Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/iotjs-1.0+715/config/mbedtls/config-for-iotjs.h
Examining data/iotjs-1.0+715/config/nuttx/stm32f4dis/app/iotjs_main.c
Examining data/iotjs-1.0+715/config/nuttx/stm32f4dis/app/jerry_port.c
Examining data/iotjs-1.0+715/config/nuttx/stm32f4dis/app/setjmp.h
Examining data/iotjs-1.0+715/config/tizen/template/IoTjsApp/project/inc/main.h
Examining data/iotjs-1.0+715/config/tizen/template/IoTjsApp/project/src/main.c
Examining data/iotjs-1.0+715/deps/http-parser/bench.c
Examining data/iotjs-1.0+715/deps/http-parser/contrib/parsertrace.c
Examining data/iotjs-1.0+715/deps/http-parser/contrib/url_parser.c
Examining data/iotjs-1.0+715/deps/http-parser/http_parser.c
Examining data/iotjs-1.0+715/deps/http-parser/http_parser.h
Examining data/iotjs-1.0+715/deps/http-parser/test.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/api/jerry-debugger-transport.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/api/jerry-debugger.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/api/jerry-snapshot.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/api/jerry-snapshot.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/api/jerry.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/config.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-alloc.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-alloc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-gc.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-gc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-globals.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-collection.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-conversion.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-errol.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-external-pointers.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-number.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-string.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-value.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-init-finalize.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-init-finalize.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-lcache.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-lcache.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-literal-storage.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-literal-storage.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-module.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-module.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-property-hashmap.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-property-hashmap.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-array-iterator-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-array-iterator-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-array-prototype-unscopables.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-array-prototype-unscopables.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-array-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-array-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-array.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-array.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-arraybuffer-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-arraybuffer-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-arraybuffer.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-arraybuffer.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-async-function-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-async-function-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-async-function.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-async-function.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-async-generator-function.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-async-generator-function.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-async-generator-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-async-generator-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-async-generator.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-async-generator.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-async-iterator-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-async-iterator-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-boolean-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-boolean-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-boolean.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-boolean.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-dataview-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-dataview-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-dataview.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-dataview.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-date-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-date.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-date.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-error-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-error-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-error.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-error.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-evalerror-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-evalerror-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-evalerror.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-evalerror.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-function-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-function-prototype.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-function-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-function.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-function.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-generator-function.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-generator-function.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-generator-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-generator-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-generator.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-generator.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-global.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-global.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-helpers-date.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-helpers-error.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-helpers-json.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-helpers-macro-defines.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-helpers-macro-undefs.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-helpers-sort.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-helpers.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-helpers.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-internal-routines-template.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-intrinsic.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-intrinsic.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-iterator-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-iterator-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-json.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-json.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-map-iterator-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-map-iterator-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-map-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-map-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-map.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-map.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-math.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-math.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-number-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-number-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-number.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-number.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-object-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-object-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-object.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-object.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-object.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-promise-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-promise-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-promise.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-promise.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-proxy.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-proxy.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-rangeerror-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-rangeerror-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-rangeerror.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-rangeerror.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-referenceerror-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-referenceerror-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-referenceerror.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-referenceerror.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-reflect.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-reflect.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-regexp-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-regexp-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-regexp.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-regexp.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-set-iterator-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-set-iterator-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-set-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-set-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-set.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-set.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-string-iterator-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-string-iterator-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-string-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-string-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-string.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-string.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-symbol-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-symbol-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-symbol.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-symbol.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-syntaxerror-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-syntaxerror-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-syntaxerror.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-syntaxerror.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-type-error-thrower.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-type-error-thrower.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-typeerror-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-typeerror-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-typeerror.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-typeerror.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-urierror-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-urierror-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-urierror.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-urierror.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-weakmap-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-weakmap-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-weakmap.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-weakmap.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-weakset-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-weakset-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-weakset.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-weakset.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtins-internal.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtins.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtins.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtins.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-float32array-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-float32array-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-float32array.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-float32array.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-float64array-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-float64array-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-float64array.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-float64array.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-int16array-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-int16array-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-int16array.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-int16array.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-int32array-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-int32array-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-int32array.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-int32array.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-int8array-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-int8array-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-int8array.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-int8array.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-helpers.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-helpers.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype-template.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-template.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-uint16array-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-uint16array-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-uint16array.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-uint16array.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-uint32array-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-uint32array-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-uint32array.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-uint32array.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-uint8array-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-uint8array-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-uint8array.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-uint8array.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-uint8clampedarray-prototype.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-uint8clampedarray-prototype.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-uint8clampedarray.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-uint8clampedarray.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-array-object.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-array-object.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-arraybuffer-object.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-arraybuffer-object.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-async-generator-object.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-async-generator-object.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-boolean-object.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-boolean-object.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-comparison.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-comparison.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-container-object.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-container-object.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-conversion.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-conversion.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-dataview-object.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-dataview-object.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-eval.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-eval.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-exceptions.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-exceptions.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-function-object.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-function-object.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-get-put-value.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-iterator-object.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-iterator-object.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-jobqueue.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-jobqueue.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-lex-env.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-lex-env.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-number-arithmetic.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-number-arithmetic.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-number-object.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-number-object.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-objects-arguments.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-objects-arguments.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-objects-general.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-objects-general.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-objects.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-objects.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-promise-object.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-promise-object.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-proxy-object.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-proxy-object.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-reference.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-reference.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-regexp-object.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-regexp-object.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-string-object.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-string-object.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-symbol-object.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-symbol-object.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-try-catch-macro.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-typedarray-object.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-typedarray-object.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/include/jerryscript-compiler.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/include/jerryscript-core.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/include/jerryscript-debugger-transport.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/include/jerryscript-debugger.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/include/jerryscript-port.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/include/jerryscript-snapshot.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/include/jerryscript.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/jcontext/jcontext.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/jcontext/jcontext.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/jmem/jmem-allocator-internal.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/jmem/jmem-allocator.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/jmem/jmem-heap.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/jmem/jmem-poolman.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/jmem/jmem.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/jrt/jrt-bit-fields.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/jrt/jrt-fatals.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/jrt/jrt-libc-includes.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/jrt/jrt-types.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/jrt/jrt.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/lit/lit-char-helpers.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/lit/lit-char-helpers.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/lit/lit-globals.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/lit/lit-magic-strings.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/lit/lit-magic-strings.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/lit/lit-magic-strings.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/lit/lit-strings.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/lit/lit-strings.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/lit/lit-unicode-conversions-sup.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/lit/lit-unicode-conversions.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/lit/lit-unicode-folding.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/lit/lit-unicode-ranges-sup.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/lit/lit-unicode-ranges.inc.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/byte-code.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/byte-code.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/common.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/common.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-lexer.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-lexer.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser-expr.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser-internal.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser-limits.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser-mem.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser-module.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser-statm.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser-tagged-template-literal.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser-tagged-template-literal.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser-util.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-scanner-internal.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-scanner-ops.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-scanner-util.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-scanner.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-scanner.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/regexp/re-bytecode.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/regexp/re-bytecode.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/regexp/re-compiler-context.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/regexp/re-compiler.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/regexp/re-compiler.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/regexp/re-parser.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/regexp/re-parser.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/parser/regexp/re-token.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/vm/opcodes-ecma-arithmetics.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/vm/opcodes-ecma-bitwise.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/vm/opcodes-ecma-relational-equality.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/vm/opcodes.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/vm/opcodes.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/vm/vm-defines.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/vm/vm-stack.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/vm/vm-stack.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/vm/vm-utils.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/vm/vm.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-core/vm/vm.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/arg/arg-internal.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/arg/arg-js-iterator-helper.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/arg/arg-transform-functions.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/arg/arg.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/common/jext-common.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/debugger/debugger-common.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/debugger/debugger-rp.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/debugger/debugger-serial.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/debugger/debugger-sha1.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/debugger/debugger-sha1.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/debugger/debugger-tcp.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/debugger/debugger-ws.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/handle-scope/handle-scope-allocator.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/handle-scope/handle-scope-internal.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/handle-scope/handle-scope.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/handler/handler-assert.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/handler/handler-gc.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/handler/handler-print.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/handler/handler-register.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/handler/handler-resource-name.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/include/jerryscript-ext/arg.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/include/jerryscript-ext/arg.impl.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/include/jerryscript-ext/autorelease.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/include/jerryscript-ext/autorelease.impl.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/include/jerryscript-ext/debugger.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/include/jerryscript-ext/handle-scope.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/include/jerryscript-ext/handler.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/include/jerryscript-ext/module.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-ext/module/module.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/acos.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/acosh.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/asin.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/asinh.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/atan.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/atan2.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/atanh.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/cbrt.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/ceil.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/copysign.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/cosh.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/exp.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/expm1.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/fabs.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/finite.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/floor.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/fmod.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/include/math.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/isnan.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/jerry-libm-internal.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/log.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/log10.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/log1p.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/log2.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/nextafter.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/pow.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/scalbn.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/sinh.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/sqrt.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/tanh.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-libm/trig.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-main/benchmarking.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-main/cli.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-main/cli.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-main/libfuzzer.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-main/main-options.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-main/main-options.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-main/main-unix-snapshot.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-main/main-unix-test.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-main/main-unix.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-main/main-utils.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-main/main-utils.h
Examining data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-date.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-debugger.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-external-context.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-fatal.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-io.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-module.c
Examining data/iotjs-1.0+715/deps/jerry/jerry-port/default/include/jerryscript-port-default.h
Examining data/iotjs-1.0+715/deps/jerry/targets/curie_bsp/include/inttypes.h
Examining data/iotjs-1.0+715/deps/jerry/targets/curie_bsp/include/setjmp.h
Examining data/iotjs-1.0+715/deps/jerry/targets/curie_bsp/jerry_app/arc/main.c
Examining data/iotjs-1.0+715/deps/jerry/targets/curie_bsp/jerry_app/include/project_mapping.h
Examining data/iotjs-1.0+715/deps/jerry/targets/curie_bsp/jerry_app/quark/main.c
Examining data/iotjs-1.0+715/deps/jerry/targets/curie_bsp/source/curie-bsp-port.c
Examining data/iotjs-1.0+715/deps/jerry/targets/esp8266/include/jerry_extapi.h
Examining data/iotjs-1.0+715/deps/jerry/targets/esp8266/include/jerry_run.h
Examining data/iotjs-1.0+715/deps/jerry/targets/esp8266/include/user_config.h
Examining data/iotjs-1.0+715/deps/jerry/targets/esp8266/user/jerry_extapi.c
Examining data/iotjs-1.0+715/deps/jerry/targets/esp8266/user/jerry_port.c
Examining data/iotjs-1.0+715/deps/jerry/targets/esp8266/user/jerry_run.c
Examining data/iotjs-1.0+715/deps/jerry/targets/esp8266/user/user_main.c
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/AnalogIn-js.h
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/DigitalOut-js.h
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/I2C-js.h
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/InterruptIn-js.h
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/PwmOut-js.h
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/lib_drivers.h
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/setInterval-js.h
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/setTimeout-js.h
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/AnalogIn-js.cpp
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/DigitalOut-js.cpp
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/I2C-js.cpp
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/InterruptIn-js.cpp
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/PwmOut-js.cpp
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/setInterval-js.cpp
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/setTimeout-js.cpp
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-event-loop/BoundCallback.h
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-event-loop/EventLoop.h
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-event-loop/source/EventLoop.cpp
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-launcher/launcher.h
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-launcher/setup.h
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-launcher/source/launcher.cpp
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-launcher/source/setup.cpp
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-library-registry/registry.h
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-library-registry/source/registry.cpp
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-library-registry/source/wrap_tools.cpp
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-library-registry/wrap_tools.h
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-util/js_source.h
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-util/logging.h
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-util/wrappers.h
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/source/jerry_port_mbed.c
Examining data/iotjs-1.0+715/deps/jerry/targets/mbedos5/tools/cmsis.h
Examining data/iotjs-1.0+715/deps/jerry/targets/nuttx-stm32f4/jerry_main.c
Examining data/iotjs-1.0+715/deps/jerry/targets/nuttx-stm32f4/jerry_port.c
Examining data/iotjs-1.0+715/deps/jerry/targets/nuttx-stm32f4/setjmp.h
Examining data/iotjs-1.0+715/deps/jerry/targets/particle/source/main.cpp
Examining data/iotjs-1.0+715/deps/jerry/targets/riot-stm32f4/source/main-riotos.c
Examining data/iotjs-1.0+715/deps/jerry/targets/zephyr/src/getline-zephyr.c
Examining data/iotjs-1.0+715/deps/jerry/targets/zephyr/src/getline-zephyr.h
Examining data/iotjs-1.0+715/deps/jerry/targets/zephyr/src/jerry-port.c
Examining data/iotjs-1.0+715/deps/jerry/targets/zephyr/src/main-zephyr.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-abort.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-api-binary-operations-arithmetics.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-api-binary-operations-comparisons.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-api-binary-operations-instanceof.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-api-errortype.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-api-promise.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-api-property.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-api-set-and-clear-error-flag.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-api-strings.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-api-value-type.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-api.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-arraybuffer.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-backtrace.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-common.h
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-container.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-context-data.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-dataview.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-date-helpers.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-exec-stop.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-external-string.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-has-property.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-internal-properties.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-jmem.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-json.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-lit-char-helpers.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-literal-storage.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-mem-stats.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-native-callback-nested.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-native-instanceof.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-newtarget.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-number-to-int32.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-number-to-string.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-objects-foreach.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-poolman.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-promise.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-proxy.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-regexp.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-regression-3588.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-resource-name.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-snapshot.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-string-to-number.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-stringbuilder.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-strings.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-symbol.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-to-integer.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-to-length.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-typedarray.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-unicode.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-ext/module/jerry-module-test.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-ext/module/my-broken-module.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-ext/module/my-custom-module.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-common.h
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-arg.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-autorelease.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-handle-scope-escape.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-handle-scope-handle-prelist-escape.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-handle-scope-handle-prelist.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-handle-scope-nested.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-handle-scope-remove.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-handle-scope-root.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-handle-scope.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-method-register.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-module-canonical.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-module-empty.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-libm/test-libm.c
Examining data/iotjs-1.0+715/deps/jerry/tests/unit-libm/test-libm.inc.h
Examining data/iotjs-1.0+715/deps/jerry/third-party/valgrind/memcheck.h
Examining data/iotjs-1.0+715/deps/jerry/third-party/valgrind/valgrind.h
Examining data/iotjs-1.0+715/deps/jerry/tools/unit-tests/gen-test-libm.c
Examining data/iotjs-1.0+715/deps/libtuv/include/android-ifaddrs.h
Examining data/iotjs-1.0+715/deps/libtuv/include/pthread-barrier.h
Examining data/iotjs-1.0+715/deps/libtuv/include/stdint-msvc2008.h
Examining data/iotjs-1.0+715/deps/libtuv/include/tree.h
Examining data/iotjs-1.0+715/deps/libtuv/include/tuv__debuglog.h
Examining data/iotjs-1.0+715/deps/libtuv/include/uv-aix.h
Examining data/iotjs-1.0+715/deps/libtuv/include/uv-bsd.h
Examining data/iotjs-1.0+715/deps/libtuv/include/uv-darwin.h
Examining data/iotjs-1.0+715/deps/libtuv/include/uv-errno.h
Examining data/iotjs-1.0+715/deps/libtuv/include/uv-linux.h
Examining data/iotjs-1.0+715/deps/libtuv/include/uv-nuttx.h
Examining data/iotjs-1.0+715/deps/libtuv/include/uv-os390.h
Examining data/iotjs-1.0+715/deps/libtuv/include/uv-sunos.h
Examining data/iotjs-1.0+715/deps/libtuv/include/uv-threadpool.h
Examining data/iotjs-1.0+715/deps/libtuv/include/uv-tizenrt.h
Examining data/iotjs-1.0+715/deps/libtuv/include/uv-unix.h
Examining data/iotjs-1.0+715/deps/libtuv/include/uv-version.h
Examining data/iotjs-1.0+715/deps/libtuv/include/uv-win.h
Examining data/iotjs-1.0+715/deps/libtuv/include/uv.h
Examining data/iotjs-1.0+715/deps/libtuv/src/fs-poll.c
Examining data/iotjs-1.0+715/deps/libtuv/src/heap-inl.h
Examining data/iotjs-1.0+715/deps/libtuv/src/inet.c
Examining data/iotjs-1.0+715/deps/libtuv/src/queue.h
Examining data/iotjs-1.0+715/deps/libtuv/src/threadpool.c
Examining data/iotjs-1.0+715/deps/libtuv/src/tuv_debuglog.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/android-ifaddrs.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/async.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/atomic-ops.h
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/core.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/darwin-proctitle.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/darwin.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/dl.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/freebsd.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/fs.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/fsevents.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/getaddrinfo.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/getnameinfo.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/internal.h
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/kqueue.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/linux-core.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/linux-inotify.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/linux-syscalls.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/linux-syscalls.h
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/loop-watcher.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/loop.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/netbsd.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/nuttx.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/openbsd.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/os390.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/pipe.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/poll.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/process.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/proctitle.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/pthread-barrier.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/pthread-fixes.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/signal.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/spinlock.h
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/stream.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/sunos.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/tcp.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/thread.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/timer.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/tizenrt.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/tty.c
Examining data/iotjs-1.0+715/deps/libtuv/src/unix/udp.c
Examining data/iotjs-1.0+715/deps/libtuv/src/uv-common.c
Examining data/iotjs-1.0+715/deps/libtuv/src/uv-common.h
Examining data/iotjs-1.0+715/deps/libtuv/src/version.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/async.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/atomicops-inl.h
Examining data/iotjs-1.0+715/deps/libtuv/src/win/core.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/detect-wakeup.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/dl.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/error.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/fs-event.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/fs.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/getaddrinfo.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/getnameinfo.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/handle-inl.h
Examining data/iotjs-1.0+715/deps/libtuv/src/win/handle.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/internal.h
Examining data/iotjs-1.0+715/deps/libtuv/src/win/loop-watcher.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/pipe.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/poll.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/process-stdio.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/process.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/req-inl.h
Examining data/iotjs-1.0+715/deps/libtuv/src/win/req.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/signal.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/snprintf.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/stream-inl.h
Examining data/iotjs-1.0+715/deps/libtuv/src/win/stream.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/tcp.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/thread.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/timer.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/tty.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/udp.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/util.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/winapi.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/winapi.h
Examining data/iotjs-1.0+715/deps/libtuv/src/win/winsock.c
Examining data/iotjs-1.0+715/deps/libtuv/src/win/winsock.h
Examining data/iotjs-1.0+715/deps/libtuv/test/echo_server.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/apiemul.h
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/apiemul_main.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/apiemul_socket.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/echo_server_raw.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/raw_main.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/raw_main.h
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/runner_main_raw.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/test_active_raw.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/test_async_raw.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/test_condvar_raw.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/test_idle_raw.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/test_shutdown_eof_raw.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/test_tcp_open_raw.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/test_threadpool_raw_queue_work_simple.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/test_timer_raw_again.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/test_timer_raw_huge_repeat.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/test_timer_raw_huge_timeout.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/test_timer_raw_init.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/test_timer_raw_norm.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/test_timer_raw_order.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/test_timer_raw_run_null_callback.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/test_timer_raw_run_once.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/test_timer_raw_start_twice.c
Examining data/iotjs-1.0+715/deps/libtuv/test/raw/test_walk_handles_raw.c
Examining data/iotjs-1.0+715/deps/libtuv/test/runner.h
Examining data/iotjs-1.0+715/deps/libtuv/test/runner_linux.c
Examining data/iotjs-1.0+715/deps/libtuv/test/runner_linux_raw.c
Examining data/iotjs-1.0+715/deps/libtuv/test/runner_list.h
Examining data/iotjs-1.0+715/deps/libtuv/test/runner_main.c
Examining data/iotjs-1.0+715/deps/libtuv/test/runner_nuttx.c
Examining data/iotjs-1.0+715/deps/libtuv/test/runner_tizenrt.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_active.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_async.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_condvar.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_cwd.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_error.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_fs.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_getaddrinfo.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_idle.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_ipc.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_pipe_bind_error.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_pipe_close_stdout_read_stdin.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_pipe_connect_error.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_pipe_connect_multiple.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_pipe_connect_prepare.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_pipe_getsockname.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_pipe_pending_instances.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_pipe_sendmsg.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_pipe_server_close.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_pipe_set_non_blocking.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_shutdown_eof.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_signal.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_tcp_open.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_threadpool.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_timer.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_timer_again.c
Examining data/iotjs-1.0+715/deps/libtuv/test/test_walk_handles.c
Examining data/iotjs-1.0+715/deps/mbedtls/configs/config-ccm-psk-tls1_2.h
Examining data/iotjs-1.0+715/deps/mbedtls/configs/config-mini-tls1_1.h
Examining data/iotjs-1.0+715/deps/mbedtls/configs/config-no-entropy.h
Examining data/iotjs-1.0+715/deps/mbedtls/configs/config-suite-b.h
Examining data/iotjs-1.0+715/deps/mbedtls/configs/config-thread.h
Examining data/iotjs-1.0+715/deps/mbedtls/doxygen/input/doc_encdec.h
Examining data/iotjs-1.0+715/deps/mbedtls/doxygen/input/doc_hashing.h
Examining data/iotjs-1.0+715/deps/mbedtls/doxygen/input/doc_mainpage.h
Examining data/iotjs-1.0+715/deps/mbedtls/doxygen/input/doc_rng.h
Examining data/iotjs-1.0+715/deps/mbedtls/doxygen/input/doc_ssltls.h
Examining data/iotjs-1.0+715/deps/mbedtls/doxygen/input/doc_tcpip.h
Examining data/iotjs-1.0+715/deps/mbedtls/doxygen/input/doc_x509.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aes.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aesni.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/arc4.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/asn1.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/asn1write.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/base64.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/bignum.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/blowfish.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/bn_mul.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/camellia.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ccm.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/certs.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/check_config.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/cipher.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/cipher_internal.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/cmac.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/compat-1.3.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/config.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ctr_drbg.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/debug.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/des.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/dhm.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ecdh.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ecdsa.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ecjpake.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ecp.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ecp_internal.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/entropy.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/entropy_poll.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/error.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/gcm.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/havege.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/hmac_drbg.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md2.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md4.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md5.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md_internal.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/memory_buffer_alloc.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/net.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/net_sockets.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/oid.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/padlock.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/pem.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/pk.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/pk_internal.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/pkcs11.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/pkcs12.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/pkcs5.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/platform.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/platform_time.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ripemd160.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/rsa.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/rsa_internal.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha1.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha256.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha512.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl_cache.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl_ciphersuites.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl_cookie.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl_internal.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl_ticket.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/threading.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/timing.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/version.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/x509.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/x509_crl.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/x509_crt.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/x509_csr.h
Examining data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/xtea.h
Examining data/iotjs-1.0+715/deps/mbedtls/library/aes.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/aesni.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/arc4.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/asn1parse.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/asn1write.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/base64.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/bignum.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/blowfish.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/camellia.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/ccm.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/certs.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/cipher.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/cipher_wrap.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/cmac.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/debug.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/des.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/dhm.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/ecdh.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/ecdsa.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/ecjpake.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/ecp.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/ecp_curves.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/entropy.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/entropy_poll.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/error.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/gcm.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/havege.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/hmac_drbg.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/md.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/md2.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/md4.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/md5.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/md_wrap.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/memory_buffer_alloc.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/net_sockets.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/oid.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/padlock.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/pem.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/pk.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/pk_wrap.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/pkcs11.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/pkcs12.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/pkcs5.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/pkparse.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/pkwrite.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/platform.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/ripemd160.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/rsa.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/rsa_internal.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/sha1.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/sha256.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/sha512.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/ssl_cache.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/ssl_ciphersuites.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/ssl_cli.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/ssl_cookie.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/ssl_ticket.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/threading.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/timing.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/version.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/version_features.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/x509.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/x509_create.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/x509_crl.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/x509_crt.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/x509_csr.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/x509write_crt.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/x509write_csr.c
Examining data/iotjs-1.0+715/deps/mbedtls/library/xtea.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/hash/generic_sum.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/hash/hello.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_client.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_genprime.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_server.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/pkey/ecdh_curve25519.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/pkey/ecdsa.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/pkey/gen_key.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/pkey/key_app.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/pkey/key_app_writer.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/pkey/mpi_demo.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_decrypt.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_encrypt.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_sign.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_verify.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_decrypt.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_encrypt.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_genkey.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_sign.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_sign_pss.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_verify.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_verify_pss.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/random/gen_entropy.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/random/gen_random_ctr_drbg.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/random/gen_random_havege.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/ssl/dtls_client.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/ssl/dtls_server.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/ssl/mini_client.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client1.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_fork_server.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_pthread_server.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/test/benchmark.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/test/selftest.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/test/ssl_cert_test.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/test/udp_proxy.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/util/pem2der.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/util/strerror.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/wince_main.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_app.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_req.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/x509/crl_app.c
Examining data/iotjs-1.0+715/deps/mbedtls/programs/x509/req_app.c
Examining data/iotjs-1.0+715/deps/mbedtls/yotta/data/entropy_hardware_poll.c
Examining data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-authcrypt/main.cpp
Examining data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-benchmark/main.cpp
Examining data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-hashing/main.cpp
Examining data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-selftest/main.cpp
Examining data/iotjs-1.0+715/deps/mbedtls/yotta/data/target_config.h
Examining data/iotjs-1.0+715/include/iotjs.h
Examining data/iotjs-1.0+715/include/node_api.h
Examining data/iotjs-1.0+715/include/node_api_types.h
Examining data/iotjs-1.0+715/src/internal/node_api_internal.h
Examining data/iotjs-1.0+715/src/internal/node_api_internal_types.h
Examining data/iotjs-1.0+715/src/iotjs.c
Examining data/iotjs-1.0+715/src/iotjs_binding.c
Examining data/iotjs-1.0+715/src/iotjs_binding.h
Examining data/iotjs-1.0+715/src/iotjs_binding_helper.c
Examining data/iotjs-1.0+715/src/iotjs_binding_helper.h
Examining data/iotjs-1.0+715/src/iotjs_compatibility.h
Examining data/iotjs-1.0+715/src/iotjs_debuglog.c
Examining data/iotjs-1.0+715/src/iotjs_debuglog.h
Examining data/iotjs-1.0+715/src/iotjs_def.h
Examining data/iotjs-1.0+715/src/iotjs_env.c
Examining data/iotjs-1.0+715/src/iotjs_env.h
Examining data/iotjs-1.0+715/src/iotjs_magic_strings.h
Examining data/iotjs-1.0+715/src/iotjs_module.c
Examining data/iotjs-1.0+715/src/iotjs_module.h
Examining data/iotjs-1.0+715/src/iotjs_string.c
Examining data/iotjs-1.0+715/src/iotjs_string.h
Examining data/iotjs-1.0+715/src/iotjs_string_ext.c
Examining data/iotjs-1.0+715/src/iotjs_string_ext.h
Examining data/iotjs-1.0+715/src/iotjs_util.c
Examining data/iotjs-1.0+715/src/iotjs_util.h
Examining data/iotjs-1.0+715/src/iotjs_uv_handle.c
Examining data/iotjs-1.0+715/src/iotjs_uv_handle.h
Examining data/iotjs-1.0+715/src/iotjs_uv_request.c
Examining data/iotjs-1.0+715/src/iotjs_uv_request.h
Examining data/iotjs-1.0+715/src/modules/iotjs_module_adc.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_adc.h
Examining data/iotjs-1.0+715/src/modules/iotjs_module_blehcisocket.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_blehcisocket.h
Examining data/iotjs-1.0+715/src/modules/iotjs_module_bridge.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_bridge.h
Examining data/iotjs-1.0+715/src/modules/iotjs_module_buffer.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_buffer.h
Examining data/iotjs-1.0+715/src/modules/iotjs_module_console.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_constants.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_crypto.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_crypto.h
Examining data/iotjs-1.0+715/src/modules/iotjs_module_dns.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_dynamicloader.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_fs.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_gpio.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_gpio.h
Examining data/iotjs-1.0+715/src/modules/iotjs_module_http_parser.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_i2c.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_i2c.h
Examining data/iotjs-1.0+715/src/modules/iotjs_module_mqtt.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_mqtt.h
Examining data/iotjs-1.0+715/src/modules/iotjs_module_periph_common.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_periph_common.h
Examining data/iotjs-1.0+715/src/modules/iotjs_module_process.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_pwm.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_pwm.h
Examining data/iotjs-1.0+715/src/modules/iotjs_module_spi.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_spi.h
Examining data/iotjs-1.0+715/src/modules/iotjs_module_stm32f4dis.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_stm32f4dis.h
Examining data/iotjs-1.0+715/src/modules/iotjs_module_stm32f7nucleo.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_stm32f7nucleo.h
Examining data/iotjs-1.0+715/src/modules/iotjs_module_tcp.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_tcp.h
Examining data/iotjs-1.0+715/src/modules/iotjs_module_timer.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_tizen.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_tls.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_tls.h
Examining data/iotjs-1.0+715/src/modules/iotjs_module_uart.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_uart.h
Examining data/iotjs-1.0+715/src/modules/iotjs_module_udp.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c
Examining data/iotjs-1.0+715/src/modules/iotjs_module_websocket.h
Examining data/iotjs-1.0+715/src/modules/linux/iotjs_module_adc-linux.c
Examining data/iotjs-1.0+715/src/modules/linux/iotjs_module_blehcisocket-linux.c
Examining data/iotjs-1.0+715/src/modules/linux/iotjs_module_gpio-linux.c
Examining data/iotjs-1.0+715/src/modules/linux/iotjs_module_i2c-linux.c
Examining data/iotjs-1.0+715/src/modules/linux/iotjs_module_pwm-linux.c
Examining data/iotjs-1.0+715/src/modules/linux/iotjs_module_spi-linux.c
Examining data/iotjs-1.0+715/src/modules/linux/iotjs_module_uart-linux.c
Examining data/iotjs-1.0+715/src/modules/mock/iotjs_module_gpio-mock.c
Examining data/iotjs-1.0+715/src/modules/mock/iotjs_module_i2c-mock.c
Examining data/iotjs-1.0+715/src/modules/mock/iotjs_module_pwm-mock.c
Examining data/iotjs-1.0+715/src/modules/nuttx/iotjs_module_adc-nuttx.c
Examining data/iotjs-1.0+715/src/modules/nuttx/iotjs_module_blehcisocket-nuttx.c
Examining data/iotjs-1.0+715/src/modules/nuttx/iotjs_module_gpio-nuttx.c
Examining data/iotjs-1.0+715/src/modules/nuttx/iotjs_module_i2c-nuttx.c
Examining data/iotjs-1.0+715/src/modules/nuttx/iotjs_module_pwm-nuttx.c
Examining data/iotjs-1.0+715/src/modules/nuttx/iotjs_module_spi-nuttx.c
Examining data/iotjs-1.0+715/src/modules/nuttx/iotjs_module_stm32f4dis-nuttx.c
Examining data/iotjs-1.0+715/src/modules/nuttx/iotjs_module_stm32f7nucleo-nuttx.c
Examining data/iotjs-1.0+715/src/modules/nuttx/iotjs_module_uart-nuttx.c
Examining data/iotjs-1.0+715/src/modules/tizen/iotjs_module_gpio-tizen.c
Examining data/iotjs-1.0+715/src/modules/tizen/iotjs_module_i2c-tizen.c
Examining data/iotjs-1.0+715/src/modules/tizen/iotjs_module_pwm-tizen.c
Examining data/iotjs-1.0+715/src/modules/tizen/iotjs_module_spi-tizen.c
Examining data/iotjs-1.0+715/src/modules/tizen/iotjs_module_tizen-tizen.c
Examining data/iotjs-1.0+715/src/modules/tizen/iotjs_module_uart-tizen.c
Examining data/iotjs-1.0+715/src/modules/tizenrt/iotjs_module_adc-tizenrt.c
Examining data/iotjs-1.0+715/src/modules/tizenrt/iotjs_module_gpio-tizenrt.c
Examining data/iotjs-1.0+715/src/modules/tizenrt/iotjs_module_i2c-tizenrt.c
Examining data/iotjs-1.0+715/src/modules/tizenrt/iotjs_module_pwm-tizenrt.c
Examining data/iotjs-1.0+715/src/modules/tizenrt/iotjs_module_spi-tizenrt.c
Examining data/iotjs-1.0+715/src/modules/tizenrt/iotjs_module_uart-tizenrt.c
Examining data/iotjs-1.0+715/src/napi/node_api.c
Examining data/iotjs-1.0+715/src/napi/node_api_async.c
Examining data/iotjs-1.0+715/src/napi/node_api_env.c
Examining data/iotjs-1.0+715/src/napi/node_api_function.c
Examining data/iotjs-1.0+715/src/napi/node_api_lifetime.c
Examining data/iotjs-1.0+715/src/napi/node_api_module.c
Examining data/iotjs-1.0+715/src/napi/node_api_object_wrap.c
Examining data/iotjs-1.0+715/src/napi/node_api_property.c
Examining data/iotjs-1.0+715/src/napi/node_api_value.c
Examining data/iotjs-1.0+715/src/platform/linux/iotjs_linux.c
Examining data/iotjs-1.0+715/src/platform/linux/iotjs_systemio-linux.c
Examining data/iotjs-1.0+715/src/platform/linux/iotjs_systemio-linux.h
Examining data/iotjs-1.0+715/src/platform/nuttx/iotjs_systemio-nuttx.c
Examining data/iotjs-1.0+715/src/platform/nuttx/iotjs_systemio-nuttx.h
Examining data/iotjs-1.0+715/src/platform/tizen/iotjs_tizen_service_app.c
Examining data/iotjs-1.0+715/src/platform/tizen/iotjs_tizen_service_app.h
Examining data/iotjs-1.0+715/src/platform/tizenrt/iotjs_main_tizenrt.c
Examining data/iotjs-1.0+715/test/external_modules/mymodule2/my_module.c
Examining data/iotjs-1.0+715/test/module_generator/test_c/test.c
Examining data/iotjs-1.0+715/test/module_generator/test_c/test.h
Examining data/iotjs-1.0+715/test/module_generator/test_cpp/test.cpp
Examining data/iotjs-1.0+715/test/module_generator/test_cpp/test.h
Examining data/iotjs-1.0+715/test/napi/common.h
Examining data/iotjs-1.0+715/test/napi/test_napi_arguments.c
Examining data/iotjs-1.0+715/test/napi/test_napi_array.c
Examining data/iotjs-1.0+715/test/napi/test_napi_async.c
Examining data/iotjs-1.0+715/test/napi/test_napi_buffer.c
Examining data/iotjs-1.0+715/test/napi/test_napi_construct.c
Examining data/iotjs-1.0+715/test/napi/test_napi_conversions.c
Examining data/iotjs-1.0+715/test/napi/test_napi_dataview.c
Examining data/iotjs-1.0+715/test/napi/test_napi_env_compare.c
Examining data/iotjs-1.0+715/test/napi/test_napi_env_store.c
Examining data/iotjs-1.0+715/test/napi/test_napi_error_handling.c
Examining data/iotjs-1.0+715/test/napi/test_napi_general.c
Examining data/iotjs-1.0+715/test/napi/test_napi_handle_scope.c
Examining data/iotjs-1.0+715/test/napi/test_napi_make_callback.c
Examining data/iotjs-1.0+715/test/napi/test_napi_object_wrap.c
Examining data/iotjs-1.0+715/test/napi/test_napi_promise.c
Examining data/iotjs-1.0+715/test/napi/test_napi_properties.c
Examining data/iotjs-1.0+715/test/napi/test_napi_reference.c
Examining data/iotjs-1.0+715/test/napi/test_napi_strictequal_and_instanceof.c
Examining data/iotjs-1.0+715/test/napi/test_napi_string.c
Examining data/iotjs-1.0+715/test/napi/test_napi_symbol.c
Examining data/iotjs-1.0+715/test/napi/test_napi_typedarray.c
Examining data/iotjs-1.0+715/tools/module_templates/basic_module_template/src/module.c
Examining data/iotjs-1.0+715/tools/module_templates/shared_module_template/src/module_entry.c

FINAL RESULTS:

data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-module.c:148:3:  [5] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is high; the length parameter
  appears to be a constant, instead of computing the number of characters
  left.
  strncat (path_p, in_path_p, MAX_JERRY_PATH_SIZE);
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:813:10:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
    rc = readlink(cwd, readlink_cwd, sizeof(readlink_cwd) - 1);
data/iotjs-1.0+715/deps/libtuv/src/unix/freebsd.c:85:18:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
  abspath_size = readlink("/proc/curproc/file", abspath, sizeof(abspath));
data/iotjs-1.0+715/deps/libtuv/src/unix/linux-core.c:474:9:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
    n = readlink("/proc/self/exe", buffer, n);
data/iotjs-1.0+715/deps/libtuv/src/unix/sunos.c:339:11:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
    res = readlink(buf, buffer, res);
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:1844:15:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
    XX(CHMOD, chmod)
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:1856:18:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
    XX(READLINK, readlink)
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:1858:15:  [5] (race) chown:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchown( ) instead.
    XX(CHOWN, chown)
data/iotjs-1.0+715/config/nuttx/stm32f4dis/app/jerry_port.c:86:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(out_buf_p, in_path_p);
data/iotjs-1.0+715/deps/http-parser/test.c:3267:20:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
  size_t buf1len = sprintf(buf1, "%s\r\nConnection: Keep-Alive\r\nContent-Length: %lu\r\n\r\n",
data/iotjs-1.0+715/deps/http-parser/test.c:3304:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(total, r1->raw);
data/iotjs-1.0+715/deps/http-parser/test.c:3305:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(total, r2->raw);
data/iotjs-1.0+715/deps/http-parser/test.c:3306:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(total, r3->raw);
data/iotjs-1.0+715/deps/http-parser/test.c:3357:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(total, r1->raw);
data/iotjs-1.0+715/deps/http-parser/test.c:3358:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(total, r2->raw);
data/iotjs-1.0+715/deps/http-parser/test.c:3359:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(total, r3->raw);
data/iotjs-1.0+715/deps/http-parser/test.c:3707:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buf, "%s / HTTP/1.1\r\n\r\n", *this_method);
data/iotjs-1.0+715/deps/http-parser/test.c:3727:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buf, "%s / HTTP/1.1\r\n\r\n", *this_method);
data/iotjs-1.0+715/deps/jerry/jerry-core/include/jerryscript-port.h:108:25:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
void JERRY_ATTR_FORMAT (printf, 2, 3) jerry_port_log (jerry_log_level_t level, const char *format, ...);
data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-io.c:88:18:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    int length = vsnprintf (NULL, 0, format, args);
data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-io.c:93:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf (buffer, (size_t) length + 1, format, args);
data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-io.c:98:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf (stderr, format, args);
data/iotjs-1.0+715/deps/jerry/targets/curie_bsp/source/curie-bsp-port.c:38:14:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    length = vsnprintf (buf, 256, format, args);
data/iotjs-1.0+715/deps/jerry/targets/esp8266/user/jerry_port.c:37:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf (stderr, format, args);
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-util/logging.h:21:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define LOG_PRINT(...) printf(__VA_ARGS__)
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-util/logging.h:26:31:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define LOG_PRINT_ALWAYS(...) printf(__VA_ARGS__)
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/source/jerry_port_mbed.c:38:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf (stderr, format, args);
data/iotjs-1.0+715/deps/jerry/targets/nuttx-stm32f4/jerry_port.c:57:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf (stderr, format, args);
data/iotjs-1.0+715/deps/jerry/targets/nuttx-stm32f4/jerry_port.c:149:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy (out_buf_p, in_path_p);
data/iotjs-1.0+715/deps/jerry/targets/zephyr/src/jerry-port.c:35:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf (stderr, format, args);
data/iotjs-1.0+715/deps/libtuv/include/tuv__debuglog.h:53:7:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
      fprintf(tuv_log_stream, __VA_ARGS__); \
data/iotjs-1.0+715/deps/libtuv/src/inet.c:69:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  l = snprintf(tmp, sizeof(tmp), fmt, src[0], src[1], src[2], src[3]);
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:381:13:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        if (access(abspath, X_OK) == 0) {
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:447:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(rawbuf, cp);
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:450:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(rawbuf, dp+1);
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:610:3:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
  strcat(mon_file, filename);
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:718:13:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function.
        if (sscanf(p, "BEGIN_EVPROD_INFO\n%sEND_EVPROD_INFO", filename) == 1) {
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:974:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(cpu_id.name, FIRST_CPU);
data/iotjs-1.0+715/deps/libtuv/src/unix/linux-inotify.c:247:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  w->path = strcpy((char*)(w + 1), path);
data/iotjs-1.0+715/deps/libtuv/src/unix/process.c:401:3:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  execvp(options->file, options->args);
data/iotjs-1.0+715/deps/libtuv/src/uv-common.h:59:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#if !defined(snprintf) && defined(_MSC_VER) && _MSC_VER < 1900
data/iotjs-1.0+715/deps/libtuv/src/uv-common.h:60:12:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
extern int snprintf(char*, size_t, const char*, ...);
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:389:9:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  DWORD access;
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:418:5:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    access &= ~FILE_WRITE_DATA;
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:419:5:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    access |= FILE_APPEND_DATA;
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:462:5:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    access |= DELETE;
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:486:22:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                     access,
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:1843:16:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    XX(ACCESS, access)
data/iotjs-1.0+715/deps/libtuv/src/win/internal.h:174:68:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
int uv_stdio_pipe_server(uv_loop_t* loop, uv_pipe_t* handle, DWORD access,
data/iotjs-1.0+715/deps/libtuv/src/win/pipe.c:195:68:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
int uv_stdio_pipe_server(uv_loop_t* loop, uv_pipe_t* handle, DWORD access,
data/iotjs-1.0+715/deps/libtuv/src/win/pipe.c:205:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
      access | FILE_FLAG_OVERLAPPED | FILE_FLAG_FIRST_PIPE_INSTANCE,
data/iotjs-1.0+715/deps/libtuv/src/win/pipe.c:1907:27:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  FILE_ACCESS_INFORMATION access;
data/iotjs-1.0+715/deps/libtuv/src/win/pipe.c:1937:40:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                                      &access,
data/iotjs-1.0+715/deps/libtuv/src/win/pipe.c:1938:46:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                                      sizeof(access),
data/iotjs-1.0+715/deps/libtuv/src/win/pipe.c:1944:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    if (!(access.AccessFlags & FILE_WRITE_DATA) ||
data/iotjs-1.0+715/deps/libtuv/src/win/pipe.c:1945:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
        !(access.AccessFlags & FILE_READ_DATA)) {
data/iotjs-1.0+715/deps/libtuv/src/win/pipe.c:1950:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (access.AccessFlags & FILE_WRITE_DATA)
data/iotjs-1.0+715/deps/libtuv/src/win/pipe.c:1952:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (access.AccessFlags & FILE_READ_DATA)
data/iotjs-1.0+715/deps/libtuv/src/win/process-stdio.c:240:11:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    DWORD access) {
data/iotjs-1.0+715/deps/libtuv/src/win/process-stdio.c:249:24:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                       access,
data/iotjs-1.0+715/deps/libtuv/src/win/process-stdio.c:317:39:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
                                      access);
data/iotjs-1.0+715/deps/libtuv/src/win/process.c:589:7:  [4] (buffer) wcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
      wcscpy(pos, temp_buffer);
data/iotjs-1.0+715/deps/libtuv/src/win/process.c:791:9:  [4] (buffer) wcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
        wcscpy(ptr, required_vars[i].wide_eq);
data/iotjs-1.0+715/deps/libtuv/src/win/snprintf.c:30:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
int snprintf(char* buf, size_t len, const char* fmt, ...) {
data/iotjs-1.0+715/deps/libtuv/src/win/winapi.h:4481:50:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
# define CTL_CODE(device_type, function, method, access)                      \
data/iotjs-1.0+715/deps/libtuv/src/win/winapi.h:4482:32:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
    (((device_type) << 16) | ((access) << 14) | ((function) << 2) | (method))
data/iotjs-1.0+715/deps/libtuv/test/runner.h:99:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(stderr,                                       \
data/iotjs-1.0+715/deps/libtuv/test/runner.h:111:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(stderr,                                       \
data/iotjs-1.0+715/deps/libtuv/test/runner.h:122:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(stderr,                                       \
data/iotjs-1.0+715/deps/libtuv/test/runner_linux.c:114:5:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    execvp(args[0], (char* const*)args);
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:1023:5:  [4] (buffer) wcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
    wcscat(command_line, test_output[i]);
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:1449:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(file, exepath + len);
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:1452:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(path + 5, exepath);
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/platform.h:57:41:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define MBEDTLS_PLATFORM_STD_SNPRINTF   snprintf /**< The default \c snprintf function to use.  */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/platform.h:61:39:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define MBEDTLS_PLATFORM_STD_PRINTF   printf /**< The default \c printf function to use. */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/platform.h:64:38:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define MBEDTLS_PLATFORM_STD_FPRINTF fprintf /**< The default \c fprintf function to use. */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/platform.h:155:28:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf    fprintf
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/platform.h:178:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/platform.h:213:28:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define mbedtls_snprintf   snprintf
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:51:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/iotjs-1.0+715/deps/mbedtls/library/arc4.c:44:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/iotjs-1.0+715/deps/mbedtls/library/base64.c:40:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/iotjs-1.0+715/deps/mbedtls/library/bignum.c:56:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:45:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/iotjs-1.0+715/deps/mbedtls/library/ccm.c:48:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:64:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:48:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/iotjs-1.0+715/deps/mbedtls/library/debug.c:37:29:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define mbedtls_snprintf    snprintf
data/iotjs-1.0+715/deps/mbedtls/library/debug.c:105:11:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    ret = vsnprintf( str, DEBUG_BUF_SIZE, format, argp );
data/iotjs-1.0+715/deps/mbedtls/library/des.c:45:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/iotjs-1.0+715/deps/mbedtls/library/dhm.c:55:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/library/ecjpake.c:777:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/library/ecp.c:63:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/library/entropy.c:54:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/library/error.c:36:26:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define mbedtls_snprintf snprintf
data/iotjs-1.0+715/deps/mbedtls/library/gcm.c:54:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/iotjs-1.0+715/deps/mbedtls/library/hmac_drbg.c:49:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/iotjs-1.0+715/deps/mbedtls/library/md2.c:45:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/iotjs-1.0+715/deps/mbedtls/library/md4.c:45:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/iotjs-1.0+715/deps/mbedtls/library/md5.c:44:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/iotjs-1.0+715/deps/mbedtls/library/oid.c:41:26:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define mbedtls_snprintf snprintf
data/iotjs-1.0+715/deps/mbedtls/library/pkcs5.c:51:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/iotjs-1.0+715/deps/mbedtls/library/ripemd160.c:45:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:66:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/iotjs-1.0+715/deps/mbedtls/library/sha1.c:44:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/iotjs-1.0+715/deps/mbedtls/library/sha256.c:45:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/iotjs-1.0+715/deps/mbedtls/library/sha512.c:51:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/iotjs-1.0+715/deps/mbedtls/library/timing.c:32:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/library/timing.c:146:33:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
#warning OpenBSD does not allow access to tick register using software version instead
data/iotjs-1.0+715/deps/mbedtls/library/x509.c:58:27:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf    printf
data/iotjs-1.0+715/deps/mbedtls/library/x509.c:59:27:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define mbedtls_snprintf  snprintf
data/iotjs-1.0+715/deps/mbedtls/library/x509_crl.c:56:28:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define mbedtls_snprintf   snprintf
data/iotjs-1.0+715/deps/mbedtls/library/x509_crt.c:56:28:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define mbedtls_snprintf   snprintf
data/iotjs-1.0+715/deps/mbedtls/library/x509_csr.c:56:28:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define mbedtls_snprintf   snprintf
data/iotjs-1.0+715/deps/mbedtls/library/xtea.c:39:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:32:28:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf    fprintf
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:33:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c:33:28:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf    fprintf
data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c:34:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/hash/generic_sum.c:32:28:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf    fprintf
data/iotjs-1.0+715/deps/mbedtls/programs/hash/generic_sum.c:33:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/hash/hello.c:33:30:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf       printf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_client.c:32:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_genprime.c:33:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_server.c:32:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/ecdh_curve25519.c:32:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/ecdsa.c:32:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/gen_key.c:32:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/key_app.c:32:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/key_app_writer.c:32:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/mpi_demo.c:32:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_decrypt.c:32:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_encrypt.c:32:28:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf    fprintf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_encrypt.c:33:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_sign.c:32:28:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define mbedtls_snprintf   snprintf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_sign.c:33:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_verify.c:32:28:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define mbedtls_snprintf   snprintf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_verify.c:33:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_decrypt.c:33:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_encrypt.c:33:28:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf    fprintf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_encrypt.c:34:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_genkey.c:32:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_sign.c:32:28:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf    fprintf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_sign.c:33:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_sign.c:34:28:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define mbedtls_snprintf   snprintf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_sign_pss.c:32:28:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define mbedtls_snprintf   snprintf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_sign_pss.c:33:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_verify.c:32:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_verify.c:33:28:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define mbedtls_snprintf   snprintf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_verify_pss.c:32:28:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define mbedtls_snprintf   snprintf
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_verify_pss.c:33:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/random/gen_entropy.c:32:28:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf    fprintf
data/iotjs-1.0+715/deps/mbedtls/programs/random/gen_entropy.c:33:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/random/gen_random_ctr_drbg.c:32:28:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf    fprintf
data/iotjs-1.0+715/deps/mbedtls/programs/random/gen_random_ctr_drbg.c:33:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/random/gen_random_havege.c:32:28:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf    fprintf
data/iotjs-1.0+715/deps/mbedtls/programs/random/gen_random_havege.c:33:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/dtls_client.c:32:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/dtls_client.c:33:28:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf    fprintf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/dtls_server.c:32:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/dtls_server.c:33:28:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf    fprintf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/mini_client.c:51:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf printf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client1.c:35:28:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf    fprintf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client1.c:36:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client1.c:233:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    len = sprintf( (char *) buf, GET_REQUEST );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:35:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:36:28:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf    fprintf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:37:28:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define mbedtls_snprintf   snprintf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_fork_server.c:32:28:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf    fprintf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_fork_server.c:33:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_fork_server.c:363:15:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
        len = sprintf( (char *) buf, HTTP_RESPONSE,
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:35:28:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf    fprintf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:36:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:649:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        len = sprintf( (char *) buf, "EHLO %s\r\n", hostname );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:675:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        len = sprintf( (char *) buf, "EHLO %s\r\n", hostname );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:729:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        len = sprintf( (char *) buf, "%s\r\n", base );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:749:15:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        len = sprintf( (char *) buf, "%s\r\n", base );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:764:11:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    len = sprintf( (char *) buf, "MAIL FROM:<%s>\r\n", opt.mail_from );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:777:11:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    len = sprintf( (char *) buf, "RCPT TO:<%s>\r\n", opt.mail_to );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:803:11:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    len = sprintf( (char *) buf, "From: %s\r\nSubject: mbed TLS Test mail\r\n\r\n"
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_pthread_server.c:33:28:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf    fprintf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_pthread_server.c:34:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_pthread_server.c:35:28:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define mbedtls_snprintf   snprintf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_pthread_server.c:214:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    len = sprintf( (char *) buf, HTTP_RESPONSE,
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server.c:35:28:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf    fprintf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server.c:36:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server.c:329:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    len = sprintf( (char *) buf, HTTP_RESPONSE,
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:37:28:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf    fprintf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:38:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1119:17:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
            if( sscanf( q, "%" SCNu64, &opt.renego_period ) != 1 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:2371:11:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    len = sprintf( (char *) buf, HTTP_RESPONSE,
data/iotjs-1.0+715/deps/mbedtls/programs/test/benchmark.c:33:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/test/benchmark.c:34:28:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define mbedtls_snprintf   snprintf
data/iotjs-1.0+715/deps/mbedtls/programs/test/selftest.c:64:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/test/selftest.c:65:28:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define mbedtls_snprintf   snprintf
data/iotjs-1.0+715/deps/mbedtls/programs/test/ssl_cert_test.c:32:28:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define mbedtls_snprintf   snprintf
data/iotjs-1.0+715/deps/mbedtls/programs/test/ssl_cert_test.c:33:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/test/udp_proxy.c:42:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/util/pem2der.c:34:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/util/strerror.c:32:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_app.c:35:28:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_fprintf    fprintf
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_app.c:36:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_req.c:32:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c:32:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/x509/crl_app.c:32:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/programs/x509/req_app.c:32:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-benchmark/main.cpp:44:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-benchmark/main.cpp:45:28:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define mbedtls_snprintf   snprintf
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-benchmark/main.cpp:162:34:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#if defined _MSC_VER && !defined snprintf
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-benchmark/main.cpp:163:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _snprintf
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-benchmark/main.cpp:163:18:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _snprintf
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-selftest/main.cpp:60:28:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define mbedtls_printf     printf
data/iotjs-1.0+715/src/iotjs_debuglog.h:46:3:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  fprintf(iotjs_log_stream, __VA_ARGS__);                      \
data/iotjs-1.0+715/src/iotjs_env.c:291:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(stderr, CLI_DEFAULT_HELP_STRING);
data/iotjs-1.0+715/src/iotjs_util.c:145:9:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    if (system(command)) {
data/iotjs-1.0+715/src/modules/linux/iotjs_module_gpio-linux.c:153:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  snprintf(direction_path, GPIO_PATH_BUFFER_SIZE, GPIO_PIN_FORMAT_DIRECTION,
data/iotjs-1.0+715/src/modules/linux/iotjs_module_gpio-linux.c:172:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  snprintf(edge_path, GPIO_PATH_BUFFER_SIZE, GPIO_PIN_FORMAT_EDGE, gpio->pin);
data/iotjs-1.0+715/src/modules/linux/iotjs_module_gpio-linux.c:177:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(value_path, GPIO_PATH_BUFFER_SIZE, GPIO_PIN_FORMAT_VALUE,
data/iotjs-1.0+715/src/modules/linux/iotjs_module_gpio-linux.c:214:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  snprintf(value_path, GPIO_PATH_BUFFER_SIZE, GPIO_PIN_FORMAT_VALUE, gpio->pin);
data/iotjs-1.0+715/src/modules/linux/iotjs_module_gpio-linux.c:227:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  snprintf(value_path, GPIO_PATH_BUFFER_SIZE, GPIO_PIN_FORMAT_VALUE, gpio->pin);
data/iotjs-1.0+715/src/modules/linux/iotjs_module_gpio-linux.c:257:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  snprintf(exported_path, GPIO_PATH_BUFFER_SIZE, GPIO_PIN_FORMAT, gpio->pin);
data/iotjs-1.0+715/src/modules/linux/iotjs_module_pwm-linux.c:115:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  if (snprintf(path, PWM_PATH_BUFFER_SIZE, PWM_PIN_FORMAT, platform_data->chip,
data/iotjs-1.0+715/src/modules/linux/iotjs_module_pwm-linux.c:126:5:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    snprintf(export_path, PWM_PATH_BUFFER_SIZE, PWM_EXPORT,
data/iotjs-1.0+715/src/modules/linux/iotjs_module_pwm-linux.c:236:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  if (snprintf(path, PWM_PATH_BUFFER_SIZE, PWM_PIN_FORMAT, platform_data->chip,
data/iotjs-1.0+715/src/modules/linux/iotjs_module_pwm-linux.c:244:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    if (snprintf(unexport_path, PWM_PATH_BUFFER_SIZE, PWM_UNEXPORT,
data/iotjs-1.0+715/src/modules/nuttx/iotjs_module_adc-nuttx.c:59:3:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  snprintf(buffer, ADC_DEVICE_PATH_BUFFER_SIZE - 1, ADC_DEVICE_PATH_FORMAT,
data/iotjs-1.0+715/src/modules/nuttx/iotjs_module_pwm-nuttx.c:87:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  if (snprintf(path, PWM_DEVICE_PATH_BUFFER_SIZE, PWM_DEVICE_PATH_FORMAT,
data/iotjs-1.0+715/src/modules/nuttx/iotjs_module_pwm-nuttx.c:92:7:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
  if (access(path, F_OK) != 0) {
data/iotjs-1.0+715/src/modules/nuttx/iotjs_module_pwm-nuttx.c:169:7:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
  if (snprintf(path, PWM_DEVICE_PATH_BUFFER_SIZE - 1, PWM_DEVICE_PATH_FORMAT,
data/iotjs-1.0+715/src/platform/tizenrt/iotjs_main_tizenrt.c:167:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(out_buf_p, in_path_p);
data/iotjs-1.0+715/deps/jerry/jerry-main/libfuzzer.c:22:3:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  srand (0);
data/iotjs-1.0+715/deps/jerry/jerry-main/main-unix-test.c:220:3:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  srand (now.u);
data/iotjs-1.0+715/deps/jerry/jerry-main/main-unix.c:57:3:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  srand (now.u);
data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-module.c:150:18:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
  char *norm_p = realpath (path_p, buffer_p);
data/iotjs-1.0+715/deps/jerry/targets/curie_bsp/jerry_app/quark/main.c:140:3:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  srand (now.u);
data/iotjs-1.0+715/deps/jerry/targets/esp8266/user/jerry_run.c:30:3:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  srand (now.u);
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-launcher/source/launcher.cpp:72:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand (now.u);
data/iotjs-1.0+715/deps/jerry/targets/riot-stm32f4/source/main-riotos.c:102:3:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  srand (now.u);
data/iotjs-1.0+715/deps/jerry/targets/zephyr/src/main-zephyr.c:83:3:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  srand (now.u);
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-common.h:73:3:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  srand (now.u); \
data/iotjs-1.0+715/deps/libtuv/include/uv-darwin.h:47:9:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
  char* realpath;                                                             \
data/iotjs-1.0+715/deps/libtuv/src/threadpool.c:172:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  val = getenv("UV_THREADPOOL_SIZE");
data/iotjs-1.0+715/deps/libtuv/src/tuv_debuglog.c:39:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  dbglevel = getenv("TUV_DEBUG_LEVEL");
data/iotjs-1.0+715/deps/libtuv/src/tuv_debuglog.c:40:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  dbglogfile = getenv("TUV_DEBUG_LOGFILE");
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:349:9:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
    if (realpath(args, abspath) != abspath)
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:367:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    char *path = getenv("PATH");
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:379:11:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
      if (realpath(trypath, abspath) == abspath) {
data/iotjs-1.0+715/deps/libtuv/src/unix/darwin.c:81:7:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
  if (realpath(exepath, abspath) != abspath)
data/iotjs-1.0+715/deps/libtuv/src/unix/fsevents.c:256:33:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
      if (strncmp(path, handle->realpath, handle->realpath_len) != 0)
data/iotjs-1.0+715/deps/libtuv/src/unix/fsevents.c:259:48:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
      if (handle->realpath_len > 1 || *handle->realpath != '/') {
data/iotjs-1.0+715/deps/libtuv/src/unix/fsevents.c:446:20:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
      assert(curr->realpath != NULL);
data/iotjs-1.0+715/deps/libtuv/src/unix/fsevents.c:448:67:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
          pCFStringCreateWithFileSystemRepresentation(NULL, curr->realpath);
data/iotjs-1.0+715/deps/libtuv/src/unix/fsevents.c:803:22:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
  handle->realpath = realpath(handle->path, NULL);
data/iotjs-1.0+715/deps/libtuv/src/unix/fsevents.c:806:41:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
  handle->realpath_len = strlen(handle->realpath);
data/iotjs-1.0+715/deps/libtuv/src/unix/fsevents.c:855:20:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
  uv__free(handle->realpath);
data/iotjs-1.0+715/deps/libtuv/src/unix/fsevents.c:897:20:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
  uv__free(handle->realpath);
data/iotjs-1.0+715/deps/libtuv/src/unix/tcp.c:269:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    const char* val = getenv("UV_TCP_SINGLE_ACCEPT");
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:1857:18:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
    XX(REALPATH, realpath)
data/iotjs-1.0+715/deps/libtuv/src/win/signal.c:38:3:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
  InitializeCriticalSection(&uv__signal_lock);
data/iotjs-1.0+715/deps/libtuv/src/win/signal.c:73:3:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
  EnterCriticalSection(&uv__signal_lock);
data/iotjs-1.0+715/deps/libtuv/src/win/signal.c:248:3:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
  EnterCriticalSection(&uv__signal_lock);
data/iotjs-1.0+715/deps/libtuv/src/win/signal.c:290:3:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
  EnterCriticalSection(&uv__signal_lock);
data/iotjs-1.0+715/deps/libtuv/src/win/thread.c:196:3:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
  InitializeCriticalSection(mutex);
data/iotjs-1.0+715/deps/libtuv/src/win/thread.c:207:3:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
  EnterCriticalSection(mutex);
data/iotjs-1.0+715/deps/libtuv/src/win/thread.c:232:3:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
  InitializeCriticalSection(&rwlock->state_.num_readers_lock_);
data/iotjs-1.0+715/deps/libtuv/src/win/thread.c:249:3:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
  EnterCriticalSection(&rwlock->state_.num_readers_lock_);
data/iotjs-1.0+715/deps/libtuv/src/win/thread.c:298:3:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
  EnterCriticalSection(&rwlock->state_.num_readers_lock_);
data/iotjs-1.0+715/deps/libtuv/src/win/thread.c:387:3:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
  InitializeCriticalSection(&cond->fallback.waiters_count_lock);
data/iotjs-1.0+715/deps/libtuv/src/win/thread.c:461:3:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
  EnterCriticalSection(&cond->fallback.waiters_count_lock);
data/iotjs-1.0+715/deps/libtuv/src/win/thread.c:487:3:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
  EnterCriticalSection(&cond->fallback.waiters_count_lock);
data/iotjs-1.0+715/deps/libtuv/src/win/thread.c:519:3:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
  EnterCriticalSection(&cond->fallback.waiters_count_lock);
data/iotjs-1.0+715/deps/libtuv/src/win/thread.c:532:3:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
  EnterCriticalSection(&cond->fallback.waiters_count_lock);
data/iotjs-1.0+715/deps/libtuv/src/win/util.c:81:3:  [3] (misc) InitializeCriticalSection:
  Exceptions can be thrown in low-memory situations. Use
  InitializeCriticalSectionAndSpinCount instead.
  InitializeCriticalSection(&process_title_lock);
data/iotjs-1.0+715/deps/libtuv/src/win/util.c:395:3:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
  EnterCriticalSection(&process_title_lock);
data/iotjs-1.0+715/deps/libtuv/src/win/util.c:430:3:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
  EnterCriticalSection(&process_title_lock);
data/iotjs-1.0+715/deps/libtuv/test/runner_linux.c:67:7:  [3] (buffer) realpath:
  This function does not protect against buffer overflows, and some
  implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
  destination buffer is at least of size MAXPATHLEN, andto protect against
  implementation problems, the input argument should also be checked to
  ensure it is no larger than MAXPATHLEN.
  if (realpath(argv[0], executable_path) == NULL) {
data/iotjs-1.0+715/deps/libtuv/test/runner_linux.c:505:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    test = getenv("ENV_TEST");
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:1186:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  char *path = getenv("PATH");
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:1455:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  env[1] = getenv(dyld_path_var);
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:221:43:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
                     const unsigned char *random, size_t rlen,
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:253:53:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        if( ( ret = mbedtls_sha1_update_ret( &sha1, random, rlen ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:282:43:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
                     const unsigned char *random, size_t rlen,
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:305:28:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    memcpy( tmp + 20 + nb, random, rlen );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:381:50:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
                            const unsigned char *random, size_t rlen,
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:404:32:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    memcpy( tmp + md_len + nb, random, rlen );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:444:49:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
                           const unsigned char *random, size_t rlen,
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:448:37:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
                             label, random, rlen, dstbuf, dlen ) );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:455:49:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
                           const unsigned char *random, size_t rlen,
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:459:37:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
                             label, random, rlen, dstbuf, dlen ) );
data/iotjs-1.0+715/deps/mbedtls/programs/test/udp_proxy.c:498:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand( opt.seed );
data/iotjs-1.0+715/src/iotjs.c:295:3:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  srand((unsigned)jerry_port_get_current_time());
data/iotjs-1.0+715/src/iotjs_debuglog.c:40:14:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  dbglevel = getenv("IOTJS_DEBUG_LEVEL");
data/iotjs-1.0+715/src/iotjs_debuglog.c:41:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  dbglogfile = getenv("IOTJS_DEBUG_LOGFILE");
data/iotjs-1.0+715/src/modules/iotjs_module_dynamicloader.c:32:22:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
  HINSTANCE handle = LoadLibrary(iotjs_string_data(&location));
data/iotjs-1.0+715/src/modules/iotjs_module_process.c:260:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  homedir = getenv(IOTJS_MAGIC_STRING_HOME_U);
data/iotjs-1.0+715/src/modules/iotjs_module_process.c:265:15:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  iotjspath = getenv(IOTJS_MAGIC_STRING_IOTJS_PATH_U);
data/iotjs-1.0+715/src/modules/iotjs_module_process.c:282:23:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  extra_module_path = getenv(IOTJS_MAGIC_STRING_IOTJS_EXTRA_MODULE_PATH_U);
data/iotjs-1.0+715/src/modules/iotjs_module_process.c:283:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  working_dir_path = getenv(IOTJS_MAGIC_STRING_IOTJS_WORKING_DIR_PATH_U);
data/iotjs-1.0+715/config/nuttx/stm32f4dis/app/jerry_port.c:122:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *file_p = fopen(file_name_p, "rb");
data/iotjs-1.0+715/config/tizen/template/IoTjsApp/project/src/main.c:55:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ad[50] = {0,};
data/iotjs-1.0+715/deps/http-parser/contrib/parsertrace.c:111:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE* file = fopen(filename, "r");
data/iotjs-1.0+715/deps/http-parser/http_parser.c:189:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char tokens[256] = {
data/iotjs-1.0+715/deps/http-parser/test.c:54:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char response_status[MAX_ELEMENT_SIZE];
data/iotjs-1.0+715/deps/http-parser/test.c:55:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char request_path[MAX_ELEMENT_SIZE];
data/iotjs-1.0+715/deps/http-parser/test.c:56:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char request_url[MAX_ELEMENT_SIZE];
data/iotjs-1.0+715/deps/http-parser/test.c:57:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fragment[MAX_ELEMENT_SIZE];
data/iotjs-1.0+715/deps/http-parser/test.c:58:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char query_string[MAX_ELEMENT_SIZE];
data/iotjs-1.0+715/deps/http-parser/test.c:59:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char body[MAX_ELEMENT_SIZE];
data/iotjs-1.0+715/deps/http-parser/test.c:66:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char headers [MAX_HEADERS][2][MAX_ELEMENT_SIZE];
data/iotjs-1.0+715/deps/http-parser/test.c:1728:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst + dlen, src, ncpy);
data/iotjs-1.0+715/deps/http-parser/test.c:1752:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, ncpy);
data/iotjs-1.0+715/deps/http-parser/test.c:2268:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ubuf[256];                                                    \
data/iotjs-1.0+715/deps/http-parser/test.c:2271:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ubuf, (found)->request_url + (u)->field_data[(fn)].off,   \
data/iotjs-1.0+715/deps/http-parser/test.c:3266:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf1[3000];
data/iotjs-1.0+715/deps/http-parser/test.c:3297:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char total[ strlen(r1->raw)
data/iotjs-1.0+715/deps/http-parser/test.c:3352:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char total[80*1024] = "\0";
data/iotjs-1.0+715/deps/http-parser/test.c:3353:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf1[80*1024] = "\0";
data/iotjs-1.0+715/deps/http-parser/test.c:3354:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf2[80*1024] = "\0";
data/iotjs-1.0+715/deps/http-parser/test.c:3355:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf3[80*1024] = "\0";
data/iotjs-1.0+715/deps/http-parser/test.c:3477:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, headers, headers_len);
data/iotjs-1.0+715/deps/http-parser/test.c:3482:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf + wrote, "400\r\n", 5);
data/iotjs-1.0+715/deps/http-parser/test.c:3486:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(buf + wrote, "\r\n");
data/iotjs-1.0+715/deps/http-parser/test.c:3490:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf + wrote, "0\r\n\r\n", 6);
data/iotjs-1.0+715/deps/http-parser/test.c:3706:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[200];
data/iotjs-1.0+715/deps/http-parser/test.c:3726:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[200];
data/iotjs-1.0+715/deps/jerry/jerry-core/api/jerry-debugger-transport.c:170:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (payload_p, message_p, fragment_length);
data/iotjs-1.0+715/deps/jerry/jerry-core/api/jerry-snapshot.c:114:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (buffer_p + *in_out_buffer_offset_p, data_p, data_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/api/jerry-snapshot.c:605:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (bytecode_p, base_addr_p, code_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/api/jerry-snapshot.c:647:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (bytecode_p, base_addr_p, start_offset);
data/iotjs-1.0+715/deps/jerry/jerry-core/api/jerry-snapshot.c:658:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (new_base_p, base_p, extra_bytes);
data/iotjs-1.0+715/deps/jerry/jerry-core/api/jerry-snapshot.c:662:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (byte_p + start_offset + 1, &real_bytecode_p, sizeof (uint8_t *));
data/iotjs-1.0+715/deps/jerry/jerry-core/api/jerry-snapshot.c:1317:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (dst_p,
data/iotjs-1.0+715/deps/jerry/jerry-core/api/jerry-snapshot.c:1498:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy ((char *) buffer_p, chars, string_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/api/jerry.c:3757:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy ((void *) (mem_buffer_p + offset), (void *) buf_p, copy_count);
data/iotjs-1.0+715/deps/jerry/jerry-core/api/jerry.c:3806:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy ((void *) buf_p, (void *) (mem_buffer_p + offset), copy_count);
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:116:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (&min_depth, get_backtrace_p->min_depth, sizeof (uint32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:118:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (&max_depth, get_backtrace_p->max_depth, sizeof (uint32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:140:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (backtrace_total_p->frame_count, &frame_count, sizeof (frame_count));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:187:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (frame_p->byte_code_cp, &byte_code_cp, sizeof (jmem_cpointer_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:190:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (frame_p->offset, &offset, sizeof (uint32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:393:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (message_string_p->string + *buffer_pos, string_p, free_bytes);
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:409:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (message_string_p->string + *buffer_pos, string_p, str_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:428:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (&chain_index, get_scope_variables_p->chain_index, sizeof (uint32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:548:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (&chain_index, eval_string_p, sizeof (uint32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:703:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (string_p + uint8_data_p->uint8_offset,
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:743:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&byte_code_free_cp, byte_code_p->byte_code_cp, sizeof (jmem_cpointer_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:782:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&byte_code_cp, update_breakpoint_p->byte_code_cp, sizeof (jmem_cpointer_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:786:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&offset, update_breakpoint_p->offset, sizeof (uint32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:947:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&eval_size, eval_first_p->eval_size, sizeof (uint32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:975:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (eval_string_p,
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:1004:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (&client_source_size, client_source_first_p->code_size, sizeof (uint32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:1026:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (client_source_string_p,
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:1171:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (breakpoint_hit_p->byte_code_cp, &byte_code_header_cp, sizeof (jmem_cpointer_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:1174:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (breakpoint_hit_p->offset, &offset, sizeof (uint32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:1245:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (configuration_p->version, &version, sizeof (uint32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:1266:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (message_type_p + 1, data, size);
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:1299:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (message_string_p->string, string_p, max_byte_count);
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:1314:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (message_string_p->string, string_p, string_length - 1);
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:1319:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (message_string_p->string, string_p, string_length);
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:1343:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (byte_code_cp_p->byte_code_cp, &compiled_code_cp, sizeof (jmem_cpointer_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:1363:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (message_parse_function_p->line, &line, sizeof (uint32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:1364:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (message_parse_function_p->column, &column, sizeof (uint32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:1385:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (memstats_p->allocated_bytes, &allocated_bytes, sizeof (uint32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:1387:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (memstats_p->byte_code_bytes, &byte_code_bytes, sizeof (uint32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:1389:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (memstats_p->string_bytes, &string_bytes, sizeof (uint32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:1391:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (memstats_p->object_bytes, &object_bytes, sizeof (uint32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:1393:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (memstats_p->property_bytes, &property_bytes, sizeof (uint32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-collection.c:187:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (collection_p->buffer_p + collection_p->item_count, buffer_p, count * sizeof (ecma_value_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-external-pointers.c:207:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy (native_pointer_p, next_p, sizeof (ecma_native_pointer_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-string.c:358:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (data_p, string_p, string_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-string.c:622:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (data_p, str_buf, str_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-string.c:701:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (uint32_to_string_buffer + cesu8_string1_size, cesu8_string2_p, cesu8_string2_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-string.c:746:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (data_p, cesu8_string1_p, cesu8_string1_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-string.c:747:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (data_p + cesu8_string1_size, cesu8_string2_p, cesu8_string2_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-string.c:1042:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (buffer_p, chars_p, size);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-string.c:1095:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (buffer_p, chars_p, size);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-string.c:1158:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (buffer_p, start_p, size);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-string.c:1183:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (buffer_p, start_p, size);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-string.c:1238:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (buffer_p, cesu8_str_p, size);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-string.c:1300:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy (utf8_pos, cesu8_pos, code_unit_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-string.c:1306:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (utf8_pos, cesu8_pos, code_unit_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-string.c:1776:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  return !memcmp ((char *) utf8_string1_p, (char *) utf8_string2_p, string1_size_and_length[0]);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-string.c:1776:45:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  return !memcmp ((char *) utf8_string1_p, (char *) utf8_string2_p, string1_size_and_length[0]);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-string.c:2633:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (ECMA_STRINGBUILDER_STRING_PTR (header_p), data_p, data_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-string.c:2740:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (dest_p, string_data_p, string_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-string.c:2752:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (dest_p, data_p, data_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-literal-storage.c:485:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (destination_p, &num, sizeof (ecma_number_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-literal-storage.c:532:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (&num, literal_p, sizeof (ecma_number_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-arraybuffer-prototype.c:142:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (new_buf, old_buf + start, new_len);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-helpers-date.c:36:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char day_names_p[7][3] =
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-helpers-date.c:41:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char month_names_p[12][3] =
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-helpers-date.c:745:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (dest_p, str_p, 3);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-helpers.h:148:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern const char day_names_p[7][3];
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/ecma-builtin-helpers.h:149:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern const char month_names_p[12][3];
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c:695:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (pass_value_p, info.buffer_p + byte_pos, info.element_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c:714:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (ecma_typedarray_get_buffer (obj_p),
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c:761:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (&tmp[0], lower_p, info.element_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c:762:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (lower_p, upper_p, info.element_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c:763:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (upper_p, &tmp[0], info.element_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/builtin-objects/typedarray/ecma-builtin-typedarray-prototype.c:1888:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (new_typedarray_buffer_p,
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-dataview-object.c:188:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char data[sizeof (uint32_t)]; /**< for read numeric data */
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-dataview-object.c:308:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (swap_block_p, block_p, element_size * sizeof (lit_utf8_byte_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-objects-arguments.c:95:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (arg_literal_p, byte_p, formal_params_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-typedarray-object.c:68:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (&num, src, sizeof (int16_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-typedarray-object.c:79:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (&num, src, sizeof (uint16_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-typedarray-object.c:90:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (&num, src, sizeof (int32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-typedarray-object.c:101:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (&num, src, sizeof (uint32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-typedarray-object.c:112:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (&num, src, sizeof (float));
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-typedarray-object.c:123:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (&num, src, sizeof (double));
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-typedarray-object.c:222:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (dst_p, &num, sizeof (int16_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-typedarray-object.c:233:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (dst_p, &num, sizeof (uint16_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-typedarray-object.c:244:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (dst_p, &num, sizeof (int32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-typedarray-object.c:255:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (dst_p, &num, sizeof (uint32_t));
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-typedarray-object.c:266:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (dst_p, &num, sizeof (float));
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-typedarray-object.c:278:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (dst_p, &num, sizeof (double));
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/operations/ecma-typedarray-object.c:661:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (dst_buf_p, src_buf_p, array_length << element_size_shift);
data/iotjs-1.0+715/deps/jerry/jerry-core/jmem/jmem-heap.c:642:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (ret_block_p, block_p, old_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/lit/lit-strings.c:842:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (utf8_pos, cesu8_pos, code_unit_size);
data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-lexer.c:2475:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy ((uint8_t *) literal_p->u.char_p, char_p, length);
data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-lexer.c:2956:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy ((uint8_t *) literal_p->u.char_p, buffer_p, size);
data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser-mem.c:534:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (context_p->stack.first_p->bytes + context_p->stack.last_position,
data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser-mem.c:564:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (page_p->bytes, bytes_p, length);
data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser-mem.c:588:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (bytes_p, context_p->stack.first_p->bytes + context_p->stack.last_position, length);
data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser-mem.c:599:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (bytes_p + length, page_p->bytes, context_p->stack.last_position);
data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser-mem.c:608:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (bytes_p, page_p->next_p->bytes + context_p->stack.last_position, length);
data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser-mem.c:681:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (bytes_p,
data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser-mem.c:690:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (bytes_p + length,
data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser-mem.c:693:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (bytes_p,
data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser-mem.c:713:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (iterator->current_p->bytes + iterator->current_position - length,
data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser-mem.c:722:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (iterator->current_p->bytes,
data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser-mem.c:725:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (iterator->current_p->next_p->bytes + PARSER_STACK_PAGE_SIZE - length,
data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser.c:2799:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (name_buffer_p, prefix_p, 4);
data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-parser.c:2800:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (name_buffer_p + 4, name_lit_p->u.char_p, name_lit_p->prop.length);
data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-scanner-util.c:906:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (data_p, &literal_p->char_p, sizeof (const uint8_t *));
data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-scanner-util.c:1942:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (&literal.char_p, data_p + 2 + 1, sizeof (const uint8_t *));
data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-scanner-util.c:2092:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (&literal.char_p, data_p + 2 + 1, sizeof (const uint8_t *));
data/iotjs-1.0+715/deps/jerry/jerry-core/parser/js/js-scanner.c:3410:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy (&prev_source_p, data_p + 2 + 1, sizeof (const uint8_t *));
data/iotjs-1.0+715/deps/jerry/jerry-core/vm/opcodes.c:698:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy (new_registers_p, VM_GET_REGISTERS (frame_ctx_p), size);
data/iotjs-1.0+715/deps/jerry/jerry-core/vm/vm.c:1456:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy (&byte_code_p, byte_code_p++, sizeof (uint8_t *));
data/iotjs-1.0+715/deps/jerry/jerry-ext/debugger/debugger-serial.c:333:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp_config[CONFIG_SIZE];
data/iotjs-1.0+715/deps/jerry/jerry-ext/debugger/debugger-serial.c:344:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int fd = open (serial_config.device_id, O_RDWR);
data/iotjs-1.0+715/deps/jerry/jerry-ext/debugger/debugger-sha1.c:289:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy ((void *) (sha1_context_p->buffer + left), source_p, fill);
data/iotjs-1.0+715/deps/jerry/jerry-ext/debugger/debugger-sha1.c:305:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy ((void *) (sha1_context_p->buffer + left), source_p, source_length);
data/iotjs-1.0+715/deps/jerry/jerry-ext/debugger/debugger-ws.c:177:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (request_end_p, context.message_p, context.message_length);
data/iotjs-1.0+715/deps/jerry/jerry-main/cli.c:50:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char CMDNAME[strlen ((PROGNAME)) + strlen ((CMD)) + 2]; \
data/iotjs-1.0+715/deps/jerry/jerry-main/main-unix-snapshot.c:128:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *file = fopen (file_name, "rb");
data/iotjs-1.0+715/deps/jerry/jerry-main/main-unix-snapshot.c:418:27:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *snapshot_file_p = fopen (output_file_name_p, "wb");
data/iotjs-1.0+715/deps/jerry/jerry-main/main-unix-snapshot.c:609:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *file_p = fopen (literals_file_name_p, "wb");
data/iotjs-1.0+715/deps/jerry/jerry-main/main-unix-snapshot.c:743:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *file_p = fopen (output_file_name_p, "wb");
data/iotjs-1.0+715/deps/jerry/jerry-main/main-unix-test.c:39:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *file = fopen (file_name, "rb");
data/iotjs-1.0+715/deps/jerry/jerry-main/main-unix.c:184:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[JERRY_BUFFER_SIZE];
data/iotjs-1.0+715/deps/jerry/jerry-main/main-unix.c:195:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy (source_p + source_size, buffer, read_bytes);
data/iotjs-1.0+715/deps/jerry/jerry-main/main-unix.c:223:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[JERRY_BUFFER_SIZE];
data/iotjs-1.0+715/deps/jerry/jerry-main/main-utils.c:106:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (err_str_buf, msg, err_str_size + 1);
data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-io.c:107:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char debug_buffer[DEBUG_BUFFER_SIZE];
data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-module.c:49:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *file_p = fopen (file_name_p, "rb");
data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-module.c:108:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char drive[_MAX_DRIVE];
data/iotjs-1.0+715/deps/jerry/targets/curie_bsp/source/curie-bsp-port.c:34:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[256];
data/iotjs-1.0+715/deps/jerry/targets/esp8266/user/jerry_extapi.c:85:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
          char buff[50];
data/iotjs-1.0+715/deps/jerry/targets/esp8266/user/jerry_extapi.c:86:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
          sprintf(buff, "%.10f", number);
data/iotjs-1.0+715/deps/jerry/targets/nuttx-stm32f4/jerry_main.c:74:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *file = fopen (file_name, "r");
data/iotjs-1.0+715/deps/jerry/targets/nuttx-stm32f4/jerry_main.c:172:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (err_str_buf, msg, err_str_size);
data/iotjs-1.0+715/deps/jerry/targets/nuttx-stm32f4/jerry_main.c:317:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  const char *file_names[JERRY_MAX_COMMAND_LINE_ARGS];
data/iotjs-1.0+715/deps/jerry/targets/nuttx-stm32f4/jerry_port.c:84:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *file_p = fopen (file_name_p, "rb");
data/iotjs-1.0+715/deps/jerry/targets/riot-stm32f4/source/main-riotos.c:107:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char line_buf[SHELL_DEFAULT_BUFSIZE];
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-api-strings.c:186:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char result_string[1] = { 'E' };
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-api.c:70:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[32];
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-api.c:230:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char str_buf_p[128];
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-api.c:282:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char str_buf_p[128];
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-api.c:356:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[32];
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-number-to-string.c:67:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    if (strncmp ((char *) str, (char *) strings[i], str_size) != 0)
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-number-to-string.c:67:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    if (strncmp ((char *) str, (char *) strings[i], str_size) != 0)
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-poolman.c:63:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy (data[j], ptrs[j], TEST_CHUNK_SIZE);
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-proxy.c:75:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[10];
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-proxy.c:104:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[10];
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-snapshot.c:173:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char string_data[32];
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-snapshot.c:299:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (snapshot_buffer_0_bck, snapshot_buffer_0, SNAPSHOT_BUFFER_SIZE);
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-snapshot.c:300:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy (snapshot_buffer_1_bck, snapshot_buffer_1, SNAPSHOT_BUFFER_SIZE);
data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-arg.c:118:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char arg3[5] = "1234";
data/iotjs-1.0+715/deps/libtuv/include/pthread-barrier.h:56:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char _pad[UV_BARRIER_STRUCT_PADDING];
data/iotjs-1.0+715/deps/libtuv/include/uv-unix.h:401:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char host[NI_MAXHOST];                                                      \
data/iotjs-1.0+715/deps/libtuv/include/uv-unix.h:402:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char service[NI_MAXSERV];                                                   \
data/iotjs-1.0+715/deps/libtuv/include/uv-win.h:290:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char d_name[1];
data/iotjs-1.0+715/deps/libtuv/include/uv-win.h:394:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char accept_buffer[sizeof(struct sockaddr_storage) * 2 + 32];             \
data/iotjs-1.0+715/deps/libtuv/include/uv-win.h:491:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char last_key[8];                                                       \
data/iotjs-1.0+715/deps/libtuv/include/uv-win.h:578:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char host[NI_MAXHOST];                                                      \
data/iotjs-1.0+715/deps/libtuv/include/uv-win.h:579:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char service[NI_MAXSERV];                                                   \
data/iotjs-1.0+715/deps/libtuv/include/uv.h:1029:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char phys_addr[6];
data/iotjs-1.0+715/deps/libtuv/src/fs-poll.c:39:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[1]; /* variable length */
data/iotjs-1.0+715/deps/libtuv/src/fs-poll.c:80:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ctx->path, path, len + 1);
data/iotjs-1.0+715/deps/libtuv/src/fs-poll.c:146:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, ctx->path, required_len);
data/iotjs-1.0+715/deps/libtuv/src/inet.c:66:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp[UV__INET_ADDRSTRLEN];
data/iotjs-1.0+715/deps/libtuv/src/inet.c:96:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char tmp[sizeof(struct in_addr)], *tp;
data/iotjs-1.0+715/deps/libtuv/src/inet.c:127:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst, tmp, sizeof(struct in_addr));
data/iotjs-1.0+715/deps/libtuv/src/threadpool.c:174:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    nthreads = atoi(val);
data/iotjs-1.0+715/deps/libtuv/src/tuv_debuglog.c:45:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    tuv_debug_level = atoi(dbglevel);
data/iotjs-1.0+715/deps/libtuv/src/tuv_debuglog.c:51:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    logstream  = fopen(dbglogfile, "w+");
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:326:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char args[PATH_MAX];
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:327:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char abspath[PATH_MAX];
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:358:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, abspath, *size);
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:364:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char trypath[PATH_MAX];
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:388:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(buffer, abspath, *size);
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:440:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char rawbuf[FILENAME_MAX+1];
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:449:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
  strcat(rawbuf, "/r");
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:529:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char tmp[256];
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:556:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cmd[2048];
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:567:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(cmd, "/aha/fs/modDir.monFactory");
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:569:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(cmd, "/aha/fs/modFile.monFactory");
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:590:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char mon_file_write_string[RDWR_BUF_SIZE];
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:591:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char mon_file[PATH_MAX];
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:598:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(mon_file, "/aha/fs/modDir.monFactory");
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:600:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(mon_file, "/aha/fs/modFile.monFactory");
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:611:3:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
  strcat(mon_file, ".mon");
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:616:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  *fd = open(mon_file, O_CREAT|O_RDWR);
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:633:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(mon_file_write_string, "CHANGED=YES;WAIT_TYPE=WAIT_IN_SELECT;INFO_LVL=2");
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:635:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(mon_file_write_string, "CHANGED=YES;WAIT_TYPE=WAIT_IN_SELECT;INFO_LVL=1");
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:676:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   filename[PATH_MAX]; /* To be used when handling directories */
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:739:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char   result_data[RDWR_BUF_SIZE];
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:743:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char fname[PATH_MAX];
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:801:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cwd[PATH_MAX];
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:802:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char absolute_path[PATH_MAX];
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:803:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char readlink_cwd[PATH_MAX];
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:903:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pp[64];
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:910:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fd = open(pp, O_RDONLY);
data/iotjs-1.0+715/deps/libtuv/src/unix/android-ifaddrs.c:69:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char l_buffer[NLMSG_ALIGN(sizeof(struct nlmsghdr)) + NLMSG_ALIGN(sizeof(struct rtgenmsg))];
data/iotjs-1.0+715/deps/libtuv/src/unix/android-ifaddrs.c:282:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&((struct sockaddr_in*)p_dest)->sin_addr, p_data, p_size);
data/iotjs-1.0+715/deps/libtuv/src/unix/android-ifaddrs.c:285:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&((struct sockaddr_in6*)p_dest)->sin6_addr, p_data, p_size);
data/iotjs-1.0+715/deps/libtuv/src/unix/android-ifaddrs.c:288:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(((struct sockaddr_ll*)p_dest)->sll_addr, p_data, p_size);
data/iotjs-1.0+715/deps/libtuv/src/unix/android-ifaddrs.c:292:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(p_dest->sa_data, p_data, p_size);
data/iotjs-1.0+715/deps/libtuv/src/unix/android-ifaddrs.c:368:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(l_index, &l_info->ifi_index, sizeof(int));
data/iotjs-1.0+715/deps/libtuv/src/unix/android-ifaddrs.c:403:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(l_data, l_rtaData, l_rtaDataSize);
data/iotjs-1.0+715/deps/libtuv/src/unix/android-ifaddrs.c:423:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&l_index, l_indexPtr, sizeof(int));
data/iotjs-1.0+715/deps/libtuv/src/unix/android-ifaddrs.c:562:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char l_mask[16] = {0};
data/iotjs-1.0+715/deps/libtuv/src/unix/async.c:129:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1024];
data/iotjs-1.0+715/deps/libtuv/src/unix/async.c:231:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[32];
data/iotjs-1.0+715/deps/libtuv/src/unix/core.c:832:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fd = open(path, flags | UV__O_CLOEXEC);
data/iotjs-1.0+715/deps/libtuv/src/unix/core.c:844:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fd = open(path, flags);
data/iotjs-1.0+715/deps/libtuv/src/unix/darwin-proctitle.c:36:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char namebuf[64];  /* MAXTHREADNAMESIZE */
data/iotjs-1.0+715/deps/libtuv/src/unix/darwin.c:69:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char abspath[PATH_MAX * 2 + 1];
data/iotjs-1.0+715/deps/libtuv/src/unix/darwin.c:70:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char exepath[PATH_MAX + 1];
data/iotjs-1.0+715/deps/libtuv/src/unix/darwin.c:92:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, abspath, *size);
data/iotjs-1.0+715/deps/libtuv/src/unix/darwin.c:176:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char model[512];
data/iotjs-1.0+715/deps/libtuv/src/unix/freebsd.c:79:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char abspath[PATH_MAX * 2 + 1];
data/iotjs-1.0+715/deps/libtuv/src/unix/freebsd.c:95:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, abspath, *size);
data/iotjs-1.0+715/deps/libtuv/src/unix/freebsd.c:102:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char abspath[PATH_MAX * 2 + 1];
data/iotjs-1.0+715/deps/libtuv/src/unix/freebsd.c:125:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, abspath, *size);
data/iotjs-1.0+715/deps/libtuv/src/unix/freebsd.c:210:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, process_title, len);
data/iotjs-1.0+715/deps/libtuv/src/unix/freebsd.c:271:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char model[512];
data/iotjs-1.0+715/deps/libtuv/src/unix/fs.c:126:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy((void*) req->path, path, path_len);                              \
data/iotjs-1.0+715/deps/libtuv/src/unix/fs.c:127:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy((void*) req->new_path, new_path, new_path_len);                  \
data/iotjs-1.0+715/deps/libtuv/src/unix/fs.c:165:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[sizeof("/proc/self/fd/") + 3 * sizeof(int)];
data/iotjs-1.0+715/deps/libtuv/src/unix/fs.c:257:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    r = open(req->path, req->flags | O_CLOEXEC, req->mode);
data/iotjs-1.0+715/deps/libtuv/src/unix/fs.c:269:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  r = open(req->path, req->flags, req->mode);
data/iotjs-1.0+715/deps/libtuv/src/unix/fs.c:376:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ent, dent, sizeof(uv__dirent_t));
data/iotjs-1.0+715/deps/libtuv/src/unix/fs.c:867:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(req->bufs, bufs, nbufs * sizeof(*bufs));
data/iotjs-1.0+715/deps/libtuv/src/unix/fs.c:956:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(req->bufs, bufs, nbufs * sizeof(*bufs));
data/iotjs-1.0+715/deps/libtuv/src/unix/fsevents.c:91:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[1];
data/iotjs-1.0+715/deps/libtuv/src/unix/fsevents.c:293:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(event->path, path, len + 1);
data/iotjs-1.0+715/deps/libtuv/src/unix/getaddrinfo.c:196:18:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    req->hints = memcpy(buf + len, hints, sizeof(*hints));
data/iotjs-1.0+715/deps/libtuv/src/unix/getaddrinfo.c:201:20:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    req->service = memcpy(buf + len, service, service_len);
data/iotjs-1.0+715/deps/libtuv/src/unix/getaddrinfo.c:206:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    req->hostname = memcpy(buf + len, hostname, hostname_len);
data/iotjs-1.0+715/deps/libtuv/src/unix/getnameinfo.c:90:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&req->storage,
data/iotjs-1.0+715/deps/libtuv/src/unix/getnameinfo.c:94:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&req->storage,
data/iotjs-1.0+715/deps/libtuv/src/unix/kqueue.c:343:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pathbuf[MAXPATHLEN];
data/iotjs-1.0+715/deps/libtuv/src/unix/kqueue.c:397:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fd = open(path, O_RDONLY);
data/iotjs-1.0+715/deps/libtuv/src/unix/linux-inotify.c:139:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[4096];
data/iotjs-1.0+715/deps/libtuv/src/unix/netbsd.c:161:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, process_title, len);
data/iotjs-1.0+715/deps/libtuv/src/unix/netbsd.c:224:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char model[512];
data/iotjs-1.0+715/deps/libtuv/src/unix/openbsd.c:122:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, argsbuf[0], *size);
data/iotjs-1.0+715/deps/libtuv/src/unix/openbsd.c:183:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer, process_title, len);
data/iotjs-1.0+715/deps/libtuv/src/unix/openbsd.c:235:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char model[512];
data/iotjs-1.0+715/deps/libtuv/src/unix/pipe.c:248:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, sa.sun_path, addrlen);
data/iotjs-1.0+715/deps/libtuv/src/unix/process.c:337:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        use_fd = open("/dev/null", fd == 0 ? O_RDONLY : O_RDWR);
data/iotjs-1.0+715/deps/libtuv/src/unix/proctitle.c:67:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(s, argv[i], size);
data/iotjs-1.0+715/deps/libtuv/src/unix/proctitle.c:95:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, process_title.str, process_title.len + 1);
data/iotjs-1.0+715/deps/libtuv/src/unix/signal.c:348:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[sizeof(uv__signal_msg_t) * 32];
data/iotjs-1.0+715/deps/libtuv/src/unix/stream.c:156:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1024];
data/iotjs-1.0+715/deps/libtuv/src/unix/stream.c:811:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char scratch[64] = {0};
data/iotjs-1.0+715/deps/libtuv/src/unix/stream.c:1141:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char cmsg_space[CMSG_SPACE(UV__CMSG_FD_SIZE)];
data/iotjs-1.0+715/deps/libtuv/src/unix/stream.c:1457:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(req->bufs, bufs, nbufs * sizeof(bufs[0]));
data/iotjs-1.0+715/deps/libtuv/src/unix/sunos.c:330:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[128];
data/iotjs-1.0+715/deps/libtuv/src/unix/sunos.c:558:8:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  fd = open("/proc/self/psinfo", O_RDONLY);
data/iotjs-1.0+715/deps/libtuv/src/unix/sunos.c:724:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(sin->sin6_addr.s6_addr,
data/iotjs-1.0+715/deps/libtuv/src/unix/tcp.c:270:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    single_accept = (val != NULL && atoi(val) != 0);  /* Off by default. */
data/iotjs-1.0+715/deps/libtuv/src/unix/tty.c:48:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char dummy[256];
data/iotjs-1.0+715/deps/libtuv/src/unix/tty.c:65:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[256];
data/iotjs-1.0+715/deps/libtuv/src/unix/udp.c:424:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char taddr[sizeof(struct sockaddr_in6)];
data/iotjs-1.0+715/deps/libtuv/src/unix/udp.c:484:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&req->addr, addr, addrlen);
data/iotjs-1.0+715/deps/libtuv/src/unix/udp.c:498:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(req->bufs, bufs, nbufs * sizeof(bufs[0]));
data/iotjs-1.0+715/deps/libtuv/src/uv-common.c:76:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  return memcpy(m, s, len);
data/iotjs-1.0+715/deps/libtuv/src/uv-common.c:144:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char address_part[40];
data/iotjs-1.0+715/deps/libtuv/src/uv-common.c:158:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(address_part, ip, address_part_size);
data/iotjs-1.0+715/deps/libtuv/src/uv-common.c:165:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    addr->sin6_scope_id = atoi(zone_index);
data/iotjs-1.0+715/deps/libtuv/src/win/dl.c:34:8:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  if (!MultiByteToWideChar(CP_UTF8,
data/iotjs-1.0+715/deps/libtuv/src/win/fs-event.c:164:15:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  name_size = MultiByteToWideChar(CP_UTF8, 0, path, -1, NULL, 0) *
data/iotjs-1.0+715/deps/libtuv/src/win/fs-event.c:171:8:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  if (!MultiByteToWideChar(CP_UTF8,
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:132:17:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    pathw_len = MultiByteToWideChar(CP_UTF8,
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:151:21:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    new_pathw_len = MultiByteToWideChar(CP_UTF8,
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:180:15:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    DWORD r = MultiByteToWideChar(CP_UTF8,
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:194:15:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    DWORD r = MultiByteToWideChar(CP_UTF8,
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:209:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pos, path, path_len);
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:288:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[MAXIMUM_REPARSE_DATA_BUFFER_SIZE];
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:840:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  __declspec(align(8)) char buffer[8192];
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:842:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  __attribute__ ((aligned (8))) char buffer[8192];
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:1832:14:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    XX(OPEN, open)
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:1968:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(req->fs.info.bufs, bufs, nbufs * sizeof(*bufs));
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:2004:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(req->fs.info.bufs, bufs, nbufs * sizeof(*bufs));
data/iotjs-1.0+715/deps/libtuv/src/win/getaddrinfo.c:173:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(cur_ptr, addrinfow_ptr->ai_addr, addrinfo_ptr->ai_addrlen);
data/iotjs-1.0+715/deps/libtuv/src/win/getaddrinfo.c:278:29:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    nodesize = ALIGNED_SIZE(MultiByteToWideChar(CP_UTF8, 0, node, -1, NULL, 0) *
data/iotjs-1.0+715/deps/libtuv/src/win/getaddrinfo.c:287:32:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    servicesize = ALIGNED_SIZE(MultiByteToWideChar(CP_UTF8,
data/iotjs-1.0+715/deps/libtuv/src/win/getaddrinfo.c:317:9:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    if (MultiByteToWideChar(CP_UTF8,
data/iotjs-1.0+715/deps/libtuv/src/win/getaddrinfo.c:335:9:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    if (MultiByteToWideChar(CP_UTF8,
data/iotjs-1.0+715/deps/libtuv/src/win/getnameinfo.c:119:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&req->storage,
data/iotjs-1.0+715/deps/libtuv/src/win/getnameinfo.c:123:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&req->storage,
data/iotjs-1.0+715/deps/libtuv/src/win/pipe.c:516:14:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  nameSize = MultiByteToWideChar(CP_UTF8, 0, name, -1, NULL, 0) * sizeof(WCHAR);
data/iotjs-1.0+715/deps/libtuv/src/win/pipe.c:522:8:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  if (!MultiByteToWideChar(CP_UTF8,
data/iotjs-1.0+715/deps/libtuv/src/win/pipe.c:635:14:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  nameSize = MultiByteToWideChar(CP_UTF8, 0, name, -1, NULL, 0) * sizeof(WCHAR);
data/iotjs-1.0+715/deps/libtuv/src/win/pipe.c:641:8:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  if (!MultiByteToWideChar(CP_UTF8,
data/iotjs-1.0+715/deps/libtuv/src/win/pipe.c:2059:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, pipe_prefix, pipe_prefix_len);
data/iotjs-1.0+715/deps/libtuv/src/win/process-stdio.c:100:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char pipe_name[64];
data/iotjs-1.0+715/deps/libtuv/src/win/process.c:113:12:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  ws_len = MultiByteToWideChar(CP_UTF8,
data/iotjs-1.0+715/deps/libtuv/src/win/process.c:128:7:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  r = MultiByteToWideChar(CP_UTF8,
data/iotjs-1.0+715/deps/libtuv/src/win/process.c:535:15:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    arg_len = MultiByteToWideChar(CP_UTF8,
data/iotjs-1.0+715/deps/libtuv/src/win/process.c:576:15:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    arg_len = MultiByteToWideChar(CP_UTF8,
data/iotjs-1.0+715/deps/libtuv/src/win/process.c:695:13:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
      len = MultiByteToWideChar(CP_UTF8,
data/iotjs-1.0+715/deps/libtuv/src/win/process.c:720:13:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
      len = MultiByteToWideChar(CP_UTF8,
data/iotjs-1.0+715/deps/libtuv/src/win/tty.c:857:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&handle->tty.rd.last_key[prefix_len], vt100, vt100_len);
data/iotjs-1.0+715/deps/libtuv/src/win/tty.c:1672:24:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
      utf16_buf_used = MultiByteToWideChar(CP_UTF8,
data/iotjs-1.0+715/deps/libtuv/src/win/tty.c:1688:12:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
      if (!MultiByteToWideChar(CP_UTF8,
data/iotjs-1.0+715/deps/libtuv/src/win/util.c:224:7:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  if (MultiByteToWideChar(CP_UTF8,
data/iotjs-1.0+715/deps/libtuv/src/win/util.c:367:12:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  length = MultiByteToWideChar(CP_UTF8, 0, title, -1, NULL, 0);
data/iotjs-1.0+715/deps/libtuv/src/win/util.c:379:12:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
  length = MultiByteToWideChar(CP_UTF8, 0, title, -1, title_w, length);
data/iotjs-1.0+715/deps/libtuv/src/win/util.c:448:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, process_title, len);
data/iotjs-1.0+715/deps/libtuv/src/win/util.c:1135:3:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  wchar_t path[MAX_PATH];
data/iotjs-1.0+715/deps/libtuv/src/win/util.c:1198:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, pwd.homedir, len + 1);
data/iotjs-1.0+715/deps/libtuv/src/win/util.c:1207:3:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  wchar_t path[MAX_PATH + 1];
data/iotjs-1.0+715/deps/libtuv/src/win/util.c:1327:3:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  wchar_t username[UNLEN + 1];
data/iotjs-1.0+715/deps/libtuv/src/win/util.c:1328:3:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  wchar_t path[MAX_PATH];
data/iotjs-1.0+715/deps/libtuv/test/raw/apiemul_socket.c:64:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char read_buffer[SOCKET_TEST_READBUFFER];
data/iotjs-1.0+715/deps/libtuv/test/raw/apiemul_socket.c:65:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char read_client[SOCKET_TEST_READBUFFER];
data/iotjs-1.0+715/deps/libtuv/test/raw/apiemul_socket.c:123:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char tmp[sizeof(struct in_addr)], *tp;
data/iotjs-1.0+715/deps/libtuv/test/raw/apiemul_socket.c:154:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst, tmp, sizeof(struct in_addr));
data/iotjs-1.0+715/deps/libtuv/test/raw/test_tcp_open_raw.c:103:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char slab[2048];
data/iotjs-1.0+715/deps/libtuv/test/raw/test_tcp_open_raw.c:105:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char slab[65536];
data/iotjs-1.0+715/deps/libtuv/test/runner_linux.c:56:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char executable_path[EXEC_PATH_LENGTH];
data/iotjs-1.0+715/deps/libtuv/test/runner_linux.c:87:17:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
  stdout_file = tmpfile();
data/iotjs-1.0+715/deps/libtuv/test/runner_linux.c:282:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char errmsg[1024] = "no error";
data/iotjs-1.0+715/deps/libtuv/test/runner_linux.c:458:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/iotjs-1.0+715/deps/libtuv/test/runner_linux.c:531:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    uv_uid_t uid = atoi(argv[2]);
data/iotjs-1.0+715/deps/libtuv/test/runner_linux.c:532:20:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    uv_gid_t gid = atoi(argv[3]);
data/iotjs-1.0+715/deps/libtuv/test/test_cwd.c:25:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char buffer[DIR_BUFF_LENGTH];
data/iotjs-1.0+715/deps/libtuv/test/test_fs.c:120:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char buf[32];
data/iotjs-1.0+715/deps/libtuv/test/test_fs.c:121:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char buf2[32];
data/iotjs-1.0+715/deps/libtuv/test/test_fs.c:634:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char name[TOO_LONG_NAME_LENGTH + 1];
data/iotjs-1.0+715/deps/libtuv/test/test_ipc.c:279:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char exepath[1024];
data/iotjs-1.0+715/deps/libtuv/test/test_pipe_close_stdout_read_stdin.c:34:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char buffer[1024];
data/iotjs-1.0+715/deps/libtuv/test/test_pipe_getsockname.c:56:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1024];
data/iotjs-1.0+715/deps/libtuv/test/test_pipe_getsockname.c:92:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1024];
data/iotjs-1.0+715/deps/libtuv/test/test_pipe_getsockname.c:164:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1024];
data/iotjs-1.0+715/deps/libtuv/test/test_pipe_getsockname.c:179:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(sun.sun_path, abstract_pipe, sizeof abstract_pipe);
data/iotjs-1.0+715/deps/libtuv/test/test_pipe_getsockname.c:212:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf1[1024], buf2[1024];
data/iotjs-1.0+715/deps/libtuv/test/test_pipe_sendmsg.c:66:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char base[1];
data/iotjs-1.0+715/deps/libtuv/test/test_pipe_sendmsg.c:110:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char scratch[64];
data/iotjs-1.0+715/deps/libtuv/test/test_pipe_set_non_blocking.c:41:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[4096];
data/iotjs-1.0+715/deps/libtuv/test/test_pipe_set_non_blocking.c:59:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char data[4096];
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:48:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char exepath[1024];
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:55:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char output[OUTPUT_SIZE];
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:929:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[64];
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:1185:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char newpath[2048];
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:1426:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char file[64];
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:1427:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[1024];
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:1451:3:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
  strcpy(path, "PATH=");
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:1459:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[1024 + sizeof(dyld_path_var)];
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:1521:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char ubuf[OUTPUT_SIZE - 1];
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:1588:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1024];
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:1614:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[1024];
data/iotjs-1.0+715/deps/libtuv/test/test_tcp_open.c:82:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char slab[2048];
data/iotjs-1.0+715/deps/libtuv/test/test_tcp_open.c:84:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char slab[65536];
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aes.h:158:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    const unsigned char input[16],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aes.h:159:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aes.h:201:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    unsigned char iv[16],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aes.h:245:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char iv[16],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aes.h:284:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    unsigned char iv[16],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aes.h:321:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char nonce_counter[16],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aes.h:322:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char stream_block[16],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aes.h:339:50:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                  const unsigned char input[16],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aes.h:340:44:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                  unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aes.h:354:50:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                  const unsigned char input[16],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aes.h:355:44:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                  unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aes.h:374:61:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                             const unsigned char input[16],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aes.h:375:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                             unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aes.h:388:61:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                             const unsigned char input[16],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aes.h:389:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                             unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aesni.h:66:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     const unsigned char input[16],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aesni.h:67:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aesni.h:79:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void mbedtls_aesni_gcm_mult( unsigned char c[16],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aesni.h:80:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     const unsigned char a[16],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/aesni.h:81:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     const unsigned char b[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/arc4.h:60:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char m[256];       /*!< permutation table */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/blowfish.h:103:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/blowfish.h:104:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/blowfish.h:133:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/blowfish.h:164:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                          unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/blowfish.h:191:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/blowfish.h:192:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/camellia.h:111:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    const unsigned char input[16],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/camellia.h:112:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/camellia.h:141:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    unsigned char iv[16],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/camellia.h:177:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char iv[16],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/camellia.h:208:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char nonce_counter[16],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/camellia.h:209:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char stream_block[16],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/cipher.h:266:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char unprocessed_data[MBEDTLS_MAX_BLOCK_LENGTH];
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/cipher.h:272:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char iv[MBEDTLS_MAX_IV_LENGTH];
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/cmac.h:54:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char       state[MBEDTLS_CIPHER_BLKSIZE_MAX];
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/cmac.h:58:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char       unprocessed_block[MBEDTLS_CIPHER_BLKSIZE_MAX];
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/cmac.h:178:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_aes_cmac_prf_128( const unsigned char *key, size_t key_len,
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/cmac.h:179:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                              const unsigned char *input, size_t in_len,
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/cmac.h:180:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                              unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ctr_drbg.h:108:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char counter[16];  /*!< The counter (V). */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/des.h:127:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/des.h:143:54:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/des.h:156:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/des.h:170:70:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/des.h:184:70:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/des.h:195:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/des.h:206:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/des.h:217:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/des.h:228:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/des.h:244:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    const unsigned char input[8],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/des.h:245:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    unsigned char output[8] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/des.h:273:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    unsigned char iv[8],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/des.h:288:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     const unsigned char input[8],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/des.h:289:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char output[8] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/des.h:315:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char iv[8],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/des.h:333:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                         const unsigned char key[MBEDTLS_DES_KEY_SIZE] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/gcm.h:60:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char base_ectr[16];          /*!< The first ECTR for tag. */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/gcm.h:61:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char y[16];                  /*!< The Y working value. */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/gcm.h:62:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[16];                /*!< The buf working value. */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/hmac_drbg.h:82:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char V[MBEDTLS_MD_MAX_SIZE];  /*!< V in the spec          */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md2.h:60:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char cksum[16];    /*!< checksum of the data block */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md2.h:61:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char state[48];    /*!< intermediate digest state  */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md2.h:62:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buffer[16];   /*!< data block being processed */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md2.h:151:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md2.h:219:54:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                            unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md2.h:262:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_md2_ret( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md2.h:264:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md2.h:286:53:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
MBEDTLS_DEPRECATED void mbedtls_md2( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md2.h:288:47:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                     unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md4.h:63:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buffer[64];   /*!< data block being processed */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md4.h:150:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md4.h:166:50:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                  const unsigned char data[64] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md4.h:220:54:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                            unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md4.h:236:61:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                             const unsigned char data[64] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md4.h:267:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_md4_ret( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md4.h:269:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md4.h:291:53:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
MBEDTLS_DEPRECATED void mbedtls_md4( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md4.h:293:47:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                     unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md5.h:62:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buffer[64];   /*!< data block being processed */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md5.h:150:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md5.h:166:50:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                  const unsigned char data[64] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md5.h:220:54:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                            unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md5.h:236:61:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                             const unsigned char data[64] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md5.h:267:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_md5_ret( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md5.h:269:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md5.h:291:53:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
MBEDTLS_DEPRECATED void mbedtls_md5( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/md5.h:293:47:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                     unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/padlock.h:80:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       const unsigned char input[16],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/padlock.h:81:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char output[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/padlock.h:98:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char iv[16],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ripemd160.h:53:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buffer[64];   /*!< data block being processed */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ripemd160.h:111:44:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                  unsigned char output[20] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ripemd160.h:122:56:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                        const unsigned char data[64] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ripemd160.h:164:58:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                                unsigned char output[20] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ripemd160.h:176:60:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                            const unsigned char data[64] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ripemd160.h:202:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_ripemd160_ret( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ripemd160.h:204:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                           unsigned char output[20] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ripemd160.h:221:59:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
MBEDTLS_DEPRECATED void mbedtls_ripemd160( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ripemd160.h:223:53:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                           unsigned char output[20] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha1.h:62:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buffer[64];   /*!< The data block being processed. */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha1.h:152:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                             unsigned char output[20] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha1.h:168:51:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                   const unsigned char data[64] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha1.h:222:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                             unsigned char output[20] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha1.h:238:62:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                              const unsigned char data[64] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha1.h:275:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_sha1_ret( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha1.h:277:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                      unsigned char output[20] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha1.h:299:54:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
MBEDTLS_DEPRECATED void mbedtls_sha1( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha1.h:301:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                      unsigned char output[20] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha256.h:57:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buffer[64];   /*!< The data block being processed. */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha256.h:124:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                               unsigned char output[32] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha256.h:137:53:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                     const unsigned char data[64] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha256.h:182:57:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                               unsigned char output[32] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha256.h:195:64:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                                const unsigned char data[64] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha256.h:228:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_sha256_ret( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha256.h:230:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        unsigned char output[32],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha256.h:259:56:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
MBEDTLS_DEPRECATED void mbedtls_sha256( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha256.h:261:50:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                        unsigned char output[32],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha512.h:57:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buffer[128];  /*!< The data block being processed. */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha512.h:125:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                               unsigned char output[64] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha512.h:137:53:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                     const unsigned char data[128] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha512.h:182:57:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                               unsigned char output[64] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha512.h:196:60:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                            const unsigned char data[128] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha512.h:232:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_sha512_ret( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha512.h:234:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        unsigned char output[64],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha512.h:262:56:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
MBEDTLS_DEPRECATED void mbedtls_sha512( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/sha512.h:264:50:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                        unsigned char output[64],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl.h:366:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char _pms_rsa[48];                         /* RFC 5246 8.1.1 */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl.h:369:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char _pms_dhm[MBEDTLS_MPI_MAX_SIZE];      /* RFC 5246 8.1.2 */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl.h:375:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char _pms_ecdh[MBEDTLS_ECP_MAX_BYTES];    /* RFC 4492 5.10 */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl.h:378:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char _pms_psk[4 + 2 * MBEDTLS_PSK_MAX_LEN];       /* RFC 4279 2 */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl.h:381:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char _pms_dhe_psk[4 + MBEDTLS_MPI_MAX_SIZE
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl.h:385:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char _pms_rsa_psk[52 + MBEDTLS_PSK_MAX_LEN];      /* RFC 4279 4 */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl.h:388:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char _pms_ecdhe_psk[4 + MBEDTLS_ECP_MAX_BYTES
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl.h:392:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char _pms_ecjpake[32];     /* Thread spec: SHA-256 output */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl.h:566:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char id[32];       /*!< session identifier */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl.h:567:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char master[48];   /*!< the master secret  */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl.h:710:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char renego_period[8]; /*!< value of the record counters
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl.h:916:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char own_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl.h:917:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char peer_verify_data[MBEDTLS_SSL_VERIFY_DATA_MAX_LEN]; /*!<  previous handshake verify data */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl.h:2288:51:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                   const unsigned char period[8] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl_internal.h:265:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char alt_out_ctr[8];       /*!<  Alternative record epoch/counter
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl_internal.h:295:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char randbytes[64];        /*!<  random bytes            */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl_internal.h:296:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char premaster[MBEDTLS_PREMASTER_SIZE];
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl_internal.h:329:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char iv_enc[16];           /*!<  IV (encryption)         */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl_internal.h:330:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char iv_dec[16];           /*!<  IV (decryption)         */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl_internal.h:334:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char mac_enc[20];          /*!<  SSL v3.0 secret (enc)   */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl_internal.h:335:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char mac_dec[20];          /*!<  SSL v3.0 secret (dec)   */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl_internal.h:586:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        unsigned char ver[2] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl_internal.h:588:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       const unsigned char ver[2] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/ssl_ticket.h:49:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char name[4];          /*!< random key identifier              */
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/timing.h:48:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char opaque[32];
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/x509_crt.h:140:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char not_before[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/x509_crt.h:141:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char not_after[MBEDTLS_X509_RFC5280_UTC_TIME_LEN + 1];
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/xtea.h:79:68:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/xtea.h:93:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    const unsigned char input[8],
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/xtea.h:94:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    unsigned char output[8] );
data/iotjs-1.0+715/deps/mbedtls/include/mbedtls/xtea.h:113:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    unsigned char iv[8],
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:94:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char FSb[256] =
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:221:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char RSb[256] =
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:360:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char FSb[256];
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:369:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char RSb[256];
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:714:50:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                  const unsigned char input[16],
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:715:44:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                  unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:770:42:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                          const unsigned char input[16],
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:771:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                          unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:782:50:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                  const unsigned char input[16],
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:783:44:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                  unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:838:42:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                          const unsigned char input[16],
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:839:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                          unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:850:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    const unsigned char input[16],
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:851:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:883:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    unsigned char iv[16],
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:888:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char temp[16];
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:909:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( temp, input, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:915:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( iv, temp, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:930:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( iv, output, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:950:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char iv[16],
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:995:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char iv[16],
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1000:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char ov[17];
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1004:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ov, iv, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1015:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( iv, ov + 1, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1029:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char nonce_counter[16],
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1030:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char stream_block[16],
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1066:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_test_ecb_dec[3][16] =
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1076:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_test_ecb_enc[3][16] =
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1087:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_test_cbc_dec[3][16] =
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1097:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_test_cbc_enc[3][16] =
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1114:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_test_cfb128_key[3][32] =
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1127:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_test_cfb128_iv[16] =
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1133:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_test_cfb128_pt[64] =
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1145:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_test_cfb128_ct[3][64] =
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1181:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_test_ctr_key[3][16] =
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1191:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_test_ctr_nonce_counter[3][16] =
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1201:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_test_ctr_pt[3][48] =
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1218:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_test_ctr_ct[3][48] =
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1244:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char key[32];
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1245:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[64];
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1248:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char iv[16];
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1251:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char prv[16];
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1258:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char nonce_counter[16];
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1259:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char stream_block[16];
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1375:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char tmp[16];
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1377:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( tmp, prv, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1378:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( prv, buf, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1379:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( buf, tmp, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1416:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( iv,  aes_test_cfb128_iv, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1417:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( key, aes_test_cfb128_key[u], keybits / 8 );
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1438:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( buf, aes_test_cfb128_ct[u], 64 );
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1443:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( buf, aes_test_cfb128_pt, 64 );
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1478:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( nonce_counter, aes_test_ctr_nonce_counter[u], 16 );
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1479:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( key, aes_test_ctr_key[u], 16 );
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1489:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( buf, aes_test_ctr_ct[u], len );
data/iotjs-1.0+715/deps/mbedtls/library/aes.c:1494:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( buf, aes_test_ctr_pt[u], len );
data/iotjs-1.0+715/deps/mbedtls/library/aesni.c:97:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     const unsigned char input[16],
data/iotjs-1.0+715/deps/mbedtls/library/aesni.c:98:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/aesni.c:141:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void mbedtls_aesni_gcm_mult( unsigned char c[16],
data/iotjs-1.0+715/deps/mbedtls/library/aesni.c:142:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     const unsigned char a[16],
data/iotjs-1.0+715/deps/mbedtls/library/aesni.c:143:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     const unsigned char b[16] )
data/iotjs-1.0+715/deps/mbedtls/library/aesni.c:145:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char aa[16], bb[16], cc[16];
data/iotjs-1.0+715/deps/mbedtls/library/aesni.c:258:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ik, fk, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/aesni.c:268:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ik, fk, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/arc4.c:138:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char arc4_test_key[3][8] =
data/iotjs-1.0+715/deps/mbedtls/library/arc4.c:145:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char arc4_test_pt[3][8] =
data/iotjs-1.0+715/deps/mbedtls/library/arc4.c:152:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char arc4_test_ct[3][8] =
data/iotjs-1.0+715/deps/mbedtls/library/arc4.c:165:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char ibuf[8];
data/iotjs-1.0+715/deps/mbedtls/library/arc4.c:166:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char obuf[8];
data/iotjs-1.0+715/deps/mbedtls/library/arc4.c:176:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ibuf, arc4_test_pt[i], 8 );
data/iotjs-1.0+715/deps/mbedtls/library/asn1write.c:122:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( *p, buf, len );
data/iotjs-1.0+715/deps/mbedtls/library/asn1write.c:305:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( *p, buf, size );
data/iotjs-1.0+715/deps/mbedtls/library/asn1write.c:355:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( cur->oid.p, oid, oid_len );
data/iotjs-1.0+715/deps/mbedtls/library/asn1write.c:386:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( cur->val.p, val, val_len );
data/iotjs-1.0+715/deps/mbedtls/library/base64.c:44:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char base64_enc_map[64] =
data/iotjs-1.0+715/deps/mbedtls/library/base64.c:55:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char base64_dec_map[128] =
data/iotjs-1.0+715/deps/mbedtls/library/base64.c:232:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char base64_test_dec[64] =
data/iotjs-1.0+715/deps/mbedtls/library/base64.c:255:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buffer[128];
data/iotjs-1.0+715/deps/mbedtls/library/bignum.c:133:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( p, X->p, X->n * ciL );
data/iotjs-1.0+715/deps/mbedtls/library/bignum.c:171:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( p, X->p, i * ciL );
data/iotjs-1.0+715/deps/mbedtls/library/bignum.c:209:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( X->p, Y->p, i * ciL );
data/iotjs-1.0+715/deps/mbedtls/library/bignum.c:223:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &T,  X, sizeof( mbedtls_mpi ) );
data/iotjs-1.0+715/deps/mbedtls/library/bignum.c:224:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(  X,  Y, sizeof( mbedtls_mpi ) );
data/iotjs-1.0+715/deps/mbedtls/library/bignum.c:225:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(  Y, &T, sizeof( mbedtls_mpi ) );
data/iotjs-1.0+715/deps/mbedtls/library/bignum.c:614:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
data/iotjs-1.0+715/deps/mbedtls/library/bignum.c:646:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[ MBEDTLS_MPI_RW_BUFFER_SIZE ];
data/iotjs-1.0+715/deps/mbedtls/library/bignum.c:1588:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( A->p, d, ( n + 1 ) * ciL );
data/iotjs-1.0+715/deps/mbedtls/library/bignum.c:1674:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( _RR, &RR, sizeof( mbedtls_mpi ) );
data/iotjs-1.0+715/deps/mbedtls/library/bignum.c:1677:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &RR, _RR, sizeof( mbedtls_mpi ) );
data/iotjs-1.0+715/deps/mbedtls/library/bignum.c:1885:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/blowfish.c:234:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    const unsigned char input[MBEDTLS_BLOWFISH_BLOCKSIZE],
data/iotjs-1.0+715/deps/mbedtls/library/blowfish.c:235:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    unsigned char output[MBEDTLS_BLOWFISH_BLOCKSIZE] )
data/iotjs-1.0+715/deps/mbedtls/library/blowfish.c:264:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
data/iotjs-1.0+715/deps/mbedtls/library/blowfish.c:269:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char temp[MBEDTLS_BLOWFISH_BLOCKSIZE];
data/iotjs-1.0+715/deps/mbedtls/library/blowfish.c:278:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( temp, input, MBEDTLS_BLOWFISH_BLOCKSIZE );
data/iotjs-1.0+715/deps/mbedtls/library/blowfish.c:284:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( iv, temp, MBEDTLS_BLOWFISH_BLOCKSIZE );
data/iotjs-1.0+715/deps/mbedtls/library/blowfish.c:299:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( iv, output, MBEDTLS_BLOWFISH_BLOCKSIZE );
data/iotjs-1.0+715/deps/mbedtls/library/blowfish.c:319:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char iv[MBEDTLS_BLOWFISH_BLOCKSIZE],
data/iotjs-1.0+715/deps/mbedtls/library/blowfish.c:366:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char nonce_counter[MBEDTLS_BLOWFISH_BLOCKSIZE],
data/iotjs-1.0+715/deps/mbedtls/library/blowfish.c:367:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char stream_block[MBEDTLS_BLOWFISH_BLOCKSIZE],
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:79:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char SIGMA_CHARS[6][8] =
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:91:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char FSb[256] =
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:118:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char FSb[256] =
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:138:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char FSb2[256] =
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:158:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char FSb3[256] =
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:178:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char FSb4[256] =
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:205:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char shifts[2][4][4] =
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:221:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const signed char indexes[2][4][20] =
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:245:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const signed char transposes[2][20] =
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:348:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char t[64];
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:497:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    const unsigned char input[16],
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:498:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:561:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    unsigned char iv[16],
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:566:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char temp[16];
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:575:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( temp, input, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:581:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( iv, temp, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:596:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( iv, output, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:616:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char iv[16],
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:663:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char nonce_counter[16],
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:664:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char stream_block[16],
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:706:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char camellia_test_ecb_key[3][CAMELLIA_TESTS_ECB][32] =
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:734:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char camellia_test_ecb_plain[CAMELLIA_TESTS_ECB][16] =
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:742:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char camellia_test_ecb_cipher[3][CAMELLIA_TESTS_ECB][16] =
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:767:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char camellia_test_cbc_key[3][32] =
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:782:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char camellia_test_cbc_iv[16] =
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:788:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char camellia_test_cbc_plain[CAMELLIA_TESTS_CBC][16] =
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:799:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char camellia_test_cbc_cipher[3][CAMELLIA_TESTS_CBC][16] =
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:835:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char camellia_test_ctr_key[3][16] =
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:845:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char camellia_test_ctr_nonce_counter[3][16] =
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:855:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char camellia_test_ctr_pt[3][48] =
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:872:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char camellia_test_ctr_ct[3][48] =
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:897:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char key[32];
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:898:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[64];
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:899:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char src[16];
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:900:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char dst[16];
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:902:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char iv[16];
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:906:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char nonce_counter[16];
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:907:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char stream_block[16];
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:923:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( key, camellia_test_ecb_key[u][i], 16 + 8 * u );
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:927:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( src, camellia_test_ecb_cipher[u][i], 16 );
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:928:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( dst, camellia_test_ecb_plain[i], 16 );
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:931:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( src, camellia_test_ecb_plain[i], 16 );
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:932:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( dst, camellia_test_ecb_cipher[u][i], 16 );
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:966:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( src, camellia_test_cbc_iv, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:967:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( dst, camellia_test_cbc_iv, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:968:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( key, camellia_test_cbc_key[u], 16 + 8 * u );
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:979:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( iv , src, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:980:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( src, camellia_test_cbc_cipher[u][i], 16 );
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:981:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( dst, camellia_test_cbc_plain[i], 16 );
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:983:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( iv , dst, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:984:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( src, camellia_test_cbc_plain[i], 16 );
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:985:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( dst, camellia_test_cbc_cipher[u][i], 16 );
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:1020:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( nonce_counter, camellia_test_ctr_nonce_counter[u], 16 );
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:1021:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( key, camellia_test_ctr_key[u], 16 );
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:1029:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( buf, camellia_test_ctr_ct[u], len );
data/iotjs-1.0+715/deps/mbedtls/library/camellia.c:1045:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( buf, camellia_test_ctr_pt[u], len );
data/iotjs-1.0+715/deps/mbedtls/library/ccm.c:149:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char b[16];
data/iotjs-1.0+715/deps/mbedtls/library/ccm.c:150:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char y[16];
data/iotjs-1.0+715/deps/mbedtls/library/ccm.c:151:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char ctr[16];
data/iotjs-1.0+715/deps/mbedtls/library/ccm.c:189:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( b + 1, iv, iv_len );
data/iotjs-1.0+715/deps/mbedtls/library/ccm.c:217:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( b + 2, src, use_len );
data/iotjs-1.0+715/deps/mbedtls/library/ccm.c:228:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( b, src, use_len );
data/iotjs-1.0+715/deps/mbedtls/library/ccm.c:247:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ctr + 1, iv, iv_len );
data/iotjs-1.0+715/deps/mbedtls/library/ccm.c:268:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( b, src, use_len );
data/iotjs-1.0+715/deps/mbedtls/library/ccm.c:277:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( b, dst, use_len );
data/iotjs-1.0+715/deps/mbedtls/library/ccm.c:301:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( tag, y, tag_len );
data/iotjs-1.0+715/deps/mbedtls/library/ccm.c:329:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char check_tag[16];
data/iotjs-1.0+715/deps/mbedtls/library/ccm.c:392:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char res[NB_TESTS][32] = {
data/iotjs-1.0+715/deps/mbedtls/library/ccm.c:406:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char out[32];
data/iotjs-1.0+715/deps/mbedtls/library/cipher.c:237:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ctx->iv, iv, actual_iv_size );
data/iotjs-1.0+715/deps/mbedtls/library/cipher.c:333:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
data/iotjs-1.0+715/deps/mbedtls/library/cipher.c:347:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( &( ctx->unprocessed_data[ctx->unprocessed_len] ), input,
data/iotjs-1.0+715/deps/mbedtls/library/cipher.c:379:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( ctx->unprocessed_data, &( input[ilen - copy_len] ),
data/iotjs-1.0+715/deps/mbedtls/library/cipher.c:782:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char check_tag[16];
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:144:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char L[MBEDTLS_CIPHER_BLKSIZE_MAX];
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:188:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void cmac_pad( unsigned char padded_block[MBEDTLS_CIPHER_BLKSIZE_MAX],
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:267:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:304:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &cmac_ctx->unprocessed_block[cmac_ctx->unprocessed_len],
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:319:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:320:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:321:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char M_last[MBEDTLS_CIPHER_BLKSIZE_MAX];
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:359:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( output, state, block_size );
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:436:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char zero_key[MBEDTLS_AES_BLOCK_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:437:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char int_key[MBEDTLS_AES_BLOCK_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:453:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( int_key, key, MBEDTLS_AES_BLOCK_SIZE );
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:516:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_128_key[16] = {
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:520:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_128_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:532:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_128_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:556:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_192_key[24] = {
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:561:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_192_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:573:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_192_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:597:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_256_key[32] = {
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:603:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_256_subkeys[2][MBEDTLS_AES_BLOCK_SIZE] = {
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:615:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char aes_256_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_AES_BLOCK_SIZE] = {
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:649:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char des3_2key_key[24] = {
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:657:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char des3_2key_subkeys[2][8] = {
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:667:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char des3_2key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:687:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char des3_3key_key[24] = {
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:695:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char des3_3key_subkeys[2][8] = {
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:705:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char des3_3key_expected_result[NB_CMAC_TESTS_PER_KEY][MBEDTLS_DES3_BLOCK_SIZE] = {
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:749:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char PRFT[NB_PRF_TESTS][16] = {
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:777:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char K1[MBEDTLS_CIPHER_BLKSIZE_MAX];
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:778:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char K2[MBEDTLS_CIPHER_BLKSIZE_MAX];
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:857:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output[MBEDTLS_CIPHER_BLKSIZE_MAX];
data/iotjs-1.0+715/deps/mbedtls/library/cmac.c:900:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output[MBEDTLS_AES_BLOCK_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:82:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:149:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT + MBEDTLS_CTR_DRBG_BLOCKSIZE + 16];
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:150:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:151:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char key[MBEDTLS_CTR_DRBG_KEYSIZE];
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:152:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char chain[MBEDTLS_CTR_DRBG_BLOCKSIZE];
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:180:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( p, data, data_len );
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:216:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( tmp + j, chain, MBEDTLS_CTR_DRBG_BLOCKSIZE );
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:240:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( p, iv, MBEDTLS_CTR_DRBG_BLOCKSIZE );
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:264:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                              const unsigned char data[MBEDTLS_CTR_DRBG_SEEDLEN] )
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:266:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[MBEDTLS_CTR_DRBG_SEEDLEN];
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:303:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ctx->counter, tmp + MBEDTLS_CTR_DRBG_KEYSIZE, MBEDTLS_CTR_DRBG_BLOCKSIZE );
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:311:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:328:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char seed[MBEDTLS_CTR_DRBG_MAX_SEED_INPUT];
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:354:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( seed + seedlen, additional, len );
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:384:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char add_input[MBEDTLS_CTR_DRBG_SEEDLEN];
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:386:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[MBEDTLS_CTR_DRBG_BLOCKSIZE];
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:442:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( p, tmp, use_len );
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:482:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:484:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( path, "wb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:507:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[ MBEDTLS_CTR_DRBG_MAX_INPUT ];
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:509:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( path, "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:540:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char entropy_source_pr[96] =
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:554:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char entropy_source_nopr[64] =
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:564:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char nonce_pers_pr[16] =
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:568:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char nonce_pers_nopr[16] =
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:572:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char result_pr[16] =
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:576:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char result_nopr[16] =
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:585:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( buf, p + test_offset, len );
data/iotjs-1.0+715/deps/mbedtls/library/ctr_drbg.c:603:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[16];
data/iotjs-1.0+715/deps/mbedtls/library/debug.c:73:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char idstr[20 + DEBUG_BUF_SIZE]; /* 0x + 16 nibbles + ': ' */
data/iotjs-1.0+715/deps/mbedtls/library/debug.c:86:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char str[DEBUG_BUF_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/debug.c:122:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char str[DEBUG_BUF_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/debug.c:145:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char str[DEBUG_BUF_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/debug.c:146:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char txt[17];
data/iotjs-1.0+715/deps/mbedtls/library/debug.c:200:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char str[DEBUG_BUF_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/debug.c:218:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char str[DEBUG_BUF_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/debug.c:284:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[16];
data/iotjs-1.0+715/deps/mbedtls/library/debug.c:319:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char str[DEBUG_BUF_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/debug.c:331:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( str, start, len );
data/iotjs-1.0+715/deps/mbedtls/library/debug.c:345:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char str[DEBUG_BUF_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/debug.c:353:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/library/des.c:335:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char odd_parity_table[128] = { 1,  2,  4,  7,  8,
data/iotjs-1.0+715/deps/mbedtls/library/des.c:346:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void mbedtls_des_key_set_parity( unsigned char key[MBEDTLS_DES_KEY_SIZE] )
data/iotjs-1.0+715/deps/mbedtls/library/des.c:357:54:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_des_key_check_key_parity( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
data/iotjs-1.0+715/deps/mbedtls/library/des.c:391:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char weak_key_table[WEAK_KEY_COUNT][MBEDTLS_DES_KEY_SIZE] =
data/iotjs-1.0+715/deps/mbedtls/library/des.c:412:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_des_key_check_weak( const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
data/iotjs-1.0+715/deps/mbedtls/library/des.c:424:58:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void mbedtls_des_setkey( uint32_t SK[32], const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
data/iotjs-1.0+715/deps/mbedtls/library/des.c:497:70:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_des_setkey_enc( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
data/iotjs-1.0+715/deps/mbedtls/library/des.c:507:70:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_des_setkey_dec( mbedtls_des_context *ctx, const unsigned char key[MBEDTLS_DES_KEY_SIZE] )
data/iotjs-1.0+715/deps/mbedtls/library/des.c:524:42:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                          const unsigned char key[MBEDTLS_DES_KEY_SIZE*2] )
data/iotjs-1.0+715/deps/mbedtls/library/des.c:551:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
data/iotjs-1.0+715/deps/mbedtls/library/des.c:565:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 2] )
data/iotjs-1.0+715/deps/mbedtls/library/des.c:577:42:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                          const unsigned char key[24] )
data/iotjs-1.0+715/deps/mbedtls/library/des.c:602:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
data/iotjs-1.0+715/deps/mbedtls/library/des.c:616:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                      const unsigned char key[MBEDTLS_DES_KEY_SIZE * 3] )
data/iotjs-1.0+715/deps/mbedtls/library/des.c:631:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    const unsigned char input[8],
data/iotjs-1.0+715/deps/mbedtls/library/des.c:632:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    unsigned char output[8] )
data/iotjs-1.0+715/deps/mbedtls/library/des.c:666:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    unsigned char iv[8],
data/iotjs-1.0+715/deps/mbedtls/library/des.c:671:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char temp[8];
data/iotjs-1.0+715/deps/mbedtls/library/des.c:684:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( iv, output, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/des.c:695:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( temp, input, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/des.c:701:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( iv, temp, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/des.c:718:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     const unsigned char input[8],
data/iotjs-1.0+715/deps/mbedtls/library/des.c:719:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char output[8] )
data/iotjs-1.0+715/deps/mbedtls/library/des.c:765:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char iv[8],
data/iotjs-1.0+715/deps/mbedtls/library/des.c:770:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char temp[8];
data/iotjs-1.0+715/deps/mbedtls/library/des.c:783:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( iv, output, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/des.c:794:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( temp, input, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/des.c:800:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( iv, temp, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/des.c:820:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char des3_test_keys[24] =
data/iotjs-1.0+715/deps/mbedtls/library/des.c:827:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char des3_test_buf[8] =
data/iotjs-1.0+715/deps/mbedtls/library/des.c:832:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char des3_test_ecb_dec[3][8] =
data/iotjs-1.0+715/deps/mbedtls/library/des.c:839:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char des3_test_ecb_enc[3][8] =
data/iotjs-1.0+715/deps/mbedtls/library/des.c:847:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char des3_test_iv[8] =
data/iotjs-1.0+715/deps/mbedtls/library/des.c:852:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char des3_test_cbc_dec[3][8] =
data/iotjs-1.0+715/deps/mbedtls/library/des.c:859:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char des3_test_cbc_enc[3][8] =
data/iotjs-1.0+715/deps/mbedtls/library/des.c:875:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[8];
data/iotjs-1.0+715/deps/mbedtls/library/des.c:877:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char prv[8];
data/iotjs-1.0+715/deps/mbedtls/library/des.c:878:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char iv[8];
data/iotjs-1.0+715/deps/mbedtls/library/des.c:896:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( buf, des3_test_buf, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/des.c:969:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( iv,  des3_test_iv,  8 );
data/iotjs-1.0+715/deps/mbedtls/library/des.c:970:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( prv, des3_test_iv,  8 );
data/iotjs-1.0+715/deps/mbedtls/library/des.c:971:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( buf, des3_test_buf, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/des.c:1017:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                unsigned char tmp[8];
data/iotjs-1.0+715/deps/mbedtls/library/des.c:1024:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( tmp, prv, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/des.c:1025:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( prv, buf, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/des.c:1026:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( buf, tmp, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/des.c:1029:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( buf, prv, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/dhm.c:554:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( path, "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/library/ecdsa.c:173:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char data[2 * MBEDTLS_ECP_MAX_BYTES];
data/iotjs-1.0+715/deps/mbedtls/library/ecdsa.c:296:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_ECDSA_MAX_LEN];
data/iotjs-1.0+715/deps/mbedtls/library/ecdsa.c:307:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( sig, p, len );
data/iotjs-1.0+715/deps/mbedtls/library/ecjpake.c:190:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[ECJPAKE_HASH_BUF_LEN];
data/iotjs-1.0+715/deps/mbedtls/library/ecjpake.c:194:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/ecjpake.c:212:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( p, id, id_len );
data/iotjs-1.0+715/deps/mbedtls/library/ecjpake.c:727:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char kx[MBEDTLS_ECP_MAX_BYTES];
data/iotjs-1.0+715/deps/mbedtls/library/ecjpake.c:949:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( out, &x, use_len );
data/iotjs-1.0+715/deps/mbedtls/library/ecjpake.c:976:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[512], pms[32];
data/iotjs-1.0+715/deps/mbedtls/library/ecp.c:1359:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char k[COMB_MAX_D + 1];
data/iotjs-1.0+715/deps/mbedtls/library/ecp_curves.c:1135:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( Mp, N->p + P521_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) );
data/iotjs-1.0+715/deps/mbedtls/library/ecp_curves.c:1182:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( Mp, N->p + P255_WIDTH - 1, M.n * sizeof( mbedtls_mpi_uint ) );
data/iotjs-1.0+715/deps/mbedtls/library/ecp_curves.c:1237:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
data/iotjs-1.0+715/deps/mbedtls/library/ecp_curves.c:1259:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( Mp, N->p + p_limbs - adjust, M.n * sizeof( mbedtls_mpi_uint ) );
data/iotjs-1.0+715/deps/mbedtls/library/entropy.c:187:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char header[2];
data/iotjs-1.0+715/deps/mbedtls/library/entropy.c:188:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[MBEDTLS_ENTROPY_BLOCK_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/entropy.c:266:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_ENTROPY_MAX_GATHER];
data/iotjs-1.0+715/deps/mbedtls/library/entropy.c:334:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/entropy.c:431:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( output, buf, len );
data/iotjs-1.0+715/deps/mbedtls/library/entropy.c:450:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/entropy.c:472:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/entropy.c:474:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( path, "wb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/library/entropy.c:500:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[ MBEDTLS_ENTROPY_MAX_SEED_SIZE ];
data/iotjs-1.0+715/deps/mbedtls/library/entropy.c:502:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( path, "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/library/entropy.c:603:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf0[2 * sizeof( unsigned long long int )];
data/iotjs-1.0+715/deps/mbedtls/library/entropy.c:604:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf1[2 * sizeof( unsigned long long int )];
data/iotjs-1.0+715/deps/mbedtls/library/entropy.c:653:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
data/iotjs-1.0+715/deps/mbedtls/library/entropy.c:654:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char acc[MBEDTLS_ENTROPY_BLOCK_SIZE] = { 0 };
data/iotjs-1.0+715/deps/mbedtls/library/entropy_poll.c:175:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen( "/dev/urandom", "rb" );
data/iotjs-1.0+715/deps/mbedtls/library/entropy_poll.c:222:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( output, &timer, sizeof(unsigned long) );
data/iotjs-1.0+715/deps/mbedtls/library/entropy_poll.c:249:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/entropy_poll.c:261:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( output, buf, use_len );
data/iotjs-1.0+715/deps/mbedtls/library/gcm.c:109:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char h[16];
data/iotjs-1.0+715/deps/mbedtls/library/gcm.c:213:64:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void gcm_mult( mbedtls_gcm_context *ctx, const unsigned char x[16],
data/iotjs-1.0+715/deps/mbedtls/library/gcm.c:214:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                      unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/gcm.c:222:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char h[16];
data/iotjs-1.0+715/deps/mbedtls/library/gcm.c:277:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char work_buf[16];
data/iotjs-1.0+715/deps/mbedtls/library/gcm.c:300:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ctx->y, iv, iv_len );
data/iotjs-1.0+715/deps/mbedtls/library/gcm.c:358:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char ectr[16];
data/iotjs-1.0+715/deps/mbedtls/library/gcm.c:415:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char work_buf[16];
data/iotjs-1.0+715/deps/mbedtls/library/gcm.c:423:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( tag, ctx->base_ectr, tag_len );
data/iotjs-1.0+715/deps/mbedtls/library/gcm.c:484:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char check_tag[16];
data/iotjs-1.0+715/deps/mbedtls/library/gcm.c:527:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char key[MAX_TESTS][32] =
data/iotjs-1.0+715/deps/mbedtls/library/gcm.c:545:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char iv[MAX_TESTS][64] =
data/iotjs-1.0+715/deps/mbedtls/library/gcm.c:567:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char additional[MAX_TESTS][64] =
data/iotjs-1.0+715/deps/mbedtls/library/gcm.c:581:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char pt[MAX_TESTS][64] =
data/iotjs-1.0+715/deps/mbedtls/library/gcm.c:595:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char ct[MAX_TESTS * 3][64] =
data/iotjs-1.0+715/deps/mbedtls/library/gcm.c:704:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char tag[MAX_TESTS * 3][16] =
data/iotjs-1.0+715/deps/mbedtls/library/gcm.c:747:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[64];
data/iotjs-1.0+715/deps/mbedtls/library/gcm.c:748:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tag_buf[16];
data/iotjs-1.0+715/deps/mbedtls/library/havege.c:236:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( p, &val, use_len );
data/iotjs-1.0+715/deps/mbedtls/library/hmac_drbg.c:78:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char sep[1];
data/iotjs-1.0+715/deps/mbedtls/library/hmac_drbg.c:79:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char K[MBEDTLS_MD_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/hmac_drbg.c:129:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char seed[MBEDTLS_HMAC_DRBG_MAX_SEED_INPUT];
data/iotjs-1.0+715/deps/mbedtls/library/hmac_drbg.c:150:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( seed + seedlen, additional, len );
data/iotjs-1.0+715/deps/mbedtls/library/hmac_drbg.c:291:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( out, ctx->V, use_len );
data/iotjs-1.0+715/deps/mbedtls/library/hmac_drbg.c:349:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
data/iotjs-1.0+715/deps/mbedtls/library/hmac_drbg.c:351:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( path, "wb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/library/hmac_drbg.c:377:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[ MBEDTLS_HMAC_DRBG_MAX_INPUT ];
data/iotjs-1.0+715/deps/mbedtls/library/hmac_drbg.c:379:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( path, "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/library/hmac_drbg.c:429:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char result_pr[OUTPUT_LEN] = {
data/iotjs-1.0+715/deps/mbedtls/library/hmac_drbg.c:444:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char result_nopr[OUTPUT_LEN] = {
data/iotjs-1.0+715/deps/mbedtls/library/hmac_drbg.c:459:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( buf, p + test_offset, len );
data/iotjs-1.0+715/deps/mbedtls/library/hmac_drbg.c:477:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[OUTPUT_LEN];
data/iotjs-1.0+715/deps/mbedtls/library/md.c:288:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/library/md.c:293:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( path, "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/library/md.c:325:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char sum[MBEDTLS_MD_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/md.c:380:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[MBEDTLS_MD_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/md2.c:56:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char PI_SUBST[256] =
data/iotjs-1.0+715/deps/mbedtls/library/md2.c:187:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ctx->buffer + ctx->left, input, fill );
data/iotjs-1.0+715/deps/mbedtls/library/md2.c:217:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/md2.c:231:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ctx->buffer, ctx->cksum, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/md2.c:235:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( output, ctx->state, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/md2.c:242:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                         unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/md2.c:253:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_md2_ret( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/library/md2.c:255:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/md2.c:278:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void mbedtls_md2( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/library/md2.c:280:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/md2.c:291:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char md2_test_str[7][81] =
data/iotjs-1.0+715/deps/mbedtls/library/md2.c:308:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char md2_test_sum[7][16] =
data/iotjs-1.0+715/deps/mbedtls/library/md2.c:332:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char md2sum[16];
data/iotjs-1.0+715/deps/mbedtls/library/md4.c:123:50:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                  const unsigned char data[64] )
data/iotjs-1.0+715/deps/mbedtls/library/md4.c:230:42:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                          const unsigned char data[64] )
data/iotjs-1.0+715/deps/mbedtls/library/md4.c:262:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( (void *) (ctx->buffer + left),
data/iotjs-1.0+715/deps/mbedtls/library/md4.c:284:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( (void *) (ctx->buffer + left),
data/iotjs-1.0+715/deps/mbedtls/library/md4.c:300:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char md4_padding[64] =
data/iotjs-1.0+715/deps/mbedtls/library/md4.c:312:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/md4.c:317:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char msglen[8];
data/iotjs-1.0+715/deps/mbedtls/library/md4.c:347:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                         unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/md4.c:358:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_md4_ret( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/library/md4.c:360:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/md4.c:383:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void mbedtls_md4( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/library/md4.c:385:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/md4.c:396:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char md4_test_str[7][81] =
data/iotjs-1.0+715/deps/mbedtls/library/md4.c:413:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char md4_test_sum[7][16] =
data/iotjs-1.0+715/deps/mbedtls/library/md4.c:437:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char md4sum[16];
data/iotjs-1.0+715/deps/mbedtls/library/md5.c:122:50:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                  const unsigned char data[64] )
data/iotjs-1.0+715/deps/mbedtls/library/md5.c:249:42:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                          const unsigned char data[64] )
data/iotjs-1.0+715/deps/mbedtls/library/md5.c:281:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( (void *) (ctx->buffer + left), input, fill );
data/iotjs-1.0+715/deps/mbedtls/library/md5.c:301:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( (void *) (ctx->buffer + left), input, ilen );
data/iotjs-1.0+715/deps/mbedtls/library/md5.c:316:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char md5_padding[64] =
data/iotjs-1.0+715/deps/mbedtls/library/md5.c:328:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/md5.c:333:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char msglen[8];
data/iotjs-1.0+715/deps/mbedtls/library/md5.c:361:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                         unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/md5.c:372:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_md5_ret( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/library/md5.c:374:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/md5.c:397:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void mbedtls_md5( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/library/md5.c:399:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                  unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/md5.c:409:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char md5_test_buf[7][81] =
data/iotjs-1.0+715/deps/mbedtls/library/md5.c:426:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char md5_test_sum[7][16] =
data/iotjs-1.0+715/deps/mbedtls/library/md5.c:450:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char md5sum[16];
data/iotjs-1.0+715/deps/mbedtls/library/memory_buffer_alloc.c:657:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/library/net_sockets.c:336:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[1] = { 0 };
data/iotjs-1.0+715/deps/mbedtls/library/net_sockets.c:399:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( client_ip, &addr4->sin_addr.s_addr, *ip_len );
data/iotjs-1.0+715/deps/mbedtls/library/net_sockets.c:409:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( client_ip, &addr6->sin6_addr.s6_addr, *ip_len);
data/iotjs-1.0+715/deps/mbedtls/library/padlock.c:82:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       const unsigned char input[16],
data/iotjs-1.0+715/deps/mbedtls/library/padlock.c:83:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char output[16] )
data/iotjs-1.0+715/deps/mbedtls/library/padlock.c:89:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[256];
data/iotjs-1.0+715/deps/mbedtls/library/padlock.c:93:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( blk, input, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/padlock.c:112:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( output, blk, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/padlock.c:123:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       unsigned char iv[16],
data/iotjs-1.0+715/deps/mbedtls/library/padlock.c:132:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[256];
data/iotjs-1.0+715/deps/mbedtls/library/padlock.c:140:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( iw, iv, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/padlock.c:163:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( iv, iw, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:90:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char md5sum[16];
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:110:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( key, md5sum, keylen );
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:114:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( key, md5sum, 16 );
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:134:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( key + 16, md5sum, use_len );
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:147:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static int pem_des_decrypt( unsigned char des_iv[8],
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:152:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char des_key[8];
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:175:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static int pem_des3_decrypt( unsigned char des3_iv[8],
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:180:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char des3_key[24];
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:205:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static int pem_aes_decrypt( unsigned char aes_iv[16], unsigned int keylen,
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:210:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char aes_key[32];
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:244:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pem_iv[16];
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:468:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( p, header, strlen( header ) );
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:475:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( p, c, len );
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:482:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( p, footer, strlen( footer ) );
data/iotjs-1.0+715/deps/mbedtls/library/pk_wrap.c:457:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/pk_wrap.c:458:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[32];
data/iotjs-1.0+715/deps/mbedtls/library/pkcs11.c:221:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( p, oid, oid_size );
data/iotjs-1.0+715/deps/mbedtls/library/pkcs11.c:229:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( p, hash, hashlen );
data/iotjs-1.0+715/deps/mbedtls/library/pkcs12.c:99:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char unipwd[PKCS12_MAX_PWDLEN * 2 + 2];
data/iotjs-1.0+715/deps/mbedtls/library/pkcs12.c:151:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char key[16];
data/iotjs-1.0+715/deps/mbedtls/library/pkcs12.c:183:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char key[32];
data/iotjs-1.0+715/deps/mbedtls/library/pkcs12.c:184:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char iv[16];
data/iotjs-1.0+715/deps/mbedtls/library/pkcs12.c:242:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( p, filler, use_len );
data/iotjs-1.0+715/deps/mbedtls/library/pkcs12.c:256:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char diversifier[128];
data/iotjs-1.0+715/deps/mbedtls/library/pkcs12.c:257:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char salt_block[128], pwd_block[128], hash_block[128];
data/iotjs-1.0+715/deps/mbedtls/library/pkcs12.c:258:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash_output[MBEDTLS_MD_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/pkcs12.c:318:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( p, hash_output, use_len );
data/iotjs-1.0+715/deps/mbedtls/library/pkcs5.c:119:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char key[32], iv[32];
data/iotjs-1.0+715/deps/mbedtls/library/pkcs5.c:187:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( iv, enc_scheme_params.p, enc_scheme_params.len );
data/iotjs-1.0+715/deps/mbedtls/library/pkcs5.c:222:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char md1[MBEDTLS_MD_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/pkcs5.c:223:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char work[MBEDTLS_MD_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/pkcs5.c:227:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char counter[4];
data/iotjs-1.0+715/deps/mbedtls/library/pkcs5.c:251:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( md1, work, md_size );
data/iotjs-1.0+715/deps/mbedtls/library/pkcs5.c:273:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( out_p, work, use_len );
data/iotjs-1.0+715/deps/mbedtls/library/pkcs5.c:303:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char password[MAX_TESTS][32] =
data/iotjs-1.0+715/deps/mbedtls/library/pkcs5.c:315:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char salt[MAX_TESTS][40] =
data/iotjs-1.0+715/deps/mbedtls/library/pkcs5.c:330:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char result_key[MAX_TESTS][32] =
data/iotjs-1.0+715/deps/mbedtls/library/pkcs5.c:354:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char key[64];
data/iotjs-1.0+715/deps/mbedtls/library/pkparse.c:84:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( path, "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/library/pkparse.c:1290:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( key_copy, key, keylen );
data/iotjs-1.0+715/deps/mbedtls/library/pkwrite.c:108:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_ECP_MAX_PT_LEN];
data/iotjs-1.0+715/deps/mbedtls/library/pkwrite.c:121:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( *p, buf, len );
data/iotjs-1.0+715/deps/mbedtls/library/pkwrite.c:457:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output_buf[PUB_DER_MAX_BYTES];
data/iotjs-1.0+715/deps/mbedtls/library/pkwrite.c:479:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output_buf[PRV_DER_MAX_BYTES];
data/iotjs-1.0+715/deps/mbedtls/library/platform.c:238:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/library/platform.c:257:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( file = fopen( MBEDTLS_PLATFORM_STD_NV_SEED_FILE, "w" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/library/ripemd160.c:127:56:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                        const unsigned char data[64] )
data/iotjs-1.0+715/deps/mbedtls/library/ripemd160.c:308:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                const unsigned char data[64] )
data/iotjs-1.0+715/deps/mbedtls/library/ripemd160.c:340:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( (void *) (ctx->buffer + left), input, fill );
data/iotjs-1.0+715/deps/mbedtls/library/ripemd160.c:361:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( (void *) (ctx->buffer + left), input, ilen );
data/iotjs-1.0+715/deps/mbedtls/library/ripemd160.c:376:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char ripemd160_padding[64] =
data/iotjs-1.0+715/deps/mbedtls/library/ripemd160.c:388:44:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                  unsigned char output[20] )
data/iotjs-1.0+715/deps/mbedtls/library/ripemd160.c:393:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char msglen[8];
data/iotjs-1.0+715/deps/mbedtls/library/ripemd160.c:424:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                               unsigned char output[20] )
data/iotjs-1.0+715/deps/mbedtls/library/ripemd160.c:435:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_ripemd160_ret( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/library/ripemd160.c:437:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                           unsigned char output[20] )
data/iotjs-1.0+715/deps/mbedtls/library/ripemd160.c:460:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void mbedtls_ripemd160( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/library/ripemd160.c:462:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        unsigned char output[20] )
data/iotjs-1.0+715/deps/mbedtls/library/ripemd160.c:474:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char ripemd160_test_str[TESTS][81] =
data/iotjs-1.0+715/deps/mbedtls/library/ripemd160.c:492:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char ripemd160_test_md[TESTS][20] =
data/iotjs-1.0+715/deps/mbedtls/library/ripemd160.c:518:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output[20];
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:1004:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char mask[MBEDTLS_MD_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:1005:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char counter[4];
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:1102:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( p, input, ilen );
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:1189:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( p, input, ilen );
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:1243:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:1244:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char lhash[MBEDTLS_MD_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:1353:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( output, p, *olen );
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:1379:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:1451:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( output, p, *olen );
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:1507:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char salt[MBEDTLS_MD_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:1552:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( p, salt, slen );
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:1692:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( p, hash, hashlen );
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:1715:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( p, oid, oid_size );
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:1721:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( p, hash, hashlen );
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:1797:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( sig, sig_try, ctx->len );
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:1857:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char result[MBEDTLS_MD_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:1858:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char zeros[8];
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:1863:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:2247:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char rsa_plaintext[PT_LEN];
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:2248:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char rsa_decrypted[PT_LEN];
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:2249:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char rsa_ciphertext[KEY_LEN];
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:2251:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char sha1sum[20];
data/iotjs-1.0+715/deps/mbedtls/library/rsa.c:2288:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( rsa_plaintext, RSA_PT, PT_LEN );
data/iotjs-1.0+715/deps/mbedtls/library/sha1.c:123:51:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                   const unsigned char data[64] )
data/iotjs-1.0+715/deps/mbedtls/library/sha1.c:283:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                           const unsigned char data[64] )
data/iotjs-1.0+715/deps/mbedtls/library/sha1.c:315:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( (void *) (ctx->buffer + left), input, fill );
data/iotjs-1.0+715/deps/mbedtls/library/sha1.c:335:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( (void *) (ctx->buffer + left), input, ilen );
data/iotjs-1.0+715/deps/mbedtls/library/sha1.c:349:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char sha1_padding[64] =
data/iotjs-1.0+715/deps/mbedtls/library/sha1.c:361:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                             unsigned char output[20] )
data/iotjs-1.0+715/deps/mbedtls/library/sha1.c:366:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char msglen[8];
data/iotjs-1.0+715/deps/mbedtls/library/sha1.c:394:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                          unsigned char output[20] )
data/iotjs-1.0+715/deps/mbedtls/library/sha1.c:405:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_sha1_ret( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/library/sha1.c:407:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                      unsigned char output[20] )
data/iotjs-1.0+715/deps/mbedtls/library/sha1.c:430:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void mbedtls_sha1( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/library/sha1.c:432:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                   unsigned char output[20] )
data/iotjs-1.0+715/deps/mbedtls/library/sha1.c:442:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char sha1_test_buf[3][57] =
data/iotjs-1.0+715/deps/mbedtls/library/sha1.c:454:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char sha1_test_sum[3][20] =
data/iotjs-1.0+715/deps/mbedtls/library/sha1.c:470:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/library/sha1.c:471:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char sha1sum[20];
data/iotjs-1.0+715/deps/mbedtls/library/sha256.c:193:48:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                const unsigned char data[64] )
data/iotjs-1.0+715/deps/mbedtls/library/sha256.c:252:45:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                             const unsigned char data[64] )
data/iotjs-1.0+715/deps/mbedtls/library/sha256.c:284:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( (void *) (ctx->buffer + left), input, fill );
data/iotjs-1.0+715/deps/mbedtls/library/sha256.c:304:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( (void *) (ctx->buffer + left), input, ilen );
data/iotjs-1.0+715/deps/mbedtls/library/sha256.c:318:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char sha256_padding[64] =
data/iotjs-1.0+715/deps/mbedtls/library/sha256.c:330:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                               unsigned char output[32] )
data/iotjs-1.0+715/deps/mbedtls/library/sha256.c:335:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char msglen[8];
data/iotjs-1.0+715/deps/mbedtls/library/sha256.c:369:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            unsigned char output[32] )
data/iotjs-1.0+715/deps/mbedtls/library/sha256.c:380:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_sha256_ret( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/library/sha256.c:382:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        unsigned char output[32],
data/iotjs-1.0+715/deps/mbedtls/library/sha256.c:406:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void mbedtls_sha256( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/library/sha256.c:408:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char output[32],
data/iotjs-1.0+715/deps/mbedtls/library/sha256.c:419:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char sha256_test_buf[3][57] =
data/iotjs-1.0+715/deps/mbedtls/library/sha256.c:431:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char sha256_test_sum[6][32] =
data/iotjs-1.0+715/deps/mbedtls/library/sha256.c:473:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char sha256sum[32];
data/iotjs-1.0+715/deps/mbedtls/library/sha512.c:210:53:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                     const unsigned char data[128] )
data/iotjs-1.0+715/deps/mbedtls/library/sha512.c:283:45:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                             const unsigned char data[128] )
data/iotjs-1.0+715/deps/mbedtls/library/sha512.c:314:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( (void *) (ctx->buffer + left), input, fill );
data/iotjs-1.0+715/deps/mbedtls/library/sha512.c:334:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( (void *) (ctx->buffer + left), input, ilen );
data/iotjs-1.0+715/deps/mbedtls/library/sha512.c:348:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char sha512_padding[128] =
data/iotjs-1.0+715/deps/mbedtls/library/sha512.c:364:41:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                               unsigned char output[64] )
data/iotjs-1.0+715/deps/mbedtls/library/sha512.c:369:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char msglen[16];
data/iotjs-1.0+715/deps/mbedtls/library/sha512.c:405:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            unsigned char output[64] )
data/iotjs-1.0+715/deps/mbedtls/library/sha512.c:416:40:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int mbedtls_sha512_ret( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/library/sha512.c:418:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    unsigned char output[64],
data/iotjs-1.0+715/deps/mbedtls/library/sha512.c:442:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void mbedtls_sha512( const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/library/sha512.c:444:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char output[64],
data/iotjs-1.0+715/deps/mbedtls/library/sha512.c:456:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char sha512_test_buf[3][113] =
data/iotjs-1.0+715/deps/mbedtls/library/sha512.c:469:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char sha512_test_sum[6][64] =
data/iotjs-1.0+715/deps/mbedtls/library/sha512.c:529:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char sha512sum[64];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cache.c:95:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( session->master, entry->session.master, 48 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cache.c:242:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &cur->session, session, sizeof( mbedtls_ssl_session ) );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cache.c:266:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( cur->peer_cert.p, session->peer_cert->raw.p,
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cli.c:121:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( p, ssl->hostname, hostname_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cli.c:161:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cli.c:414:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ssl->handshake->ecjpake_cache, p + 2, kkpp_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cli.c:429:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( p + 2, ssl->handshake->ecjpake_cache, kkpp_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cli.c:611:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( p, ssl->session_negotiate->ticket, tlen );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cli.c:661:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( p + 1, *cur, *p );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cli.c:776:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( p, ssl->handshake->randbytes, 32 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cli.c:851:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( p, ssl->handshake->verify_cookie,
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cli.c:1427:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ssl->handshake->verify_cookie, p, cookie_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cli.c:1565:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ssl->handshake->randbytes + 32, buf + 2, 32 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cli.c:1672:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ssl->session_negotiate->id, buf + 35, n );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cli.c:2437:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char hash[64];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cli.c:2891:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ssl->out_msg + i, ssl->conf->psk_identity, ssl->conf->psk_identity_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cli.c:3070:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[48];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cli.c:3306:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ticket, msg + 6, ticket_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cookie.c:112:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char key[COOKIE_MD_OUTLEN];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cookie.c:134:44:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            const unsigned char time[4],
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cookie.c:138:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hmac_out[COOKIE_MD_OUTLEN];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cookie.c:151:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( *p, hmac_out, COOKIE_HMAC_LEN );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cookie.c:210:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char ref_hmac[COOKIE_HMAC_LEN];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c:72:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ssl->cli_id, info, ilen );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c:550:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &session.id, ssl->session_negotiate->id, session.id_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c:553:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ssl->session_negotiate, &session, sizeof( mbedtls_ssl_session ) );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c:1049:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ssl->session_negotiate->id, p, ssl->session_negotiate->id_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c:1053:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ssl->handshake->randbytes + 32 - chal_len, p, chal_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c:1284:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ssl->out_ctr + 2, ssl->in_ctr + 2, 6 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c:1485:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ssl->handshake->randbytes, buf + 2, 32 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c:1506:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ssl->session_negotiate->id, buf + 35,
data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c:2163:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( p, ssl->peer_verify_data, ssl->verify_data_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c:2165:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( p, ssl->own_verify_data, ssl->verify_data_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c:2313:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( buf + 7, ssl->alpn_chosen, *olen - 7 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c:2445:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ssl->handshake->randbytes + 32, buf + 6, 32 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c:2517:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( p, ssl->session_negotiate->id, ssl->session_negotiate->id_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c:2783:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( p, crt->subject_raw.p, dn_size );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c:3049:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char hash[64];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c:3289:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char ver[2];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c:3290:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char fake_pms[48], peer_pms[48];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c:3726:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[48];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_ticket.c:68:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MAX_KEY_BYTES];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_ticket.c:182:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( p, session, sizeof( mbedtls_ssl_session ) );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_ticket.c:200:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( p, session->peer_cert->raw.p, cert_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_ticket.c:225:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( session, p, sizeof( mbedtls_ssl_session ) );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_ticket.c:324:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( key_name, key->name, 4 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_ticket.c:369:24:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        const unsigned char name[4] )
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:162:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( dst, src, sizeof( mbedtls_ssl_session ) );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:192:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( dst->ticket, src->ticket, src->ticket_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:228:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char padding[16];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:229:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char sha1sum[20];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:288:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[128];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:289:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char h_i[20];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:304:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( tmp + 20, label, nb );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:305:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( tmp + 20 + nb, random, rlen );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:386:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[128];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:387:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char h_i[MBEDTLS_MD_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:403:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( tmp + md_len, label, nb );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:404:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( tmp + md_len + nb, random, rlen );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:498:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[64];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:499:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char keyblk[256];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:596:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char session_hash[48];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:653:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( tmp, handshake->randbytes, 64 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:654:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( handshake->randbytes, tmp + 32, 32 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:655:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( handshake->randbytes + 32, tmp, 32 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:809:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( transform->iv_enc, key2 + transform->keylen,  iv_copy_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:810:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( transform->iv_dec, key2 + transform->keylen + iv_copy_len,
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:829:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( transform->iv_dec, key1 + transform->keylen,  iv_copy_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:830:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( transform->iv_enc, key1 + transform->keylen + iv_copy_len,
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:849:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( transform->mac_enc, mac_enc, mac_key_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:850:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( transform->mac_dec, mac_dec, mac_key_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:986:62:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void ssl_calc_verify_ssl( mbedtls_ssl_context *ssl, unsigned char hash[36] )
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:990:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pad_1[48];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:991:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pad_2[48];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1035:62:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void ssl_calc_verify_tls( mbedtls_ssl_context *ssl, unsigned char hash[36] )
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1063:69:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void ssl_calc_verify_tls_sha256( mbedtls_ssl_context *ssl, unsigned char hash[32] )
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1084:69:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void ssl_calc_verify_tls_sha384( mbedtls_ssl_context *ssl, unsigned char hash[48] )
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1216:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( p, psk, psk_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1231:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     const unsigned char *secret,
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1232:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     const unsigned char *buf, size_t len,
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1233:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     const unsigned char *ctr, int type,
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1234:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char out[SSL_MAC_MAX_BYTES] )
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1236:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char header[11];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1237:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char padding[48];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1248:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( header, ctr, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1319:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char mac[SSL_MAC_MAX_BYTES];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1327:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( ssl->out_msg + ssl->out_msglen, mac, ssl->transform_out->maclen );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1335:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char mac[MBEDTLS_SSL_MAC_ADD];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1345:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( ssl->out_msg + ssl->out_msglen, mac, ssl->transform_out->maclen );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1401:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char add_data[13];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1405:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( add_data, ssl->out_ctr, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1425:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ssl->transform_out->iv_enc + ssl->transform_out->fixed_ivlen,
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1427:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ssl->out_iv, ssl->out_ctr, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1508:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( ssl->out_iv, ssl->transform_out->iv_enc,
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1547:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( ssl->transform_out->iv_enc,
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1564:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char pseudo_hdr[13];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1568:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pseudo_hdr +  0, ssl->out_ctr, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1569:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pseudo_hdr +  8, ssl->out_hdr, 3 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1667:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char add_data[13];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1686:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( add_data, ssl->in_ctr, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1696:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ssl->transform_in->iv_dec + ssl->transform_in->fixed_ivlen,
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1774:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1775:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char pseudo_hdr[13];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1782:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pseudo_hdr +  0, ssl->in_ctr, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1783:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( pseudo_hdr +  8, ssl->in_hdr, 3 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1857:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( ssl->transform_in->iv_dec,
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:1961:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char mac_expect[MBEDTLS_SSL_MAC_ADD];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:2114:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( msg_pre, ssl->out_msg, len_pre );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:2160:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( msg_pre, ssl->in_msg, len_pre );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:2530:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( msg->p, ssl->out_msg, ssl->out_msglen );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:2578:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp_out_ctr[8];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:2594:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( tmp_out_ctr,                 ssl->out_ctr,                8 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:2595:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ssl->out_ctr,                ssl->handshake->alt_out_ctr, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:2596:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ssl->handshake->alt_out_ctr, tmp_out_ctr,                 8 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:2655:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ssl->out_msg, cur->p, cur->len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:2804:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( ssl->out_msg + 9, ssl->out_msg + 1, 3 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:3012:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ssl->handshake->hs_msg, ssl->in_msg, 6 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:3014:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ssl->handshake->hs_msg + 9,
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:3057:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( msg + frag_off, ssl->in_msg + 12, frag_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:3108:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ssl->in_msg, ssl->handshake->hs_msg, ssl->in_hslen );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:3414:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( obuf, in, 25 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:4337:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        i += 3; memcpy( ssl->out_msg + i, crt->raw.p, n );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:4960:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char padbuf[48];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:4961:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char md5sum[16];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:4962:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char sha1sum[20];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:5045:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char padbuf[36];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:5104:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char padbuf[32];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:5153:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char padbuf[48];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:5312:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ssl->own_verify_data, ssl->out_msg + 4, hash_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:5350:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ssl->handshake->alt_out_ctr, ssl->out_ctr, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:5411:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[SSL_MAX_HASH_LEN];
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:5459:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ssl->peer_verify_data, buf, hash_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:6134:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( conf->psk, psk, conf->psk_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:6135:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( conf->psk_identity, psk_identity, conf->psk_identity_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:6160:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( ssl->handshake->psk, psk, ssl->handshake->psk_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:6297:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ssl->hostname, hostname, hostname_len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:6443:51:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                   const unsigned char period[8] )
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:6445:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( conf->renego_period, period, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:7130:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( buf, ssl->in_offt, n );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:7190:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( ssl->out_msg, buf, len );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:8065:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        unsigned char ver[2] )
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:8087:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                       const unsigned char ver[2] )
data/iotjs-1.0+715/deps/mbedtls/library/version.c:40:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( string, MBEDTLS_VERSION_STRING,
data/iotjs-1.0+715/deps/mbedtls/library/version.c:46:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( string, MBEDTLS_VERSION_STRING_FULL,
data/iotjs-1.0+715/deps/mbedtls/library/x509.c:755:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s[MBEDTLS_X509_MAX_DN_NAME_SIZE], *p;
data/iotjs-1.0+715/deps/mbedtls/library/x509_create.c:96:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char data[MBEDTLS_X509_MAX_DN_NAME_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/x509_create.c:178:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( cur->val.p + 1, val, val_len );
data/iotjs-1.0+715/deps/mbedtls/library/x509_create.c:267:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( *p, sig, len );
data/iotjs-1.0+715/deps/mbedtls/library/x509_crl.c:353:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( p, buf, buflen );
data/iotjs-1.0+715/deps/mbedtls/library/x509_crt.c:718:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( p, buf, crt->raw.len );
data/iotjs-1.0+715/deps/mbedtls/library/x509_crt.c:1114:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[MAX_PATH];
data/iotjs-1.0+715/deps/mbedtls/library/x509_crt.c:1126:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( filename, path, len );
data/iotjs-1.0+715/deps/mbedtls/library/x509_crt.c:1131:13:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
    w_ret = MultiByteToWideChar( CP_ACP, 0, filename, (int)len, szDir,
data/iotjs-1.0+715/deps/mbedtls/library/x509_crt.c:1176:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char entry_name[MBEDTLS_X509_MAX_FILE_PATH_LEN];
data/iotjs-1.0+715/deps/mbedtls/library/x509_crt.c:1372:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key_size_str[BEFORE_COLON];
data/iotjs-1.0+715/deps/mbedtls/library/x509_crt.c:1644:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/x509_crt.c:1915:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/x509_crt.c:2057:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[MBEDTLS_MD_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/x509_csr.c:120:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( p, buf, buflen );
data/iotjs-1.0+715/deps/mbedtls/library/x509_csr.c:346:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key_size_str[BEFORE_COLON];
data/iotjs-1.0+715/deps/mbedtls/library/x509write_crt.c:142:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[9];
data/iotjs-1.0+715/deps/mbedtls/library/x509write_crt.c:173:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
data/iotjs-1.0+715/deps/mbedtls/library/x509write_crt.c:198:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_MPI_MAX_SIZE * 2 + 20]; /* tag, length + 2xMPI */
data/iotjs-1.0+715/deps/mbedtls/library/x509write_crt.c:228:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[4], ku;
data/iotjs-1.0+715/deps/mbedtls/library/x509write_crt.c:254:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[4];
data/iotjs-1.0+715/deps/mbedtls/library/x509write_crt.c:309:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[64];
data/iotjs-1.0+715/deps/mbedtls/library/x509write_crt.c:310:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/x509write_crt.c:311:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp_buf[2048];
data/iotjs-1.0+715/deps/mbedtls/library/x509write_crt.c:446:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( c2, c, len );
data/iotjs-1.0+715/deps/mbedtls/library/x509write_crt.c:465:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output_buf[4096];
data/iotjs-1.0+715/deps/mbedtls/library/x509write_csr.c:90:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[4];
data/iotjs-1.0+715/deps/mbedtls/library/x509write_csr.c:111:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[4];
data/iotjs-1.0+715/deps/mbedtls/library/x509write_csr.c:137:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[64];
data/iotjs-1.0+715/deps/mbedtls/library/x509write_csr.c:138:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char sig[MBEDTLS_MPI_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/library/x509write_csr.c:139:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp_buf[2048];
data/iotjs-1.0+715/deps/mbedtls/library/x509write_csr.c:227:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( c2, c, len );
data/iotjs-1.0+715/deps/mbedtls/library/x509write_csr.c:246:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output_buf[4096];
data/iotjs-1.0+715/deps/mbedtls/library/xtea.c:89:68:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void mbedtls_xtea_setup( mbedtls_xtea_context *ctx, const unsigned char key[16] )
data/iotjs-1.0+715/deps/mbedtls/library/xtea.c:105:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    const unsigned char input[8], unsigned char output[8])
data/iotjs-1.0+715/deps/mbedtls/library/xtea.c:105:60:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    const unsigned char input[8], unsigned char output[8])
data/iotjs-1.0+715/deps/mbedtls/library/xtea.c:148:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    unsigned char iv[8], const unsigned char *input,
data/iotjs-1.0+715/deps/mbedtls/library/xtea.c:152:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char temp[8];
data/iotjs-1.0+715/deps/mbedtls/library/xtea.c:161:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( temp, input, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/xtea.c:167:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( iv, temp, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/xtea.c:182:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( iv, output, 8 );
data/iotjs-1.0+715/deps/mbedtls/library/xtea.c:201:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char xtea_test_key[6][16] =
data/iotjs-1.0+715/deps/mbedtls/library/xtea.c:217:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char xtea_test_pt[6][8] =
data/iotjs-1.0+715/deps/mbedtls/library/xtea.c:227:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char xtea_test_ct[6][8] =
data/iotjs-1.0+715/deps/mbedtls/library/xtea.c:243:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[8];
data/iotjs-1.0+715/deps/mbedtls/library/xtea.c:252:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( buf, xtea_test_pt[i], 8 );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:83:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char IV[16];
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:84:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[16];
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:85:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char key[512];
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:86:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char digest[32];
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:87:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buffer[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:127:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    mode = atoi( argv[1] );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:145:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( fin = fopen( argv[2], "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:151:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( fout = fopen( argv[3], "wb+" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:160:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( fkey = fopen( argv[4], "rb" ) ) != NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:186:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( key, argv[4], keylen );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:240:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( IV, digest, 16 );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:265:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( digest, IV, 16 );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:304:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( IV, buffer, 16 );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:356:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( IV, buffer, 16 );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:364:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( digest, IV, 16 );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:388:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( tmp, buffer, 16 );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:396:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( IV, tmp, 16 );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c:82:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char IV[16];
data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c:83:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char key[512];
data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c:84:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char digest[MBEDTLS_MD_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c:85:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buffer[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c:86:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c:140:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    mode = atoi( argv[1] );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c:154:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( fin = fopen( argv[2], "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c:160:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( fout = fopen( argv[3], "wb+" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c:197:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( fkey = fopen( argv[6], "rb" ) ) != NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c:223:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( key, argv[6], keylen );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c:277:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( IV, digest, 16 );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c:293:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( digest, IV, 16 );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c:426:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( IV, buffer, 16 );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c:433:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( digest, IV, 16 );
data/iotjs-1.0+715/deps/mbedtls/programs/hash/generic_sum.c:66:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char sum[MBEDTLS_MD_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/programs/hash/generic_sum.c:85:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char sum[MBEDTLS_MD_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/programs/hash/generic_sum.c:86:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/hash/generic_sum.c:89:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1] = { };
data/iotjs-1.0+715/deps/mbedtls/programs/hash/generic_sum.c:91:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[MBEDTLS_MD_MAX_SIZE * 2 + 1];
data/iotjs-1.0+715/deps/mbedtls/programs/hash/generic_sum.c:94:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( filename, "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/hash/generic_sum.c:137:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf( buf + i * 2, "%02x", sum[i] );
data/iotjs-1.0+715/deps/mbedtls/programs/hash/hello.c:52:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char digest[16];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_client.c:79:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[2048];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_client.c:80:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[32];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_client.c:116:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_genprime.c:101:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            nbits = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_genprime.c:165:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( fout = fopen( "dh_prime.txt", "wb+" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_server.c:78:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[2048];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_server.c:79:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[32];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_server.c:80:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf2[2];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_server.c:122:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_server.c:165:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( "dh_prime.txt", "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_server.c:296:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( buf, PLAINTEXT, 16 );
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/ecdh_curve25519.c:58:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char cli_to_srv[32], srv_to_cli[32];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/ecdsa.c:82:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[300];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/ecdsa.c:105:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char message[100];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/ecdsa.c:106:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[32];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/ecdsa.c:107:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char sig[MBEDTLS_ECDSA_MAX_LEN];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/gen_key.c:64:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen( "/dev/random", "rb" );
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/gen_key.c:152:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output_buf[16000];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/gen_key.c:173:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( output_file, "wb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/gen_key.c:191:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/gen_key.c:263:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.rsa_keysize = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/gen_key.c:280:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.use_dev_random = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/key_app.c:87:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/key_app.c:155:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if( ( f = fopen( opt.password_file, "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/key_app_writer.c:110:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output_buf[16000];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/key_app_writer.c:134:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( output_file, "w" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/key_app_writer.c:152:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output_buf[16000];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/key_app_writer.c:176:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( output_file, "w" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/key_app_writer.c:193:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_decrypt.c:67:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char result[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_decrypt.c:68:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[512];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_decrypt.c:115:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_encrypt.c:67:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char input[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_encrypt.c:68:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[512];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_encrypt.c:114:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( input, argv[2], strlen( argv[2] ) );
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_encrypt.c:133:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_sign.c:66:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[32];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_sign.c:67:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_sign.c:68:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[512];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_sign.c:135:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( filename, "wb+" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_verify.c:61:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[32];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_verify.c:62:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_verify.c:63:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[512];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_verify.c:93:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( filename, "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_decrypt.c:70:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char result[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_decrypt.c:71:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[512];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_decrypt.c:113:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_decrypt.c:155:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( "result-enc.txt", "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_encrypt.c:69:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char input[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_encrypt.c:70:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[512];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_encrypt.c:109:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_encrypt.c:144:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( input, argv[1], strlen( argv[1] ) );
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_encrypt.c:166:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( "result-enc.txt", "wb+" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_genkey.c:112:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( fpub = fopen( "rsa_pub.txt", "wb+" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_genkey.c:129:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( fpriv = fopen( "rsa_priv.txt", "wb+" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_sign.c:61:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[32];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_sign.c:62:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_sign.c:63:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[512];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_sign.c:88:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( "rsa_priv.txt", "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_sign.c:160:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( filename, "wb+" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_sign_pss.c:67:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[32];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_sign_pss.c:68:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_sign_pss.c:69:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[512];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_sign_pss.c:146:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( filename, "wb+" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_verify.c:60:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[32];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_verify.c:61:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_verify.c:62:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[512];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_verify.c:81:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( "rsa_pub.txt", "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_verify.c:106:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( filename, "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_verify_pss.c:65:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char hash[32];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_verify_pss.c:66:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_MPI_MAX_SIZE];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_verify_pss.c:67:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[512];
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_verify_pss.c:107:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( filename, "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/random/gen_entropy.c:54:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
data/iotjs-1.0+715/deps/mbedtls/programs/random/gen_entropy.c:62:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/random/gen_random_ctr_drbg.c:58:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/random/gen_random_ctr_drbg.c:68:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/random/gen_random_havege.c:56:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/random/gen_random_havege.c:64:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( argv[1], "wb+" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/dtls_client.c:88:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/dtls_client.c:231:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char vrfy_buf[512];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/dtls_client.c:322:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char error_buf[100];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/dtls_server.c:96:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/dtls_server.c:98:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char client_ip[16] = { 0 };
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/dtls_server.c:253:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char error_buf[100];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/dtls_server.c:391:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char error_buf[100];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client1.c:86:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client1.c:216:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char vrfy_buf[512];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client1.c:289:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char error_buf[100];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:404:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:444:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MAX_REQUEST_SIZE + 1];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:447:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char psk[MBEDTLS_PSK_MAX_LEN];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:451:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *alpn_list[ALPN_LIST_SIZE];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:577:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int t = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:587:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.debug_level = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:593:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.nbio = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:598:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.read_timeout = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:601:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.max_resend = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:609:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.request_size = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:641:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.renegotiation = (atoi( q )) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED :
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:646:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            switch( atoi( q ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:656:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.renegotiate = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:662:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.exchanges = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:668:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.reconnect = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:674:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.reco_delay = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:680:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.reconnect_hard = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:686:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.tickets = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:696:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            switch( atoi( q ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:705:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            switch( atoi( q ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:716:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            switch( atoi( q ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:755:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            switch( atoi( q ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:764:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            switch( atoi( q ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:834:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            switch( atoi( q ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:846:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.hs_to_min = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:847:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.hs_to_max = atoi( p );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:853:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.recsplit = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:859:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.dhmlen = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:1088:51:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                  (const unsigned char *) mbedtls_test_cas[i],
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:1453:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char vrfy_buf[512];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:1783:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char error_buf[100];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_fork_server.c:100:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:171:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:203:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char vrfy_buf[512];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:242:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char data[128];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:243:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char code[4];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:288:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                return atoi( code );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:300:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char data[128];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:301:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char code[4];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:338:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                return atoi( code );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:351:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:353:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char base[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:355:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hostname[32];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:424:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.debug_level = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:430:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.authentication = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:436:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.mode = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:689:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        len = sprintf( (char *) buf, "STARTTLS\r\n" );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:709:15:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        len = sprintf( (char *) buf, "AUTH LOGIN\r\n" );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:790:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    len = sprintf( (char *) buf, "DATA\r\n" );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:810:11:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    len = sprintf( (char *) buf, "\r\n.\r\n");
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_pthread_server.c:128:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_pthread_server.c:260:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char error_buf[100];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_pthread_server.c:302:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &threads[i].data, &base_info, sizeof(base_info) );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_pthread_server.c:304:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy( &threads[i].data.client_fd, client_fd, sizeof( mbedtls_net_context ) );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_pthread_server.c:328:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char alloc_buf[100000];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_pthread_server.c:469:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char error_buf[100];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server.c:97:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server.c:236:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char error_buf[100];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server.c:372:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char error_buf[100];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:724:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char key[MBEDTLS_PSK_MAX_LEN];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:844:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[IO_BUF_LEN];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:846:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char psk[MBEDTLS_PSK_MAX_LEN];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:851:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char client_ip[16] = { 0 };
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:868:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char renego_period[8] = { 0 };
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:896:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *alpn_list[ALPN_LIST_SIZE];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:899:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char alloc_buf[100000];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1030:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int t = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1040:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.debug_level = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1046:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.nbio = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1051:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.read_timeout = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1091:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.renegotiation = (atoi( q )) ? MBEDTLS_SSL_RENEGOTIATION_ENABLED :
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1096:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            switch( atoi( q ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1106:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.renegotiate = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1112:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.renego_delay = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1127:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.exchanges = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1163:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            switch( atoi( q ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1172:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            switch( atoi( q ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1223:36:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.cert_req_ca_list = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1246:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            switch( atoi( q ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1255:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            switch( atoi( q ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1264:21:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            switch( atoi( q ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1273:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.tickets = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1279:34:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.ticket_timeout = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1285:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.cache_max = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1291:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.cache_timeout = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1297:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.cookies = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1303:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.anti_replay = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1309:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.badmac_limit = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1318:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.hs_to_min = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1319:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.hs_to_max = atoi( p );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1387:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        const char *name[4] = { 0 };
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1563:51:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                                  (const unsigned char *) mbedtls_test_cas[i],
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:2039:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char error_buf[100];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:2137:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char vrfy_buf[512];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:2181:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char vrfy_buf[512];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:2194:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char crt_buf[512];
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:2278:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy( larger_buf, buf, ori_len );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:2444:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char error_buf[100];
data/iotjs-1.0+715/deps/mbedtls/programs/test/benchmark.c:198:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( output, &rnd, use_len );
data/iotjs-1.0+715/deps/mbedtls/programs/test/benchmark.c:226:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char buf[BUFSIZE];
data/iotjs-1.0+715/deps/mbedtls/programs/test/benchmark.c:240:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[200];
data/iotjs-1.0+715/deps/mbedtls/programs/test/benchmark.c:241:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[TITLE_LEN];
data/iotjs-1.0+715/deps/mbedtls/programs/test/benchmark.c:244:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char alloc_buf[HEAP_SIZE] = { 0 };
data/iotjs-1.0+715/deps/mbedtls/programs/test/benchmark.c:386:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char output[8];
data/iotjs-1.0+715/deps/mbedtls/programs/test/benchmark.c:471:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char output[16];
data/iotjs-1.0+715/deps/mbedtls/programs/test/selftest.c:75:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static int test_snprintf( size_t n, const char ref_buf[10], int ref_ret )
data/iotjs-1.0+715/deps/mbedtls/programs/test/selftest.c:78:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[10] = "xxxxxxxxx";
data/iotjs-1.0+715/deps/mbedtls/programs/test/selftest.c:79:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char ref[10] = "xxxxxxxxx";
data/iotjs-1.0+715/deps/mbedtls/programs/test/selftest.c:116:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char seed_value[MBEDTLS_ENTROPY_BLOCK_SIZE];
data/iotjs-1.0+715/deps/mbedtls/programs/test/selftest.c:271:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1000000];
data/iotjs-1.0+715/deps/mbedtls/programs/test/ssl_cert_test.c:57:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *client_certificates[MAX_CLIENT_CERTS] =
data/iotjs-1.0+715/deps/mbedtls/programs/test/ssl_cert_test.c:69:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *client_private_keys[MAX_CLIENT_CERTS] =
data/iotjs-1.0+715/deps/mbedtls/programs/test/ssl_cert_test.c:86:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[10240];
data/iotjs-1.0+715/deps/mbedtls/programs/test/ssl_cert_test.c:136:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char    name[512];
data/iotjs-1.0+715/deps/mbedtls/programs/test/ssl_cert_test.c:170:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                 char vrfy_buf[512];
data/iotjs-1.0+715/deps/mbedtls/programs/test/udp_proxy.c:174:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.duplicate = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/test/udp_proxy.c:180:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.delay = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/test/udp_proxy.c:186:29:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.delay_ccs = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/test/udp_proxy.c:192:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.drop = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/test/udp_proxy.c:198:23:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.mtu = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/test/udp_proxy.c:204:26:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.bad_ad = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/test/udp_proxy.c:210:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.protect_hvr = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/test/udp_proxy.c:216:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.protect_len = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/test/udp_proxy.c:222:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.seed = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/test/udp_proxy.c:297:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[MAX_MSG_SIZE];
data/iotjs-1.0+715/deps/mbedtls/programs/test/udp_proxy.c:321:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char buf[MAX_MSG_SIZE];
data/iotjs-1.0+715/deps/mbedtls/programs/test/udp_proxy.c:322:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( buf, p->buf, p->len );
data/iotjs-1.0+715/deps/mbedtls/programs/test/udp_proxy.c:370:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned char dropped[2048] = { 0 };
data/iotjs-1.0+715/deps/mbedtls/programs/test/udp_proxy.c:448:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( &prev, &cur, sizeof( packet ) );
data/iotjs-1.0+715/deps/mbedtls/programs/test/udp_proxy.c:599:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char error_buf[100];
data/iotjs-1.0+715/deps/mbedtls/programs/util/pem2der.c:124:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( path, "rb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/util/pem2der.c:166:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( path, "wb" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/util/pem2der.c:183:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char der_buffer[4096];
data/iotjs-1.0+715/deps/mbedtls/programs/util/pem2der.c:184:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/util/strerror.c:80:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char error_buf[200];
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_app.c:128:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_app.c:150:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_app.c:233:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.debug_level = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_app.c:239:30:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.permissive = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_app.c:347:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char vrfy_buf[512];
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_req.c:111:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output_buf[4096];
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_req.c:120:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( output_file, "w" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_req.c:138:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_req.c:184:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.debug_level = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c:188:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output_buf[4096];
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c:198:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if( ( f = fopen( output_file, "w" ) ) == NULL )
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c:219:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c:220:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char issuer_name[256];
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c:224:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char subject_name[256];
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c:322:40:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.authority_identifier = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c:332:38:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.subject_identifier = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c:342:37:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.basic_constraints = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c:368:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.version = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c:378:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.selfsign = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c:387:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.is_ca = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c:396:31:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            opt.max_pathlen = atoi( q );
data/iotjs-1.0+715/deps/mbedtls/programs/x509/crl_app.c:71:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[100000];
data/iotjs-1.0+715/deps/mbedtls/programs/x509/req_app.c:71:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[100000];
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-authcrypt/main.cpp:43:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char secret_key[16] = {
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-authcrypt/main.cpp:55:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char ciphertext[128] = { 0 };
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-authcrypt/main.cpp:140:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char decrypted[128] = { 0 };
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-benchmark/main.cpp:309:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy( output, &rnd, use_len );
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-benchmark/main.cpp:337:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char buf[BUFSIZE];
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-benchmark/main.cpp:349:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char tmp[200];
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-benchmark/main.cpp:350:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[TITLE_LEN];
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-benchmark/main.cpp:353:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char malloc_buf[HEAP_SIZE] = { 0 };
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-benchmark/main.cpp:699:56:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            mbedtls_pk_parse_key( &pk, (const unsigned char *) rsa_keys[i],
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-hashing/main.cpp:55:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output1[32]; /* SHA-256 outputs 32 bytes */
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-hashing/main.cpp:67:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output2[32];
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-hashing/main.cpp:87:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output3[MBEDTLS_MD_MAX_SIZE]; /* Enough for any hash */
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-hashing/main.cpp:112:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char output4[MBEDTLS_MD_MAX_SIZE]; /* Enough for any hash */
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-selftest/main.cpp:71:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buf[1000000];
data/iotjs-1.0+715/src/iotjs_binding.c:118:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, buffer_wrap->buffer, size);
data/iotjs-1.0+715/src/iotjs_debuglog.c:44:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    iotjs_debug_level = atoi(dbglevel);
data/iotjs-1.0+715/src/iotjs_debuglog.c:53:17:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    logstream = fopen(dbglogfile, "w+");
data/iotjs-1.0+715/src/iotjs_env.c:214:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(env->config.debugger->channel, default_channel,
data/iotjs-1.0+715/src/iotjs_env.c:216:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(env->config.debugger->protocol, default_protocol,
data/iotjs-1.0+715/src/iotjs_env.c:218:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(env->config.debugger->serial_config, default_serial_config,
data/iotjs-1.0+715/src/iotjs_env.c:232:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(env->config.debugger->channel, argv[i + 1],
data/iotjs-1.0+715/src/iotjs_env.c:250:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(env->config.debugger->protocol, argv[i + 1],
data/iotjs-1.0+715/src/iotjs_env.c:268:11:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
          memcpy(env->config.debugger->serial_config, argv[i + 1],
data/iotjs-1.0+715/src/iotjs_env.h:26:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char channel[16];
data/iotjs-1.0+715/src/iotjs_env.h:27:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char protocol[16];
data/iotjs-1.0+715/src/iotjs_env.h:28:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char serial_config[64];
data/iotjs-1.0+715/src/iotjs_string.c:41:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(str.data, data, size);
data/iotjs-1.0+715/src/iotjs_string.c:90:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(str->data + str->size, data, size);
data/iotjs-1.0+715/src/iotjs_util.c:31:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE* file = fopen(path, "rb");
data/iotjs-1.0+715/src/iotjs_util.c:123:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char command[256];
data/iotjs-1.0+715/src/modules/iotjs_module_buffer.c:588:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char base64_enc_map[65] =
data/iotjs-1.0+715/src/modules/iotjs_module_crypto.c:78:65:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static int iotjs_sha1_process(uint32_t state[5], const unsigned char data[64]) {
data/iotjs-1.0+715/src/modules/iotjs_module_crypto.c:235:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const unsigned char sha1_padding[64] = { 0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0,
data/iotjs-1.0+715/src/modules/iotjs_module_crypto.c:245:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                             unsigned char buffer[64],
data/iotjs-1.0+715/src/modules/iotjs_module_crypto.c:266:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((void *)(buffer + left), in_buff, fill);
data/iotjs-1.0+715/src/modules/iotjs_module_crypto.c:284:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((void *)(buffer + left), in_buff, buff_len);
data/iotjs-1.0+715/src/modules/iotjs_module_crypto.c:292:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                             unsigned char buffer[64],
data/iotjs-1.0+715/src/modules/iotjs_module_crypto.c:297:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char msglen[8];
data/iotjs-1.0+715/src/modules/iotjs_module_crypto.c:340:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buffer[64] = { 0 };
data/iotjs-1.0+715/src/modules/iotjs_module_crypto.c:442:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(ret_wrap->buffer, sha_ret, sha_sz);
data/iotjs-1.0+715/src/modules/iotjs_module_dns.c:60:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ip[INET6_ADDRSTRLEN];
data/iotjs-1.0+715/src/modules/iotjs_module_dns.c:147:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ip[INET6_ADDRSTRLEN] = "";
data/iotjs-1.0+715/src/modules/iotjs_module_fs.c:26:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  static char msg[256];
data/iotjs-1.0+715/src/modules/iotjs_module_fs.c:195:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FS_ASYNC(env, open, jcallback, iotjs_string_data(&path), flags, mode);
data/iotjs-1.0+715/src/modules/iotjs_module_fs.c:197:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FS_SYNC(env, open, iotjs_string_data(&path), flags, mode);
data/iotjs-1.0+715/src/modules/iotjs_module_mqtt.c:108:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst_buffer + 2, src_buffer->buffer, src_buffer->length);
data/iotjs-1.0+715/src/modules/iotjs_module_mqtt.c:230:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char variable_header_protocol[7];
data/iotjs-1.0+715/src/modules/iotjs_module_mqtt.c:268:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buff_ptr, variable_header_protocol, sizeof(variable_header_protocol));
data/iotjs-1.0+715/src/modules/iotjs_module_mqtt.c:368:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buff_ptr, message.buffer, message.length);
data/iotjs-1.0+715/src/modules/iotjs_module_mqtt.c:443:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(msg_wrap->buffer, buffer, payload_length);
data/iotjs-1.0+715/src/modules/iotjs_module_mqtt.c:554:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(mqttclient->buffer, tmp_buf, mqttclient->buffer_length);
data/iotjs-1.0+715/src/modules/iotjs_module_mqtt.c:555:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(mqttclient->buffer + mqttclient->buffer_length, buff_recv->buffer,
data/iotjs-1.0+715/src/modules/iotjs_module_mqtt.c:681:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, current_buffer, remaining_size);
data/iotjs-1.0+715/src/modules/iotjs_module_process.c:206:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[IOTJS_MAX_PATH_SIZE];
data/iotjs-1.0+715/src/modules/iotjs_module_tcp.c:365:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char ip[INET6_ADDRSTRLEN];
data/iotjs-1.0+715/src/modules/iotjs_module_tls.c:128:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, bio->mem + bio->read_index, copy_size);
data/iotjs-1.0+715/src/modules/iotjs_module_tls.c:134:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, bio->mem + bio->read_index, size);
data/iotjs-1.0+715/src/modules/iotjs_module_tls.c:145:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(bio->mem + bio->write_index, buf, copy_size);
data/iotjs-1.0+715/src/modules/iotjs_module_tls.c:151:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(bio->mem + bio->write_index, buf, size);
data/iotjs-1.0+715/src/modules/iotjs_module_uart.c:63:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[UART_WRITE_BUFFER_SIZE];
data/iotjs-1.0+715/src/modules/iotjs_module_udp.c:63:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char addr[sizeof(sockaddr_in6)];
data/iotjs-1.0+715/src/modules/iotjs_module_udp.c:212:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char addr[sizeof(sockaddr_in6)];
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:103:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(dst, src, strlen(src));
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:109:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buff, data, size);
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:122:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char concatenated[concatenated_size + 1];
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:123:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(concatenated, client_key, client_key_size);
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:124:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(concatenated + client_key_size, WS_GUID, ws_guid_size);
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:315:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buff_ptr, iotjs_string_data(&l_endpoint),
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:320:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buff_ptr, iotjs_string_data(&l_host), iotjs_string_size(&l_host));
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:326:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buff_ptr, wsclient->generated_key, generated_key_len);
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:363:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buff_ptr, key, key_len);
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:387:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char key[28] = { 0 };
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:388:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(key, key_pos, 28);
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:402:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data_wrap->buffer, buff_wrap->buffer + header_size,
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:418:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(wsclient->tcp_buff.buffer, tmp_buf, wsclient->tcp_buff.length);
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:419:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(wsclient->tcp_buff.buffer + wsclient->tcp_buff.length,
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:440:33:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      buff_ptr[i] ^= ((unsigned char *)(mask_key))[i % 4];
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:450:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(wsclient->ws_buff.data, buff_ptr, payload_len);
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:459:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(wsclient->ws_buff.data, tmp_ptr, tmp_len);
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:460:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(wsclient->ws_buff.data + tmp_len, buff_ptr, payload_len);
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:505:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ret_code_str[ret_code_str_size + 1];
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:613:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((uint8_t *)&payload_64bit_len + i,
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:651:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buffer, current_buffer, remaining_size);
data/iotjs-1.0+715/src/modules/linux/iotjs_module_adc-linux.c:67:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[ADC_VALUE_BUFFER_SIZE];
data/iotjs-1.0+715/src/modules/linux/iotjs_module_adc-linux.c:73:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  adc->value = atoi(buffer) != 0;
data/iotjs-1.0+715/src/modules/linux/iotjs_module_blehcisocket-linux.c:103:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[8];
data/iotjs-1.0+715/src/modules/linux/iotjs_module_blehcisocket-linux.c:193:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(blehcisocket->_address, &di.bdaddr, sizeof(di.bdaddr));
data/iotjs-1.0+715/src/modules/linux/iotjs_module_blehcisocket-linux.c:268:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char data[1024];
data/iotjs-1.0+715/src/modules/linux/iotjs_module_gpio-linux.c:90:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[1];
data/iotjs-1.0+715/src/modules/linux/iotjs_module_gpio-linux.c:152:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char direction_path[GPIO_PATH_BUFFER_SIZE];
data/iotjs-1.0+715/src/modules/linux/iotjs_module_gpio-linux.c:171:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char edge_path[GPIO_PATH_BUFFER_SIZE];
data/iotjs-1.0+715/src/modules/linux/iotjs_module_gpio-linux.c:176:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char value_path[GPIO_PATH_BUFFER_SIZE];
data/iotjs-1.0+715/src/modules/linux/iotjs_module_gpio-linux.c:179:42:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((gpio->platform_data->value_fd = open(value_path, O_RDONLY)) < 0) {
data/iotjs-1.0+715/src/modules/linux/iotjs_module_gpio-linux.c:213:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char value_path[GPIO_PATH_BUFFER_SIZE];
data/iotjs-1.0+715/src/modules/linux/iotjs_module_gpio-linux.c:225:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[GPIO_VALUE_BUFFER_SIZE];
data/iotjs-1.0+715/src/modules/linux/iotjs_module_gpio-linux.c:226:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char value_path[GPIO_PATH_BUFFER_SIZE];
data/iotjs-1.0+715/src/modules/linux/iotjs_module_gpio-linux.c:234:17:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  gpio->value = atoi(buffer) != 0;
data/iotjs-1.0+715/src/modules/linux/iotjs_module_gpio-linux.c:241:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[GPIO_PIN_BUFFER_SIZE];
data/iotjs-1.0+715/src/modules/linux/iotjs_module_gpio-linux.c:256:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char exported_path[GPIO_PATH_BUFFER_SIZE];
data/iotjs-1.0+715/src/modules/linux/iotjs_module_i2c-linux.c:102:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      open(iotjs_string_data(&platform_data->device), O_RDWR);
data/iotjs-1.0+715/src/modules/linux/iotjs_module_pwm-linux.c:91:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(devicePath, iotjs_string_data(device), prefixSize);
data/iotjs-1.0+715/src/modules/linux/iotjs_module_pwm-linux.c:92:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(devicePath + prefixSize, fileName, suffixSize);
data/iotjs-1.0+715/src/modules/linux/iotjs_module_pwm-linux.c:114:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[PWM_PATH_BUFFER_SIZE] = { 0 };
data/iotjs-1.0+715/src/modules/linux/iotjs_module_pwm-linux.c:125:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char export_path[PWM_PATH_BUFFER_SIZE] = { 0 };
data/iotjs-1.0+715/src/modules/linux/iotjs_module_pwm-linux.c:167:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[PWM_VALUE_BUFFER_SIZE];
data/iotjs-1.0+715/src/modules/linux/iotjs_module_pwm-linux.c:194:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buf[PWM_VALUE_BUFFER_SIZE];
data/iotjs-1.0+715/src/modules/linux/iotjs_module_pwm-linux.c:214:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char value[4];
data/iotjs-1.0+715/src/modules/linux/iotjs_module_pwm-linux.c:220:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[PWM_VALUE_BUFFER_SIZE];
data/iotjs-1.0+715/src/modules/linux/iotjs_module_pwm-linux.c:235:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[PWM_PATH_BUFFER_SIZE] = { 0 };
data/iotjs-1.0+715/src/modules/linux/iotjs_module_pwm-linux.c:243:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char unexport_path[PWM_PATH_BUFFER_SIZE] = { 0 };
data/iotjs-1.0+715/src/modules/linux/iotjs_module_uart-linux.c:107:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int fd = open(iotjs_string_data(&uart->platform_data->device_path),
data/iotjs-1.0+715/src/modules/nuttx/iotjs_module_adc-nuttx.c:66:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[ADC_DEVICE_PATH_BUFFER_SIZE] = { 0 };
data/iotjs-1.0+715/src/modules/nuttx/iotjs_module_adc-nuttx.c:122:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[ADC_DEVICE_PATH_BUFFER_SIZE] = { 0 };
data/iotjs-1.0+715/src/modules/nuttx/iotjs_module_adc-nuttx.c:144:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[ADC_DEVICE_PATH_BUFFER_SIZE] = { 0 };
data/iotjs-1.0+715/src/modules/nuttx/iotjs_module_pwm-nuttx.c:85:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[PWM_DEVICE_PATH_BUFFER_SIZE] = { 0 };
data/iotjs-1.0+715/src/modules/nuttx/iotjs_module_pwm-nuttx.c:105:30:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  platform_data->device_fd = open(path, O_RDONLY);
data/iotjs-1.0+715/src/modules/nuttx/iotjs_module_pwm-nuttx.c:168:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[PWM_DEVICE_PATH_BUFFER_SIZE] = { 0 };
data/iotjs-1.0+715/src/modules/nuttx/iotjs_module_uart-nuttx.c:47:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int fd = open(iotjs_string_data(&uart->platform_data->device_path),
data/iotjs-1.0+715/src/modules/tizenrt/iotjs_module_adc-tizenrt.c:124:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    device_fd = open(TIZENRT_ADC_DEVICE, O_RDONLY);
data/iotjs-1.0+715/src/modules/tizenrt/iotjs_module_uart-tizenrt.c:51:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  int fd = open(iotjs_string_data(&uart->platform_data->device_path),
data/iotjs-1.0+715/src/napi/node_api_property.c:200:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char idx_str[17];
data/iotjs-1.0+715/src/napi/node_api_property.c:201:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
  sprintf(idx_str, "%d", index);
data/iotjs-1.0+715/src/napi/node_api_value.c:786:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(*deferred, promise, sizeof(napi_value*));
data/iotjs-1.0+715/src/platform/linux/iotjs_systemio-linux.c:138:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[DEVICE_IO_PIN_BUFFER_SIZE] = { 0 };
data/iotjs-1.0+715/src/platform/linux/iotjs_systemio-linux.c:148:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[DEVICE_IO_PIN_BUFFER_SIZE];
data/iotjs-1.0+715/src/platform/linux/iotjs_systemio-linux.c:149:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char path[DEVICE_IO_PATH_BUFFER_SIZE] = { 0 };
data/iotjs-1.0+715/src/platform/linux/iotjs_systemio-linux.c:180:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[DEVICE_IO_PIN_BUFFER_SIZE];
data/iotjs-1.0+715/src/platform/tizen/iotjs_tizen_service_app.c:30:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char js_absolute_path[128];
data/iotjs-1.0+715/src/platform/tizenrt/iotjs_main_tizenrt.c:107:18:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *file_p = fopen(file_name_p, "rb");
data/iotjs-1.0+715/test/module_generator/test_c/test.c:58:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char* f_char_arr(char a[5]) {
data/iotjs-1.0+715/test/module_generator/test_c/test.h:44:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char c_arr[5];
data/iotjs-1.0+715/test/module_generator/test_cpp/test.cpp:24:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char c_arr[5];
data/iotjs-1.0+715/test/module_generator/test_cpp/test.cpp:83:19:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char* f_char_arr (char a[5])
data/iotjs-1.0+715/test/module_generator/test_cpp/test.cpp:199:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void Test::set_c_arr(char c_arr[5])
data/iotjs-1.0+715/test/module_generator/test_cpp/test.h:43:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
extern char c_arr[5];
data/iotjs-1.0+715/test/module_generator/test_cpp/test.h:108:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char _c_arr[5];
data/iotjs-1.0+715/test/module_generator/test_cpp/test.h:122:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char c_arr[5];
data/iotjs-1.0+715/test/napi/test_napi_buffer.c:34:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(the_copy, the_text, buffer_size);
data/iotjs-1.0+715/test/napi/test_napi_conversions.c:79:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char value[100];
data/iotjs-1.0+715/test/napi/test_napi_string.c:19:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[128];
data/iotjs-1.0+715/test/napi/test_napi_string.c:46:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[4];
data/iotjs-1.0+715/config/nuttx/stm32f4dis/app/jerry_port.c:80:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(in_path_p);
data/iotjs-1.0+715/deps/http-parser/contrib/url_parser.c:34:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(argv[2]);
data/iotjs-1.0+715/deps/http-parser/test.c:2313:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (http_parser_parse_url(m->request_url, strlen(m->request_url), 0, &u)) {
data/iotjs-1.0+715/deps/http-parser/test.c:2401:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    off += strlen(m->raw);
data/iotjs-1.0+715/deps/http-parser/test.c:2404:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      off -= strlen(m->upgrade);
data/iotjs-1.0+715/deps/http-parser/test.c:2413:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      *(body + nread + strlen(m->upgrade)) = '\0';
data/iotjs-1.0+715/deps/http-parser/test.c:2434:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t i, j, len = strlen(raw), error_location_line = 0;
data/iotjs-1.0+715/deps/http-parser/test.c:3005:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen(test->url),
data/iotjs-1.0+715/deps/http-parser/test.c:3048:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t raw_len = strlen(message->raw);
data/iotjs-1.0+715/deps/http-parser/test.c:3053:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    size_t read;
data/iotjs-1.0+715/deps/http-parser/test.c:3062:53:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        messages[num_messages - 1].upgrade = msg1 + read;
data/iotjs-1.0+715/deps/http-parser/test.c:3066:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (read != msg1len) {
data/iotjs-1.0+715/deps/http-parser/test.c:3067:27:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        print_error(msg1, read);
data/iotjs-1.0+715/deps/http-parser/test.c:3076:51:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      messages[num_messages - 1].upgrade = msg2 + read;
data/iotjs-1.0+715/deps/http-parser/test.c:3080:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (read != msg2len) {
data/iotjs-1.0+715/deps/http-parser/test.c:3081:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      print_error(msg2, read);
data/iotjs-1.0+715/deps/http-parser/test.c:3087:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (read != 0) {
data/iotjs-1.0+715/deps/http-parser/test.c:3088:33:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      print_error(message->raw, read);
data/iotjs-1.0+715/deps/http-parser/test.c:3110:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  size_t read;
data/iotjs-1.0+715/deps/http-parser/test.c:3111:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t l = strlen(message->raw);
data/iotjs-1.0+715/deps/http-parser/test.c:3118:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (read != toread) {
data/iotjs-1.0+715/deps/http-parser/test.c:3119:33:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      print_error(message->raw, read);
data/iotjs-1.0+715/deps/http-parser/test.c:3126:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (read != 0) {
data/iotjs-1.0+715/deps/http-parser/test.c:3127:31:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    print_error(message->raw, read);
data/iotjs-1.0+715/deps/http-parser/test.c:3148:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  parse(buf, strlen(buf));
data/iotjs-1.0+715/deps/http-parser/test.c:3176:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf));
data/iotjs-1.0+715/deps/http-parser/test.c:3177:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  assert(parsed == strlen(buf));
data/iotjs-1.0+715/deps/http-parser/test.c:3180:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t buflen = strlen(buf);
data/iotjs-1.0+715/deps/http-parser/test.c:3205:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  parsed = http_parser_execute(&parser, &settings_null, buf, strlen(buf));
data/iotjs-1.0+715/deps/http-parser/test.c:3206:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  assert(parsed == strlen(buf));
data/iotjs-1.0+715/deps/http-parser/test.c:3208:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  assert(parser.nread == strlen(buf));
data/iotjs-1.0+715/deps/http-parser/test.c:3297:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char total[ strlen(r1->raw)
data/iotjs-1.0+715/deps/http-parser/test.c:3298:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            + strlen(r2->raw)
data/iotjs-1.0+715/deps/http-parser/test.c:3299:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            + strlen(r3->raw)
data/iotjs-1.0+715/deps/http-parser/test.c:3310:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  size_t read;
data/iotjs-1.0+715/deps/http-parser/test.c:3312:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  read = parse(total, strlen(total));
data/iotjs-1.0+715/deps/http-parser/test.c:3315:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    upgrade_message_fix(total, read, 3, r1, r2, r3);
data/iotjs-1.0+715/deps/http-parser/test.c:3319:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (read != strlen(total)) {
data/iotjs-1.0+715/deps/http-parser/test.c:3319:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (read != strlen(total)) {
data/iotjs-1.0+715/deps/http-parser/test.c:3320:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    print_error(total, read);
data/iotjs-1.0+715/deps/http-parser/test.c:3326:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (read != 0) {
data/iotjs-1.0+715/deps/http-parser/test.c:3327:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    print_error(total, read);
data/iotjs-1.0+715/deps/http-parser/test.c:3361:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  size_t read;
data/iotjs-1.0+715/deps/http-parser/test.c:3363:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int total_len = strlen(total);
data/iotjs-1.0+715/deps/http-parser/test.c:3400:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (read != buf1_len) {
data/iotjs-1.0+715/deps/http-parser/test.c:3401:29:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          print_error(buf1, read);
data/iotjs-1.0+715/deps/http-parser/test.c:3409:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (read != buf1_len + buf2_len) {
data/iotjs-1.0+715/deps/http-parser/test.c:3410:29:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          print_error(buf2, read);
data/iotjs-1.0+715/deps/http-parser/test.c:3418:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (read != buf1_len + buf2_len + buf3_len) {
data/iotjs-1.0+715/deps/http-parser/test.c:3419:29:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          print_error(buf3, read);
data/iotjs-1.0+715/deps/http-parser/test.c:3427:38:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
          upgrade_message_fix(total, read, 3, r1, r2, r3);
data/iotjs-1.0+715/deps/http-parser/test.c:3473:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t headers_len = strlen(headers);
data/iotjs-1.0+715/deps/http-parser/test.c:3503:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t buflen = strlen(msg->raw);
data/iotjs-1.0+715/deps/jerry/jerry-core/api/jerry-debugger.c:149:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          size_t resource_name_size = strlen ((const char *) resource_name_p);
data/iotjs-1.0+715/deps/jerry/jerry-core/api/jerry-snapshot.c:1493:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    string_size = (lit_utf8_size_t) strlen (chars);
data/iotjs-1.0+715/deps/jerry/jerry-core/debugger/debugger.c:604:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    strlen ((const char *) string_p));
data/iotjs-1.0+715/deps/jerry/jerry-core/ecma/base/ecma-helpers-conversion.c:429:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  JERRY_ASSERT (strlen ((const char *) infinity_zt_str_p) == 8);
data/iotjs-1.0+715/deps/jerry/jerry-core/lit/lit-strings.c:282:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return (lit_utf8_size_t) strlen ((const char *) utf8_str_p);
data/iotjs-1.0+715/deps/jerry/jerry-ext/debugger/debugger-serial.c:300:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  ssize_t length = read (serial_p->fd, buffer_p, buffer_size);
data/iotjs-1.0+715/deps/jerry/jerry-ext/debugger/debugger-serial.c:334:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy (tmp_config, config, CONFIG_SIZE);
data/iotjs-1.0+715/deps/jerry/jerry-ext/debugger/debugger-serial.c:362:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  ssize_t t = read (fd, &conn_char, 1);
data/iotjs-1.0+715/deps/jerry/jerry-ext/module/module.c:190:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        && strlen ((char *) module_p->name_p) == name_size
data/iotjs-1.0+715/deps/jerry/jerry-main/cli.c:50:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char CMDNAME[strlen ((PROGNAME)) + strlen ((CMD)) + 2]; \
data/iotjs-1.0+715/deps/jerry/jerry-main/cli.c:50:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char CMDNAME[strlen ((PROGNAME)) + strlen ((CMD)) + 2]; \
data/iotjs-1.0+715/deps/jerry/jerry-main/cli.c:51:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy (CMDNAME, (PROGNAME), strlen ((PROGNAME))); \
data/iotjs-1.0+715/deps/jerry/jerry-main/cli.c:51:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  strncpy (CMDNAME, (PROGNAME), strlen ((PROGNAME))); \
data/iotjs-1.0+715/deps/jerry/jerry-main/cli.c:52:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  CMDNAME[strlen ((PROGNAME))] = ' '; \
data/iotjs-1.0+715/deps/jerry/jerry-main/cli.c:53:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy (CMDNAME + strlen ((PROGNAME)) + 1, (CMD), strlen ((CMD)) + 1)
data/iotjs-1.0+715/deps/jerry/jerry-main/cli.c:53:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  strncpy (CMDNAME + strlen ((PROGNAME)) + 1, (CMD), strlen ((CMD)) + 1)
data/iotjs-1.0+715/deps/jerry/jerry-main/cli.c:53:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  strncpy (CMDNAME + strlen ((PROGNAME)) + 1, (CMD), strlen ((CMD)) + 1)
data/iotjs-1.0+715/deps/jerry/jerry-main/cli.c:277:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int length = (int) strlen (prog_name_p);
data/iotjs-1.0+715/deps/jerry/jerry-main/cli.c:284:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int command_length = (int) strlen (command_name_p);
data/iotjs-1.0+715/deps/jerry/jerry-main/cli.c:307:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    opt_length += (int) strlen (opt_p);
data/iotjs-1.0+715/deps/jerry/jerry-main/cli.c:341:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int opt_length = (int) (2 + strlen (opt_p));
data/iotjs-1.0+715/deps/jerry/jerry-main/cli.c:414:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      length += (int) (strlen (opt_p->opt) + 1);
data/iotjs-1.0+715/deps/jerry/jerry-main/cli.c:426:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      length += (int) (strlen (opt_p->longopt) + 2);
data/iotjs-1.0+715/deps/jerry/jerry-main/cli.c:432:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      length += 1 + (int) strlen (opt_p->meta);
data/iotjs-1.0+715/deps/jerry/jerry-main/cli.c:458:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      length = (int) (CLI_LINE_INDENT + strlen (opt_p->meta));
data/iotjs-1.0+715/deps/jerry/jerry-main/main-unix-snapshot.c:382:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                        (size_t) strlen (file_name_p),
data/iotjs-1.0+715/deps/jerry/jerry-main/main-unix-snapshot.c:386:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                        strlen (function_args_p),
data/iotjs-1.0+715/deps/jerry/jerry-main/main-unix-snapshot.c:394:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                               (size_t) strlen (file_name_p),
data/iotjs-1.0+715/deps/jerry/jerry-main/main-unix.c:113:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                 strlen (file_path_p),
data/iotjs-1.0+715/deps/jerry/jerry-main/main-unix.c:236:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t len = strlen (str_p);
data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-debugger.c:48:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep ((useconds_t) sleep_time * 1000);
data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-module.c:125:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat (path_p, &drive, _MAX_DRIVE);
data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-module.c:126:5:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
    strncat (path_p, dir_p, _MAX_DIR);
data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-module.c:129:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
  strncat (path_p, in_path_p, _MAX_PATH);
data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-module.c:146:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy (path_p, base_p, MAX_JERRY_PATH_SIZE);
data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-module.c:147:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings. Risk is low because the source is a
  constant character.
  strncat (path_p, "/", 1);
data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-module.c:158:7:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      strncpy (out_buf_p, norm_p, out_buf_size);
data/iotjs-1.0+715/deps/jerry/jerry-port/default/default-module.c:172:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy (out_buf_p, in_path_p, out_buf_size);
data/iotjs-1.0+715/deps/jerry/targets/curie_bsp/jerry_app/quark/main.c:89:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      str_lens[i - 2] = strlen (argv[i]);
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/AnalogIn-js.cpp:45:34:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
DECLARE_CLASS_FUNCTION(AnalogIn, read) {
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/AnalogIn-js.cpp:46:36:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    CHECK_ARGUMENT_COUNT(AnalogIn, read, (args_count == 0));
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/AnalogIn-js.cpp:59:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    float result = native_ptr->read();
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/AnalogIn-js.cpp:108:48:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ATTACH_CLASS_FUNCTION(js_object, AnalogIn, read);
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/DigitalOut-js.cpp:75:36:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
DECLARE_CLASS_FUNCTION(DigitalOut, read) {
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/DigitalOut-js.cpp:76:38:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    CHECK_ARGUMENT_COUNT(DigitalOut, read, (args_count == 0));
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/DigitalOut-js.cpp:89:30:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    int result = native_ptr->read();
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/DigitalOut-js.cpp:151:50:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ATTACH_CLASS_FUNCTION(js_object, DigitalOut, read);
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/I2C-js.cpp:88:29:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
DECLARE_CLASS_FUNCTION(I2C, read) {
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/I2C-js.cpp:89:31:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    CHECK_ARGUMENT_COUNT(I2C, read, (args_count == 1 || args_count == 3 || args_count == 4));
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/I2C-js.cpp:92:41:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        CHECK_ARGUMENT_TYPE_ALWAYS(I2C, read, 0, number);
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/I2C-js.cpp:104:34:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        int result = native_ptr->read(data);
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/I2C-js.cpp:108:41:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        CHECK_ARGUMENT_TYPE_ALWAYS(I2C, read, 0, number);
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/I2C-js.cpp:109:41:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        CHECK_ARGUMENT_TYPE_ALWAYS(I2C, read, 1, array);
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/I2C-js.cpp:110:41:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        CHECK_ARGUMENT_TYPE_ALWAYS(I2C, read, 2, number);
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/I2C-js.cpp:112:47:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        CHECK_ARGUMENT_TYPE_ON_CONDITION(I2C, read, 3, boolean, (args_count == 4));
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/I2C-js.cpp:136:34:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        int result = native_ptr->read(address, data, length, repeated);
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/I2C-js.cpp:309:43:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ATTACH_CLASS_FUNCTION(js_object, I2C, read);
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/PwmOut-js.cpp:83:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
DECLARE_CLASS_FUNCTION(PwmOut, read) {
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/PwmOut-js.cpp:84:34:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    CHECK_ARGUMENT_COUNT(PwmOut, read, (args_count == 0));
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/PwmOut-js.cpp:97:32:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    float result = native_ptr->read();
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/jerryscript-mbed/jerryscript-mbed-drivers/source/PwmOut-js.cpp:282:46:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ATTACH_CLASS_FUNCTION(js_object, PwmOut, read);
data/iotjs-1.0+715/deps/jerry/targets/mbedos5/source/jerry_port_mbed.c:41:7:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strlen (format) == 1 && format[0] == 0x0a) /* line feed (\n) */
data/iotjs-1.0+715/deps/jerry/targets/nuttx-stm32f4/jerry_main.c:349:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      if (++i < argc && strlen (argv[i]) == 1 && argv[i][0] >='0' && argv[i][0] <= '3')
data/iotjs-1.0+715/deps/jerry/targets/nuttx-stm32f4/jerry_main.c:421:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen (file_names[i]),
data/iotjs-1.0+715/deps/jerry/targets/nuttx-stm32f4/jerry_port.c:142:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen (in_path_p);
data/iotjs-1.0+715/deps/jerry/targets/nuttx-stm32f4/jerry_port.c:203:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep ((useconds_t) sleep_time * 1000);
data/iotjs-1.0+715/deps/jerry/targets/zephyr/src/main-zephyr.c:52:5:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strlen (source_buffer),
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-api.c:335:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t script_size = strlen (script_p);
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-backtrace.c:44:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    strlen (resource_name_p),
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-backtrace.c:46:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                    strlen (source_p),
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-backtrace.c:63:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen (str);
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-external-string.c:107:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t length = strlen (external_1);
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-resource-name.c:73:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                       strlen (resource_1),
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-resource-name.c:75:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                       strlen (source_1),
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-resource-name.c:104:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                         strlen (resource_2),
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-resource-name.c:106:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                         strlen (source_2),
data/iotjs-1.0+715/deps/jerry/tests/unit-core/test-unicode.c:25:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                            strlen (script_p),
data/iotjs-1.0+715/deps/jerry/tests/unit-ext/module/jerry-module-test.c:185:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                             strlen (the_string),
data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-method-register.c:98:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    jerry_value_t result = jerry_eval ((const jerry_char_t *) test_A, strlen (test_A), 0);
data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-method-register.c:106:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    jerry_value_t result = jerry_eval ((const jerry_char_t *) test_A, strlen (test_A), 0);
data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-method-register.c:114:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    jerry_value_t result = jerry_eval ((const jerry_char_t *) test_A, strlen (test_A), 0);
data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-method-register.c:122:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    jerry_value_t result = jerry_eval ((const jerry_char_t *) test_A, strlen (test_A), 0);
data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-method-register.c:130:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    jerry_value_t result = jerry_eval ((const jerry_char_t *) test_A, strlen (test_A), 0);
data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-method-register.c:138:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    jerry_value_t result = jerry_eval ((const jerry_char_t *) test_A, strlen (test_A), 0);
data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-method-register.c:145:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    jerry_value_t result = jerry_eval ((const jerry_char_t *) test_A, strlen (test_A), 0);
data/iotjs-1.0+715/deps/jerry/tests/unit-ext/test-ext-method-register.c:153:71:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    jerry_value_t result = jerry_eval ((const jerry_char_t *) test_A, strlen (test_A), 0);
data/iotjs-1.0+715/deps/libtuv/src/fs-poll.c:69:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(path);
data/iotjs-1.0+715/deps/libtuv/src/fs-poll.c:140:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  required_len = strlen(ctx->path);
data/iotjs-1.0+715/deps/libtuv/src/inet.c:73:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(dst, tmp, size);
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:352:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    abspath_size = strlen(abspath);
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:382:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
          abspath_size = strlen(abspath);
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:535:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(tmp);
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:572:3:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
  strncat(cmd, filename, (p - filename));
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:602:8:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((strlen(mon_file) + strlen(filename) + 5) > PATH_MAX)
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:602:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if ((strlen(mon_file) + strlen(filename) + 5) > PATH_MAX)
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:637:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  rc = write(*fd, mon_file_write_string, strlen(mon_file_write_string)+1);
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:688:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strncmp(buf, "BUF_WRAP", strlen("BUF_WRAP")) == 0) {
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:776:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(fname, p, sizeof(fname) - 1);
data/iotjs-1.0+715/deps/libtuv/src/unix/aix.c:916:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (read(fd, &psinfo, sizeof(psinfo)) == sizeof(psinfo)) {
data/iotjs-1.0+715/deps/libtuv/src/unix/android-ifaddrs.c:398:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(l_name, l_rtaData, l_rtaDataSize);
data/iotjs-1.0+715/deps/libtuv/src/unix/android-ifaddrs.c:549:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(l_name, l_rtaData, l_rtaDataSize);
data/iotjs-1.0+715/deps/libtuv/src/unix/async.c:135:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    r = read(w->fd, buf, sizeof(buf));
data/iotjs-1.0+715/deps/libtuv/src/unix/core.c:634:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  *size = strlen(buffer);
data/iotjs-1.0+715/deps/libtuv/src/unix/darwin-proctitle.c:46:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(namebuf, name, sizeof(namebuf) - 1);
data/iotjs-1.0+715/deps/libtuv/src/unix/darwin.c:84:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  abspath_size = strlen(abspath);
data/iotjs-1.0+715/deps/libtuv/src/unix/freebsd.c:192:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         strlen(process_title) + 1);
data/iotjs-1.0+715/deps/libtuv/src/unix/freebsd.c:205:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(process_title) + 1;
data/iotjs-1.0+715/deps/libtuv/src/unix/fs.c:118:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      path_len = strlen(path) + 1;                                            \
data/iotjs-1.0+715/deps/libtuv/src/unix/fs.c:119:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      new_path_len = strlen(new_path) + 1;                                    \
data/iotjs-1.0+715/deps/libtuv/src/unix/fs.c:305:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      result = read(req->file, req->bufs[0].base, req->bufs[0].len);
data/iotjs-1.0+715/deps/libtuv/src/unix/fsevents.c:253:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen(path);
data/iotjs-1.0+715/deps/libtuv/src/unix/fsevents.c:806:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  handle->realpath_len = strlen(handle->realpath);
data/iotjs-1.0+715/deps/libtuv/src/unix/getaddrinfo.c:175:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  hostname_len = hostname ? strlen(hostname) + 1 : 0;
data/iotjs-1.0+715/deps/libtuv/src/unix/getaddrinfo.c:176:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  service_len = service ? strlen(service) + 1 : 0;
data/iotjs-1.0+715/deps/libtuv/src/unix/linux-inotify.c:143:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      size = read(loop->inotify_fd, buf, sizeof(buf));
data/iotjs-1.0+715/deps/libtuv/src/unix/linux-inotify.c:242:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  w = uv__malloc(sizeof(*w) + strlen(path) + 1);
data/iotjs-1.0+715/deps/libtuv/src/unix/netbsd.c:98:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  *size = strlen(buffer);
data/iotjs-1.0+715/deps/libtuv/src/unix/netbsd.c:156:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(process_title) + 1;
data/iotjs-1.0+715/deps/libtuv/src/unix/nuttx.c:85:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    result = read(fd, iiovec[idx].iov_base, iiovec[idx].iov_len);
data/iotjs-1.0+715/deps/libtuv/src/unix/openbsd.c:118:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  exepath_size = strlen(argsbuf[0]);
data/iotjs-1.0+715/deps/libtuv/src/unix/openbsd.c:178:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(process_title) + 1;
data/iotjs-1.0+715/deps/libtuv/src/unix/pipe.c:70:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(saddr.sun_path, pipe_fname, sizeof(saddr.sun_path) - 1);
data/iotjs-1.0+715/deps/libtuv/src/unix/pipe.c:174:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(saddr.sun_path, name, sizeof(saddr.sun_path) - 1);
data/iotjs-1.0+715/deps/libtuv/src/unix/pipe.c:240:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    addrlen = strlen(sa.sun_path);
data/iotjs-1.0+715/deps/libtuv/src/unix/process.c:505:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    r = read(signal_pipe[0], &exec_errorno, sizeof(exec_errorno));
data/iotjs-1.0+715/deps/libtuv/src/unix/proctitle.c:49:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size += strlen(argv[i]) + 1;
data/iotjs-1.0+715/deps/libtuv/src/unix/proctitle.c:52:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  process_title.len = argv[argc - 1] + strlen(argv[argc - 1]) - argv[0];
data/iotjs-1.0+715/deps/libtuv/src/unix/proctitle.c:66:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size = strlen(argv[i]) + 1;
data/iotjs-1.0+715/deps/libtuv/src/unix/proctitle.c:82:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(process_title.str, title, process_title.len);
data/iotjs-1.0+715/deps/libtuv/src/unix/signal.c:77:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    r = read(uv__signal_lock_pipefd[0], &data, sizeof data);
data/iotjs-1.0+715/deps/libtuv/src/unix/signal.c:356:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    r = read(loop->signal_pipefd[0], buf + bytes, sizeof(buf) - bytes);
data/iotjs-1.0+715/deps/libtuv/src/unix/stream.c:203:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        r = read(s->int_fd, buf, sizeof(buf));
data/iotjs-1.0+715/deps/libtuv/src/unix/stream.c:1186:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        nread = read(uv__stream_fd(stream), buf.base, buf.len);
data/iotjs-1.0+715/deps/libtuv/src/unix/sunos.c:564:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (read(fd, &psinfo, sizeof(psinfo)) == sizeof(psinfo)) {
data/iotjs-1.0+715/deps/libtuv/src/unix/tizenrt.c:81:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    result = read(fd, iiovec[idx].iov_base, iiovec[idx].iov_len);
data/iotjs-1.0+715/deps/libtuv/src/uv-common.c:72:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(s) + 1;
data/iotjs-1.0+715/deps/libtuv/src/uv-common.c:502:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(msec * 1000);
data/iotjs-1.0+715/deps/libtuv/src/win/fs-event.c:70:24:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t filenamelen = wcslen(filename);
data/iotjs-1.0+715/deps/libtuv/src/win/fs-event.c:71:19:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t dirlen = wcslen(dir);
data/iotjs-1.0+715/deps/libtuv/src/win/fs-event.c:78:3:  [1] (buffer) wcsncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  wcsncpy(*relpath, filename + dirlen + 1, relpathlen);
data/iotjs-1.0+715/deps/libtuv/src/win/fs-event.c:84:13:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  int len = wcslen(filename);
data/iotjs-1.0+715/deps/libtuv/src/win/fs-event.c:109:7:  [1] (buffer) wcsncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
      wcsncpy(*dir, filename, i + 1);
data/iotjs-1.0+715/deps/libtuv/src/win/fs-event.c:117:5:  [1] (buffer) wcsncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    wcsncpy(*file, filename + i + 1, len - i - 1);
data/iotjs-1.0+715/deps/libtuv/src/win/fs-event.c:350:13:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  str_len = wcslen(str);
data/iotjs-1.0+715/deps/libtuv/src/win/fs-event.c:419:22:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
              size = wcslen(handle->dirw) +
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:146:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    path_len = 1 + strlen(path);
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:399:19:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
  current_umask = umask(0);
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:400:3:  [1] (access) umask:
  Ensure that umask is given most restrictive possible setting (e.g., 066 or
  077) (CWE-732).
  umask(current_umask);
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:776:9:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = wcslen(req->file.pathw);
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:803:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = strlen(req->path);
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:1165:16:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = wcslen(pathw);
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:1522:16:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  target_len = wcslen(path);
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:1557:3:  [1] (buffer) wcsncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  wcsncpy((WCHAR*)&path_buf[path_buf_len], JUNCTION_PREFIX,
data/iotjs-1.0+715/deps/libtuv/src/win/fs.c:1834:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    XX(READ, read)
data/iotjs-1.0+715/deps/libtuv/src/win/process.c:204:3:  [1] (buffer) wcsncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  wcsncpy(result_pos, cwd, cwd_len);
data/iotjs-1.0+715/deps/libtuv/src/win/process.c:214:3:  [1] (buffer) wcsncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  wcsncpy(result_pos, dir, dir_len);
data/iotjs-1.0+715/deps/libtuv/src/win/process.c:224:3:  [1] (buffer) wcsncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  wcsncpy(result_pos, name, name_len);
data/iotjs-1.0+715/deps/libtuv/src/win/process.c:235:5:  [1] (buffer) wcsncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    wcsncpy(result_pos, ext, ext_len);
data/iotjs-1.0+715/deps/libtuv/src/win/process.c:353:21:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t file_len = wcslen(file);
data/iotjs-1.0+715/deps/libtuv/src/win/process.c:354:20:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t cwd_len = wcslen(cwd);
data/iotjs-1.0+715/deps/libtuv/src/win/process.c:449:16:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = wcslen(source);
data/iotjs-1.0+715/deps/libtuv/src/win/process.c:463:5:  [1] (buffer) wcsncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    wcsncpy(target, source, len);
data/iotjs-1.0+715/deps/libtuv/src/win/process.c:474:5:  [1] (buffer) wcsncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    wcsncpy(target, source, len);
data/iotjs-1.0+715/deps/libtuv/src/win/process.c:803:13:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      len = wcslen(*ptr_copy) + 1;
data/iotjs-1.0+715/deps/libtuv/src/win/process.c:827:43:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (; env != NULL && *env != 0; env += wcslen(env) + 1) {
data/iotjs-1.0+715/deps/libtuv/src/win/req-inl.h:162:40:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        DELEGATE_STREAM_REQ(loop, req, read, data);
data/iotjs-1.0+715/deps/libtuv/src/win/util.c:441:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(process_title) + 1;
data/iotjs-1.0+715/deps/libtuv/src/win/util.c:1190:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  len = strlen(pwd.homedir);
data/iotjs-1.0+715/deps/libtuv/test/raw/apiemul_socket.c:213:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  tuvp_write(clisockfd, msg, strlen(msg));
data/iotjs-1.0+715/deps/libtuv/test/raw/apiemul_socket.c:227:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tuvp_write(sockfd, read_buffer, strlen((const char*)read_buffer));
data/iotjs-1.0+715/deps/libtuv/test/raw/apiemul_socket.c:314:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        tuvp_write(_sock_client, msg, strlen(msg));
data/iotjs-1.0+715/deps/libtuv/test/runner_linux.c:50:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(msec * 1000);
data/iotjs-1.0+715/deps/libtuv/test/runner_linux.c:296:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000);
data/iotjs-1.0+715/deps/libtuv/test/runner_linux.c:319:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(errmsg))
data/iotjs-1.0+715/deps/libtuv/test/runner_linux.c:517:30:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    TUV_ASSERT(sizeof(fd) == read(0, &fd, sizeof(fd)));
data/iotjs-1.0+715/deps/libtuv/test/runner_linux_raw.c:64:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(msec * 1000);
data/iotjs-1.0+715/deps/libtuv/test/runner_nuttx.c:55:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(msec * 1000);
data/iotjs-1.0+715/deps/libtuv/test/runner_nuttx.c:99:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000);
data/iotjs-1.0+715/deps/libtuv/test/runner_tizenrt.c:55:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(msec * 1000);
data/iotjs-1.0+715/deps/libtuv/test/runner_tizenrt.c:99:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000);
data/iotjs-1.0+715/deps/libtuv/test/test_fs.c:313:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  TUV_ASSERT(memcmp(req->path, filename2, strlen(filename2)) == 0);
data/iotjs-1.0+715/deps/libtuv/test/test_fs.c:416:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  TUV_ASSERT(strlen(req->path) == 15);
data/iotjs-1.0+715/deps/libtuv/test/test_pipe_close_stdout_read_stdin.c:69:5:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    read(fd[0], &buf, 1);
data/iotjs-1.0+715/deps/libtuv/test/test_pipe_set_non_blocking.c:48:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    n = read(ctx->fd, buf, sizeof(buf));
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:1014:34:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    test_output[i] = calloc(2 * (wcslen(test_str[i]) + 2), sizeof(WCHAR));
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:1018:19:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    total_size += wcslen(test_output[i]) + 1;
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:1024:5:  [1] (buffer) wcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Risk is low because the source is a constant
  character.
    wcscat(command_line, L" ");
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:1127:27:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t name_len = wcslen(from_env[i]);
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:1140:57:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (str = env, prev = NULL; *str; prev = str, str += wcslen(str) + 1) {
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:1446:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  for (len = strlen(exepath);
data/iotjs-1.0+715/deps/libtuv/test/test_spawn.c:1593:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      r = read(0, buf, sizeof buf);
data/iotjs-1.0+715/deps/libtuv/test/test_tcp_open.c:57:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000);
data/iotjs-1.0+715/deps/mbedtls/library/bignum.c:441:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    slen = strlen( s );
data/iotjs-1.0+715/deps/mbedtls/library/bignum.c:620:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    slen = strlen( s );
data/iotjs-1.0+715/deps/mbedtls/library/bignum.c:654:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    plen = strlen( p );
data/iotjs-1.0+715/deps/mbedtls/library/bignum.c:655:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    slen = strlen( s );
data/iotjs-1.0+715/deps/mbedtls/library/ecjpake.c:193:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t id_len = strlen( id );
data/iotjs-1.0+715/deps/mbedtls/library/error.c:540:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen( buf ) == 0 )
data/iotjs-1.0+715/deps/mbedtls/library/error.c:552:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen( buf );
data/iotjs-1.0+715/deps/mbedtls/library/error.c:799:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( buf ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/library/net_sockets.c:66:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define read(fd,buf,len)        recv( fd, (char*)( buf ), (int)( len ), 0 )
data/iotjs-1.0+715/deps/mbedtls/library/net_sockets.c:472:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ret = (int) read( fd, buf, len );
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:265:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    s1 += strlen( header );
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:272:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    end += strlen( footer );
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:449:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:449:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    add_len = strlen( header ) + strlen( footer ) + ( use_len / 64 ) + 1;
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:468:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy( p, header, strlen( header ) );
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:469:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p += strlen( header );
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:482:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy( p, footer, strlen( footer ) );
data/iotjs-1.0+715/deps/mbedtls/library/pem.c:483:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p += strlen( footer );
data/iotjs-1.0+715/deps/mbedtls/library/pkparse.c:141:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                (const unsigned char *) pwd, strlen( pwd ) );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cli.c:74:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    hostname_len = strlen( ssl->hostname );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cli.c:636:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        alpnlen += (unsigned char)( strlen( *cur ) & 0xFF ) + 1;
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cli.c:660:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        *p = (unsigned char)( strlen( *cur ) & 0xFF );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_cli.c:1352:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( name_len == strlen( *p ) &&
data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c:636:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ours_len = strlen( *ours );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_srv.c:2303:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *olen = 7 + strlen( ssl->alpn_chosen );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:296:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( sizeof( tmp ) < 20 + strlen( label ) + rlen )
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:303:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nb = strlen( label );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:399:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( sizeof( tmp ) < md_len + strlen( label ) + rlen )
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:402:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nb = strlen( label );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:6270:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        hostname_len = strlen( hostname );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:6281:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:6331:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cur_len = strlen( *p );
data/iotjs-1.0+715/deps/mbedtls/library/ssl_tls.c:7496:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        mbedtls_zeroize( ssl->hostname, strlen( ssl->hostname ) );
data/iotjs-1.0+715/deps/mbedtls/library/x509_create.c:93:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const char *end = s + strlen( s );
data/iotjs-1.0+715/deps/mbedtls/library/x509_create.c:130:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if( mbedtls_asn1_store_named_data( head, oid, strlen( oid ),
data/iotjs-1.0+715/deps/mbedtls/library/x509_crt.c:1116:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen( path );
data/iotjs-1.0+715/deps/mbedtls/library/x509_crt.c:1764:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t cn_idx = 0, cn_len = strlen( cn );
data/iotjs-1.0+715/deps/mbedtls/library/x509_crt.c:2224:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cn_len = strlen( cn );
data/iotjs-1.0+715/deps/mbedtls/library/x509write_crt.c:116:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( not_before ) != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 ||
data/iotjs-1.0+715/deps/mbedtls/library/x509write_crt.c:117:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        strlen( not_after )  != MBEDTLS_X509_RFC5280_UTC_TIME_LEN - 1 )
data/iotjs-1.0+715/deps/mbedtls/library/x509write_crt.c:121:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( ctx->not_before, not_before, MBEDTLS_X509_RFC5280_UTC_TIME_LEN );
data/iotjs-1.0+715/deps/mbedtls/library/x509write_crt.c:122:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( ctx->not_after , not_after , MBEDTLS_X509_RFC5280_UTC_TIME_LEN );
data/iotjs-1.0+715/deps/mbedtls/library/x509write_crt.c:394:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       sig_oid, strlen( sig_oid ), 0 ) );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:121:27:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:181:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            keylen = strlen( argv[4] );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:237:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        mbedtls_md_update( &sha_ctx, (unsigned char *) p, strlen( p ) );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/aescrypt2.c:444:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset( argv[i], 0, strlen( argv[i] ) );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c:134:27:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c:218:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            keylen = strlen( argv[6] );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c:274:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        mbedtls_md_update( &md_ctx, (unsigned char *) p, strlen( p ) );
data/iotjs-1.0+715/deps/mbedtls/programs/aes/crypt_and_hash.c:541:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        memset( argv[i], 0, strlen( argv[i] ) );
data/iotjs-1.0+715/deps/mbedtls/programs/hash/generic_sum.c:109:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        n = strlen( line );
data/iotjs-1.0+715/deps/mbedtls/programs/hash/generic_sum.c:196:27:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/hash/hello.c:67:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_client.c:104:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_client.c:301:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_genprime.c:122:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_genprime.c:191:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_server.c:110:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/dh_server.c:323:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/ecdh_curve25519.c:226:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/ecdsa.c:140:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/ecdsa.c:238:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/gen_key.c:162:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen( (char *) output_buf );
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/gen_key.c:310:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/gen_key.c:436:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/key_app.c:144:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen( opt.password ) && strlen( opt.password_file ) )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/key_app.c:144:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen( opt.password ) && strlen( opt.password_file ) )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/key_app.c:150:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen( opt.password_file ) )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/key_app.c:168:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            i = (int) strlen( buf );
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/key_app.c:303:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/key_app_writer.c:122:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen( (char *) output_buf );
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/key_app_writer.c:164:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen( (char *) output_buf );
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/key_app_writer.c:426:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/mpi_demo.c:104:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_decrypt.c:93:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_decrypt.c:162:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_encrypt.c:91:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_encrypt.c:108:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( argv[2] ) > 100 )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_encrypt.c:114:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy( input, argv[2], strlen( argv[2] ) );
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_encrypt.c:122:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( ( ret = mbedtls_pk_encrypt( &pk, input, strlen( argv[2] ),
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_encrypt.c:162:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_sign.c:92:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_sign.c:168:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/pk_verify.c:143:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_decrypt.c:101:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        strlen( pers ) );
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_decrypt.c:208:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_encrypt.c:97:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        strlen( pers ) );
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_encrypt.c:137:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( argv[1] ) > 100 )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_encrypt.c:144:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy( input, argv[1], strlen( argv[1] ) );
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_encrypt.c:154:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                            strlen( argv[1] ), input, buf );
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_encrypt.c:189:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_genkey.c:85:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_genkey.c:180:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_sign.c:184:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_sign_pss.c:93:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_sign_pss.c:171:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_verify.c:157:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/pkey/rsa_verify_pss.c:149:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/dtls_client.c:121:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/dtls_client.c:338:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/dtls_server.c:189:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/dtls_server.c:413:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/mini_client.c:198:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                       (const unsigned char *) pers, strlen( pers ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client1.c:114:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client1.c:305:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:925:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( opt.psk ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:930:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( strlen( opt.psk ) % 2 != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:936:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        psk_len = strlen( opt.psk ) / 2;
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:938:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for( j = 0; j < strlen( opt.psk ); j += 2 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:1056:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:1072:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( opt.ca_path ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:1077:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if( strlen( opt.ca_file ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:1116:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( opt.crt_file ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:1139:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( opt.key_file ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:1327:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             strlen( opt.psk_identity ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:1364:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        strlen( opt.ecjpake_pw ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:1505:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tail_len = (int) strlen( GET_REQUEST_END );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:1515:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy( (char *) buf + len, GET_REQUEST_END, sizeof( buf ) - len - 1 );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_client2.c:1804:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_fork_server.c:129:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_fork_server.c:408:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:478:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:493:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( opt.ca_file ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:523:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( opt.crt_file ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:543:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( opt.key_file ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:723:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             strlen( opt.user_name ) );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:743:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                             strlen( opt.user_pwd ) );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_mail_client.c:835:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_pthread_server.c:405:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_pthread_server.c:520:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server.c:185:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server.c:393:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:658:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( name_len == strlen( cur->name ) &&
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:699:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    *olen = strlen( input );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:795:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if( name_len == strlen( cur->name ) &&
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1531:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1547:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( opt.ca_path ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1552:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if( strlen( opt.ca_file ) )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1589:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( opt.crt_file ) && strcmp( opt.crt_file, "none" ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1599:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( opt.key_file ) && strcmp( opt.key_file, "none" ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1614:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( opt.crt_file2 ) && strcmp( opt.crt_file2, "none" ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1624:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( opt.key_file2 ) && strcmp( opt.key_file2, "none" ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1962:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1962:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( opt.psk ) != 0 && strlen( opt.psk_identity ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:1966:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           strlen( opt.psk_identity ) );
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:2103:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        strlen( opt.ecjpake_pw ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/ssl/ssl_server2.c:2502:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/test/benchmark.c:877:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/test/selftest.c:392:27:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/test/ssl_cert_test.c:250:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/test/udp_proxy.c:612:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/util/pem2der.c:281:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/util/strerror.c:87:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/wince_main.c:37:15:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = _tcslen( targv[i] ) + 1;
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_app.c:253:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( opt.ca_path ) )
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_app.c:258:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    else if( strlen( opt.ca_file ) )
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_app.c:273:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( opt.crl_file ) )
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_app.c:372:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                   strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_app.c:485:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_req.c:118:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen( (char *) output_buf );
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_req.c:265:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_req.c:339:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c:196:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen( (char *) output_buf );
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c:478:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen( pers ) ) ) != 0 )
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c:505:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( !opt.selfsign && strlen( opt.issuer_crt ) )
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c:539:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( !opt.selfsign && strlen( opt.request_file ) )
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c:575:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( !opt.selfsign && !strlen( opt.request_file ) )
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c:608:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if( strlen( opt.issuer_crt ) )
data/iotjs-1.0+715/deps/mbedtls/programs/x509/cert_write.c:801:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/x509/crl_app.c:139:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/programs/x509/req_app.c:139:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-benchmark/main.cpp:700:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                                       strlen( rsa_keys[i] ) + 1, NULL, 0 );
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-benchmark/main.cpp:928:23:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    fflush( stdout ); getchar();
data/iotjs-1.0+715/deps/mbedtls/yotta/data/example-selftest/main.cpp:236:27:  [1] (buffer) getchar:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        fflush( stdout ); getchar();
data/iotjs-1.0+715/include/node_api.h:68:29:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#pragma section(".CRT$XCU", read)
data/iotjs-1.0+715/src/iotjs.c:175:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  jerry_value_t jmain = iotjs_jhelper_eval("iotjs.js", strlen("iotjs.js"),
data/iotjs-1.0+715/src/iotjs_env.c:215:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strlen(default_channel) + 1);
data/iotjs-1.0+715/src/iotjs_env.c:217:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strlen(default_protocol) + 1);
data/iotjs-1.0+715/src/iotjs_env.c:219:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strlen(default_serial_config) + 1);
data/iotjs-1.0+715/src/iotjs_env.c:231:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 strlen(env->config.debugger->channel) + 1);
data/iotjs-1.0+715/src/iotjs_env.c:233:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 strlen(argv[i + 1]) + 1);
data/iotjs-1.0+715/src/iotjs_env.c:249:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 strlen(env->config.debugger->protocol) + 1);
data/iotjs-1.0+715/src/iotjs_env.c:251:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 strlen(argv[i + 1]) + 1);
data/iotjs-1.0+715/src/iotjs_env.c:267:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 strlen(env->config.debugger->serial_config) + 1);
data/iotjs-1.0+715/src/iotjs_env.c:269:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                 strlen(argv[i + 1]) + 1);
data/iotjs-1.0+715/src/iotjs_util.c:61:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ptr = buffer + read;
data/iotjs-1.0+715/src/modules/iotjs_module_bridge.c:75:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  strlen(module_name)) == 0) {
data/iotjs-1.0+715/src/modules/iotjs_module_bridge.c:82:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        iotjs_buffer_allocate(strlen(module_name) + 1);
data/iotjs-1.0+715/src/modules/iotjs_module_bridge.c:84:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(g_module_list[empty_slot].module_name, module_name,
data/iotjs-1.0+715/src/modules/iotjs_module_bridge.c:85:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            strlen(module_name));
data/iotjs-1.0+715/src/modules/iotjs_module_bridge.c:98:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                  strlen(module_name) + 1) == 0) {
data/iotjs-1.0+715/src/modules/iotjs_module_bridge.c:118:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  bridgecall->ret_msg = iotjs_string_create_with_size(err, strlen(err) + 1);
data/iotjs-1.0+715/src/modules/iotjs_module_bridge.c:137:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size = strlen(msg) + 1;
data/iotjs-1.0+715/src/modules/iotjs_module_dns.c:151:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
    strncpy(ip, "127.0.0.1", strlen("127.0.0.1") + 1);
data/iotjs-1.0+715/src/modules/iotjs_module_dns.c:151:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    strncpy(ip, "127.0.0.1", strlen("127.0.0.1") + 1);
data/iotjs-1.0+715/src/modules/iotjs_module_fs.c:239:21:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      FS_ASYNC(env, read, jcallback, fd, &uvbuf, 1, position);
data/iotjs-1.0+715/src/modules/iotjs_module_fs.c:241:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      FS_SYNC(env, read, fd, &uvbuf, 1, position);
data/iotjs-1.0+715/src/modules/iotjs_module_process.c:31:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                           (const jerry_char_t*)args, strlen(args),
data/iotjs-1.0+715/src/modules/iotjs_module_process.c:55:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      wrap_eval(filename, strlen(filename), iotjs_string_data(&source),
data/iotjs-1.0+715/src/modules/iotjs_module_uart.c:64:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  int i = read(uart->device_fd, buf, UART_WRITE_BUFFER_SIZE - 1);
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:103:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  memcpy(dst, src, strlen(src));
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:104:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return dst + strlen(src);
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:118:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t ws_guid_size = strlen(WS_GUID);
data/iotjs-1.0+715/src/modules/iotjs_module_websocket.c:386:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char *key_pos = strstr(buff_wrap->buffer, ws_accept) + strlen(ws_accept);
data/iotjs-1.0+715/src/modules/linux/iotjs_module_blehcisocket-linux.c:270:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  length = read(blehcisocket->_socket, data, sizeof(data));
data/iotjs-1.0+715/src/modules/linux/iotjs_module_gpio-linux.c:97:7:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (read(fd, &buffer, 1) < 0) {
data/iotjs-1.0+715/src/modules/linux/iotjs_module_i2c-linux.c:149:10:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  return read(platform_data->device_fd, i2c->buf_data, len) == len;
data/iotjs-1.0+715/src/modules/linux/iotjs_module_pwm-linux.c:87:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t suffixSize = fileName ? strlen(fileName) : 0;
data/iotjs-1.0+715/src/modules/linux/iotjs_module_pwm-linux.c:120:63:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  platform_data->device = iotjs_string_create_with_size(path, strlen(path));
data/iotjs-1.0+715/src/modules/tizen/iotjs_module_tizen-tizen.c:147:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (strncmp(command, "getResPath", strlen("getResPath")) == 0) {
data/iotjs-1.0+715/src/modules/tizen/iotjs_module_tizen-tizen.c:153:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  } else if (strncmp(command, "getDataPath", strlen("getDataPath")) == 0) {
data/iotjs-1.0+715/src/modules/tizen/iotjs_module_tizen-tizen.c:159:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  } else if (strncmp(command, "launchAppControl", strlen("launchAppControl")) ==
data/iotjs-1.0+715/src/modules/tizen/iotjs_module_tizen-tizen.c:186:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(dest, src, size);
data/iotjs-1.0+715/src/modules/tizenrt/iotjs_module_adc-tizenrt.c:82:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    nbytes = read(platform_data->device_fd, samples, readsize);
data/iotjs-1.0+715/src/napi/node_api_value.c:397:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length = strlen(str);
data/iotjs-1.0+715/src/platform/linux/iotjs_systemio-linux.c:62:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  uv_buf_t uvbuf = uv_buf_init((char*)value, strlen(value));
data/iotjs-1.0+715/src/platform/linux/iotjs_systemio-linux.c:152:5:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
    usleep(100 * 1000); // sleep 100 miliseconds.
data/iotjs-1.0+715/src/platform/linux/iotjs_systemio-linux.c:165:7:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
      usleep(100 * 1000); // sleep 100 miliseconds.
data/iotjs-1.0+715/src/platform/linux/iotjs_systemio-linux.c:170:3:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
  usleep(1000 * 100); // sleep another 1000 milisec.
data/iotjs-1.0+715/src/platform/tizen/iotjs_tizen_service_app.h:46:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      iotjs_tizen_bridge_native(name, strlen(name), msg, strlen(msg), cb); \
data/iotjs-1.0+715/src/platform/tizen/iotjs_tizen_service_app.h:46:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      iotjs_tizen_bridge_native(name, strlen(name), msg, strlen(msg), cb); \
data/iotjs-1.0+715/src/platform/tizenrt/iotjs_main_tizenrt.c:161:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(in_path_p);
data/iotjs-1.0+715/tools/module_templates/shared_module_template/src/module_entry.c:22:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t str_len = strlen(str);

ANALYSIS SUMMARY:

Hits = 2470
Lines analyzed = 374625 in approximately 9.08 seconds (41255 lines/second)
Physical Source Lines of Code (SLOC) = 244156
Hits@level = [0] 411 [1] 469 [2] 1703 [3]  68 [4] 222 [5]   8
Hits@level+ = [0+] 2881 [1+] 2470 [2+] 2001 [3+] 298 [4+] 230 [5+]   8
Hits/KSLOC@level+ = [0+] 11.7998 [1+] 10.1165 [2+] 8.19558 [3+] 1.22053 [4+] 0.942021 [5+] 0.0327659
Dot directories skipped = 3 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.