGLEN];
data/htop-3.0.2/htop.c:171:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                unsigned int num_pid = atoi(pid);
data/htop-3.0.2/linux/Battery.c:58:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char infoPath[30];
data/htop-3.0.2/linux/Battery.c:61:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      FILE* file = fopen(infoPath, "r");
data/htop-3.0.2/linux/Battery.c:78:42:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      const unsigned long int foundNum = atoi(foundNumStr);
data/htop-3.0.2/linux/Battery.c:110:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char statePath[256];
data/htop-3.0.2/linux/Battery.c:112:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      FILE* file = fopen(statePath, "r");
data/htop-3.0.2/linux/Battery.c:194:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      const char filePath[256];
data/htop-3.0.2/linux/Battery.c:197:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      int fd1 = open(filePath, O_RDONLY);
data/htop-3.0.2/linux/Battery.c:201:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char type[8];
data/htop-3.0.2/linux/Battery.c:209:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
         int fd2 = open(filePath, O_RDONLY);
data/htop-3.0.2/linux/Battery.c:214:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         char buffer[1024];
data/htop-3.0.2/linux/Battery.c:242:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
               totalFull += atoi(value);
data/htop-3.0.2/linux/Battery.c:249:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
               totalRemain += atoi(value);
data/htop-3.0.2/linux/Battery.c:262:20:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
         int fd3 = open(filePath, O_RDONLY);
data/htop-3.0.2/linux/Battery.c:267:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         char buffer[2] = "";
data/htop-3.0.2/linux/IOPriorityPanel.c:24:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         char name[50];
data/htop-3.0.2/linux/LinuxProcess.c:194:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[256]; buffer[255] = '\0';
data/htop-3.0.2/linux/LinuxProcessList.c:69:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   int fd = open(PROCTTYDRIVERSFILE, O_RDONLY);
data/htop-3.0.2/linux/LinuxProcessList.c:105:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      ttyDrivers[numDrivers].major = atoi(token); // save
data/htop-3.0.2/linux/LinuxProcessList.c:111:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         ttyDrivers[numDrivers].minorFrom = atoi(token); // save
data/htop-3.0.2/linux/LinuxProcessList.c:115:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         ttyDrivers[numDrivers].minorTo = atoi(token); // save
data/htop-3.0.2/linux/LinuxProcessList.c:118:45:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         ttyDrivers[numDrivers].minorFrom = atoi(token); // save
data/htop-3.0.2/linux/LinuxProcessList.c:119:43:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
         ttyDrivers[numDrivers].minorTo = atoi(token); // save
data/htop-3.0.2/linux/LinuxProcessList.c:164:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   FILE* file = fopen(PROCDIR "/self/smaps_rollup", "r");
data/htop-3.0.2/linux/LinuxProcessList.c:173:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   file = fopen(PROCSTATFILE, "r");
data/htop-3.0.2/linux/LinuxProcessList.c:179:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[PROC_LINE_LENGTH + 1];
data/htop-3.0.2/linux/LinuxProcessList.c:232:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char filename[MAX_NAME+1];
data/htop-3.0.2/linux/LinuxProcessList.c:234:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   int fd = open(filename, O_RDONLY);
data/htop-3.0.2/linux/LinuxProcessList.c:238:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   static char buf[MAX_READ+1];
data/htop-3.0.2/linux/LinuxProcessList.c:245:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   assert(process->pid == atoi(buf));
data/htop-3.0.2/linux/LinuxProcessList.c:254:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(command, location, commsize);
data/htop-3.0.2/linux/LinuxProcessList.c:311:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char filename[MAX_NAME+1];
data/htop-3.0.2/linux/LinuxProcessList.c:326:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char filename[MAX_NAME+1];
data/htop-3.0.2/linux/LinuxProcessList.c:330:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   int fd = open(filename, O_RDONLY);
data/htop-3.0.2/linux/LinuxProcessList.c:346:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[1024];
data/htop-3.0.2/linux/LinuxProcessList.c:397:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char filename[MAX_NAME+1];
data/htop-3.0.2/linux/LinuxProcessList.c:399:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   int fd = open(filename, O_RDONLY);
data/htop-3.0.2/linux/LinuxProcessList.c:402:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buf[PROC_LINE_LENGTH + 1];
data/htop-3.0.2/linux/LinuxProcessList.c:423:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[PAGE_SIZE];// 4k
data/htop-3.0.2/linux/LinuxProcessList.c:432:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   int fd = open(buffer, O_RDONLY);
data/htop-3.0.2/linux/LinuxProcessList.c:483:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char filename[MAX_NAME+1];
data/htop-3.0.2/linux/LinuxProcessList.c:485:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   FILE* file = fopen(filename, "r");
data/htop-3.0.2/linux/LinuxProcessList.c:506:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char filename[MAX_NAME+1];
data/htop-3.0.2/linux/LinuxProcessList.c:508:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   FILE* file = fopen(filename, "r");
data/htop-3.0.2/linux/LinuxProcessList.c:513:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char output[PROC_LINE_LENGTH + 1];
data/htop-3.0.2/linux/LinuxProcessList.c:518:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[PROC_LINE_LENGTH + 1];
data/htop-3.0.2/linux/LinuxProcessList.c:541:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char filename[MAX_NAME+1];
data/htop-3.0.2/linux/LinuxProcessList.c:543:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   FILE* file = fopen(filename, "r");
data/htop-3.0.2/linux/LinuxProcessList.c:546:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[PROC_LINE_LENGTH + 1];
data/htop-3.0.2/linux/LinuxProcessList.c:572:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char filename[MAX_NAME+1];
data/htop-3.0.2/linux/LinuxProcessList.c:574:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   FILE* file = fopen(filename, "r");
data/htop-3.0.2/linux/LinuxProcessList.c:578:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[PROC_LINE_LENGTH + 1];
data/htop-3.0.2/linux/LinuxProcessList.c:669:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char filename[MAX_NAME+1];
data/htop-3.0.2/linux/LinuxProcessList.c:671:13:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   int fd = open(filename, O_RDONLY);
data/htop-3.0.2/linux/LinuxProcessList.c:675:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char command[4096+1]; // max cmdline length on Linux
data/htop-3.0.2/linux/LinuxProcessList.c:782:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
      int pid = atoi(name);
data/htop-3.0.2/linux/LinuxProcessList.c:796:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char subdirname[MAX_NAME+1];
data/htop-3.0.2/linux/LinuxProcessList.c:825:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char command[MAX_NAME+1];
data/htop-3.0.2/linux/LinuxProcessList.c:928:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   FILE* file = fopen(PROCMEMINFOFILE, "r");
data/htop-3.0.2/linux/LinuxProcessList.c:932:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[128];
data/htop-3.0.2/linux/LinuxProcessList.c:977:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   FILE* file = fopen(PROCARCSTATSFILE, "r");
data/htop-3.0.2/linux/LinuxProcessList.c:982:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[128];
data/htop-3.0.2/linux/LinuxProcessList.c:1036:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   FILE* file = fopen(PROCSTATFILE, "r");
data/htop-3.0.2/linux/LinuxProcessList.c:1043:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[PROC_LINE_LENGTH + 1];
data/htop-3.0.2/linux/LinuxProcessList.c:1121:20:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      FILE* file = fopen(PROCCPUINFOFILE, "r");
data/htop-3.0.2/linux/LinuxProcessList.c:1129:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         char buffer[PROC_LINE_LENGTH];
data/htop-3.0.2/linux/LinuxProcessList.c:1138:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
               char tmpbuffer[64];
data/htop-3.0.2/linux/Platform.c:136:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   FILE* fd = fopen(PROCDIR "/uptime", "r");
data/htop-3.0.2/linux/Platform.c:148:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   FILE *fd = fopen(PROCDIR "/loadavg", "r");
data/htop-3.0.2/linux/Platform.c:159:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   FILE* file = fopen(PROCDIR "/sys/kernel/pid_max", "r");
data/htop-3.0.2/linux/Platform.c:233:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char procname[32+1];
data/htop-3.0.2/linux/Platform.c:235:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   FILE* fd = fopen(procname, "r");
data/htop-3.0.2/linux/Platform.c:259:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char procname[128+1];
data/htop-3.0.2/linux/Platform.c:261:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   FILE *fd = fopen(procname, "r");
data/htop-3.0.2/linux/PressureStallMeter.c:46:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[20];
data/htop-3.0.2/openbsd/OpenBSDProcess.c:183:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[256]; buffer[255] = '\0';
data/htop-3.0.2/openbsd/OpenBSDProcessList.c:39:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char errbuf[_POSIX2_LINE_MAX];
data/htop-3.0.2/openbsd/Platform.c:238:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char errbuf[_POSIX2_LINE_MAX];
data/htop-3.0.2/solaris/Platform.c:117:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char Process_pidFormat[20];
data/htop-3.0.2/solaris/Platform.h:46:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char Process_pidFormat[20];
data/htop-3.0.2/solaris/SolarisProcess.c:98:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[256]; buffer[255] = '\0';
data/htop-3.0.2/solaris/SolarisProcessList.h:27:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char zone_errmsg[ZONE_ERRMSGLEN];
data/htop-3.0.2/unsupported/Platform.c:84:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char Process_pidFormat[20];
data/htop-3.0.2/unsupported/Platform.h:30:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char Process_pidFormat[20];
data/htop-3.0.2/zfs/ZfsArcMeter.c:59:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[50];
data/htop-3.0.2/zfs/ZfsCompressedArcMeter.c:52:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[50];
data/htop-3.0.2/AffinityPanel.c:273:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         size_t len = strlen(&indent_buf[off]);
data/htop-3.0.2/AffinityPanel.c:278:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t len = strlen(&indent_buf[off]);
data/htop-3.0.2/AffinityPanel.c:299:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   unsigned width = 4 + 3 * depth + (2 * !depth) + strlen(buf);
data/htop-3.0.2/AffinityPanel.c:371:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      unsigned cpu_width = 4 + strlen(number);
data/htop-3.0.2/FunctionBar.c:97:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      x += strlen(this->keys[i]);
data/htop-3.0.2/FunctionBar.c:100:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      x += strlen(this->functions[i]);
data/htop-3.0.2/FunctionBar.c:105:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      CRT_cursorX = x + strlen(buffer);
data/htop-3.0.2/FunctionBar.c:116:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      x += strlen(this->keys[i]);
data/htop-3.0.2/FunctionBar.c:117:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      x += strlen(this->functions[i]);
data/htop-3.0.2/Header.c:130:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   int nameLen = strlen(Meter_name(meter));
data/htop-3.0.2/ListItem.c:60:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   int oldLen = strlen(this->value);
data/htop-3.0.2/ListItem.c:61:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   int textLen = strlen(text);
data/htop-3.0.2/ListItem.c:62:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   int newLen = strlen(this->value) + textLen;
data/htop-3.0.2/Meter.c:154:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   int captionLen = strlen(this->caption);
data/htop-3.0.2/Meter.c:375:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   int xx = x + strlen(this->caption);
data/htop-3.0.2/OpenFilesScreen.c:135:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         int lenN = data['n'] ? strlen(data['n']) : 0;
data/htop-3.0.2/Panel.c:415:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      int len = strlen(buffer);
data/htop-3.0.2/Panel.c:421:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         len = strlen(buffer);
data/htop-3.0.2/ProcessList.c:223:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      int len = strlen(title);
data/htop-3.0.2/RichString.c:116:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   RichString_writeFrom(this, attrs, data, this->chlen, strlen(data));
data/htop-3.0.2/RichString.c:124:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   RichString_writeFrom(this, attrs, data, 0, strlen(data));
data/htop-3.0.2/StringUtils.c:18:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   int l1 = strlen(s1);
data/htop-3.0.2/StringUtils.c:19:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   int l2 = strlen(s2);
data/htop-3.0.2/StringUtils.c:31:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   int len = strlen(in);
data/htop-3.0.2/StringUtils.c:36:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
   strncpy(out, in, len);
data/htop-3.0.2/StringUtils.c:61:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(token, s, size);
data/htop-3.0.2/StringUtils.c:92:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   const unsigned short int len = strlen(line);
data/htop-3.0.2/StringUtils.h:12:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define String_startsWith(s, match) (strncmp((s),(match),strlen(match)) == 0)
data/htop-3.0.2/TraceScreen.c:91:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      ssize_t written = write(this->fdpair[1], message, strlen(message));
data/htop-3.0.2/darwin/DarwinProcess.c:199:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   *basenameOffset = strlen(retval);
data/htop-3.0.2/dragonflybsd/DragonFlyBSDProcessList.c:278:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len += strlen(argv[i]) + 1;
data/htop-3.0.2/freebsd/FreeBSDProcessList.c:316:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len += strlen(argv[i]) + 1;
data/htop-3.0.2/linux/Battery.c:165:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
     ssize_t res = read(fd, buf, count);
data/htop-3.0.2/linux/Battery.c:228:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
           (String_startsWith(str,prefix) ? (str) + strlen(prefix) : NULL)
data/htop-3.0.2/linux/Battery.c:269:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            ssize_t res = read(fd3, buffer, 1);
data/htop-3.0.2/linux/LinuxProcessList.c:49:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
     ssize_t res = read(fd, buf, count);
data/htop-3.0.2/linux/LinuxProcessList.c:440:23:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
   while ( ( nread =  read(fd,buffer, sizeof(buffer)) ) > 0 ){
data/htop-3.0.2/linux/LinuxProcessList.c:660:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy(process->comm, command, len + 1);
data/htop-3.0.2/linux/LinuxProcessList.c:935:101:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      #define tryRead(label, variable) do { if (String_startsWith(buffer, label) && sscanf(buffer + strlen(label), " %32llu kB", variable)) { break; } } while(0)
data/htop-3.0.2/linux/LinuxProcessList.c:984:101:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      #define tryRead(label, variable) do { if (String_startsWith(buffer, label) && sscanf(buffer + strlen(label), " %*2u %32llu", variable)) { break; } } while(0)
data/htop-3.0.2/linux/LinuxProcessList.c:985:111:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      #define tryReadFlag(label, variable, flag) do { if (String_startsWith(buffer, label) && sscanf(buffer + strlen(label), " %*2u %32llu", variable)) { flag = 1; break; } else { flag = 0; } } while(0)
data/htop-3.0.2/openbsd/OpenBSDProcessList.c:147:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      *basenameEnd = strlen(kproc->p_comm);
data/htop-3.0.2/openbsd/OpenBSDProcessList.c:151:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len += strlen(arg[i]) + 1;   /* room for arg and trailing space or NUL */
data/htop-3.0.2/openbsd/OpenBSDProcessList.c:155:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      *basenameEnd = strlen(kproc->p_comm);
data/htop-3.0.2/openbsd/Platform.c:262:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t len = strlen(*p) + 1;
data/htop-3.0.2/solaris/Platform.c:224:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   size_t thissz = strlen(str);
data/htop-3.0.2/solaris/Platform.c:230:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant character.
   strncpy( accump->env + accump->size + thissz + 1, "\n", 1);
data/htop-3.0.2/solaris/Platform.c:252:4:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant character.
   strncpy( envBuilder.env + envBuilder.size, "\0", 1);
data/htop-3.0.2/unsupported/UnsupportedProcessList.c:59:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
    strncpy(proc->starttime_show, "Jun 01 ", sizeof(proc->starttime_show));

ANALYSIS SUMMARY:

Hits = 240
Lines analyzed = 19752 in approximately 0.59 seconds (33475 lines/second)
Physical Source Lines of Code (SLOC) = 15314
Hits@level = [0] 132 [1]  49 [2] 176 [3]   8 [4]   7 [5]   0
Hits@level+ = [0+] 372 [1+] 240 [2+] 191 [3+]  15 [4+]   7 [5+]   0
Hits/KSLOC@level+ = [0+] 24.2915 [1+] 15.6719 [2+] 12.4722 [3+] 0.979496 [4+] 0.457098 [5+]   0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.