Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/itcl3-3.4.3/generic/itcl_linkage.c
Examining data/itcl3-3.4.3/generic/itcl_util.c
Examining data/itcl3-3.4.3/generic/itclIntDecls.h
Examining data/itcl3-3.4.3/generic/itcl_parse.c
Examining data/itcl3-3.4.3/generic/itclDecls.h
Examining data/itcl3-3.4.3/generic/itcl.h
Examining data/itcl3-3.4.3/generic/itcl_ensemble.c
Examining data/itcl3-3.4.3/generic/itcl_methods.c
Examining data/itcl3-3.4.3/generic/itclInt.h
Examining data/itcl3-3.4.3/generic/itcl_class.c
Examining data/itcl3-3.4.3/generic/itcl_bicmds.c
Examining data/itcl3-3.4.3/generic/itcl_objects.c
Examining data/itcl3-3.4.3/generic/itclStubLib.c
Examining data/itcl3-3.4.3/generic/itclStubInit.c
Examining data/itcl3-3.4.3/generic/itcl_cmds.c
Examining data/itcl3-3.4.3/generic/itcl_migrate.c
Examining data/itcl3-3.4.3/win/dllEntryPoint.c
Examining data/itcl3-3.4.3/win/nmakehlp.c

FINAL RESULTS:

data/itcl3-3.4.3/generic/itcl_class.c:203:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(cdPtr->name, classNs->name);
data/itcl3-3.4.3/generic/itcl_class.c:206:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(cdPtr->fullname, classNs->fullName);
data/itcl3-3.4.3/generic/itcl_class.c:1595:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(vdefn->init, init);
data/itcl3-3.4.3/generic/itcl_class.c:1699:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(memPtr->fullname, cdefn->fullname);
data/itcl3-3.4.3/generic/itcl_class.c:1701:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(memPtr->fullname, name);
data/itcl3-3.4.3/generic/itcl_class.c:1704:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(memPtr->name, name);
data/itcl3-3.4.3/generic/itcl_ensemble.c:877:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(ensPart->usage, usageInfo);
data/itcl3-3.4.3/generic/itcl_ensemble.c:1085:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(part->name, partName);
data/itcl3-3.4.3/generic/itcl_methods.c:1175:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(localPtr->name, name);
data/itcl3-3.4.3/generic/itcl_util.c:791:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(info->errorInfo, val);
data/itcl3-3.4.3/generic/itcl_util.c:797:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(info->errorCode, val);
data/itcl3-3.4.3/generic/itcl_util.c:1277:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(cmdName, name);
data/itcl3-3.4.3/generic/itcl_util.c:1304:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                        strcpy(cmdName, listv[3]);
data/itcl3-3.4.3/win/nmakehlp.c:145:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(cmdline, option);
data/itcl3-3.4.3/win/nmakehlp.c:236:5:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
    strcat(cmdline, option);
data/itcl3-3.4.3/win/nmakehlp.c:149:10:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    ok = CreateProcess(
data/itcl3-3.4.3/win/nmakehlp.c:149:10:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    ok = CreateProcess(
data/itcl3-3.4.3/win/nmakehlp.c:238:10:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    ok = CreateProcess(
data/itcl3-3.4.3/win/nmakehlp.c:238:10:  [3] (shell) CreateProcess:
  This causes a new process to execute and is difficult to use safely
  (CWE-78). Specify the application path in the first argument, NOT as part
  of the second, or embedded spaces could allow an attacker to force a
  different program to run.
    ok = CreateProcess(
data/itcl3-3.4.3/generic/itcl_bicmds.c:473:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char msg[256];
data/itcl3-3.4.3/generic/itcl_bicmds.c:474:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(msg, "\n    (error in configuration of public variable \"%.100s\")", member->fullname);
data/itcl3-3.4.3/generic/itcl_bicmds.c:502:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char msg[256];
data/itcl3-3.4.3/generic/itcl_bicmds.c:503:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(msg, "\n    (error in configuration of public variable \"%.100s\")", member->fullname);
data/itcl3-3.4.3/generic/itcl_class.c:680:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char msg[256];
data/itcl3-3.4.3/generic/itcl_class.c:681:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(msg, "\n    (while attempting to autoload class \"%.200s\")", path);
data/itcl3-3.4.3/generic/itcl_class.c:856:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char unique[TCL_INTEGER_SPACE]; /* for unique part of object names */
data/itcl3-3.4.3/generic/itcl_class.c:876:6:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	    sprintf(unique, "%d", cdefnPtr->unique++);
data/itcl3-3.4.3/generic/itcl_class.c:1186:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *buffer, storage[64];
data/itcl3-3.4.3/generic/itcl_class.c:1199:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((void*)buffer, (void*)name, (size_t)length);
data/itcl3-3.4.3/generic/itcl_class.c:1700:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(memPtr->fullname, "::");
data/itcl3-3.4.3/generic/itcl_cmds.c:898:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char mesg[256], *name;
data/itcl3-3.4.3/generic/itcl_cmds.c:900:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(mesg, "\n    (%.100s body line %d)", name,
data/itcl3-3.4.3/generic/itcl_ensemble.c:1071:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((VOID*)partList, (VOID*)ensData->parts, (size_t)size);
data/itcl3-3.4.3/generic/itcl_ensemble.c:1705:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char msg[128];
data/itcl3-3.4.3/generic/itcl_ensemble.c:1706:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(msg, "\n    (\"ensemble\" body line %d)",
data/itcl3-3.4.3/generic/itcl_ensemble.c:2225:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((VOID *) objPtr->bytes, (VOID *) name, (unsigned) length);
data/itcl3-3.4.3/generic/itcl_methods.c:796:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char msg[256];
data/itcl3-3.4.3/generic/itcl_methods.c:797:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(msg, "\n    (while autoloading code for \"%.100s\")",
data/itcl3-3.4.3/generic/itcl_methods.c:1081:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char mesg[100];
data/itcl3-3.4.3/generic/itcl_methods.c:1082:21:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                    sprintf(mesg, "argument #%d has no name", i);
data/itcl3-3.4.3/generic/itcl_methods.c:2246:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char msg[256];
data/itcl3-3.4.3/generic/itcl_methods.c:2247:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(msg, "\n    (while configuring public variable \"%.100s\")", vars[i]->member->fullname);
data/itcl3-3.4.3/generic/itcl_methods.c:2274:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char msg[256];
data/itcl3-3.4.3/generic/itcl_methods.c:2275:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(msg, "\n    (while configuring public variable \"%.100s\")", vars[i]->member->fullname);
data/itcl3-3.4.3/generic/itcl_methods.c:2475:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char num[20];
data/itcl3-3.4.3/generic/itcl_methods.c:2529:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(num, "%d", Tcl_GetErrorLine((Tcl_Interp *)iPtr));
data/itcl3-3.4.3/generic/itcl_parse.c:218:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char msg[256];
data/itcl3-3.4.3/generic/itcl_parse.c:219:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(msg, "\n    (while parsing class definition for \"%.100s\")",
data/itcl3-3.4.3/generic/itcl_parse.c:241:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char msg[256];
data/itcl3-3.4.3/generic/itcl_parse.c:242:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(msg, "\n    (while installing built-in commands for class \"%.100s\")", className);
data/itcl3-3.4.3/generic/itcl_parse.c:266:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char msg[256];
data/itcl3-3.4.3/generic/itcl_parse.c:267:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(msg, "\n    (class \"%.200s\" body line %d)",
data/itcl3-3.4.3/generic/itcl_parse.c:592:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char mesg[256], *token;
data/itcl3-3.4.3/generic/itcl_parse.c:594:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(mesg, "\n    (%.100s body line %d)", token,
data/itcl3-3.4.3/generic/itcl_util.c:153:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((char*)newStack, (char*)stack->values,
data/itcl3-3.4.3/generic/itcl_util.c:1311:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char msg[512];
data/itcl3-3.4.3/generic/itcl_util.c:1316:17:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                sprintf(msg, "\n    (while decoding scoped command \"%.400s\")", name);
data/itcl3-3.4.3/win/nmakehlp.c:30:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[STATICBUFFERSIZE];
data/itcl3-3.4.3/win/nmakehlp.c:42:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[300];
data/itcl3-3.4.3/win/nmakehlp.c:112:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[300];
data/itcl3-3.4.3/win/nmakehlp.c:115:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cmdline[100];
data/itcl3-3.4.3/win/nmakehlp.c:143:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(cmdline, "cl.exe -nologo -c -TC -Zs -X ");
data/itcl3-3.4.3/win/nmakehlp.c:147:5:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
    strcat(cmdline, " .\\nul");
data/itcl3-3.4.3/win/nmakehlp.c:203:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char msg[300];
data/itcl3-3.4.3/win/nmakehlp.c:206:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cmdline[100];
data/itcl3-3.4.3/win/nmakehlp.c:234:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(cmdline, "link.exe -nologo ");
data/itcl3-3.4.3/win/nmakehlp.c:326:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char s1[51], s2[51], s3[51];
data/itcl3-3.4.3/win/nmakehlp.c:330:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen(file, "rt");
data/itcl3-3.4.3/generic/itcl_class.c:202:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cdPtr->name = (char*)ckalloc((unsigned)(strlen(classNs->name)+1));
data/itcl3-3.4.3/generic/itcl_class.c:205:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cdPtr->fullname = (char*)ckalloc((unsigned)(strlen(classNs->fullName)+1));
data/itcl3-3.4.3/generic/itcl_class.c:1067:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int nameLen = strlen(name);
data/itcl3-3.4.3/generic/itcl_class.c:1594:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        vdefn->init = (char*)ckalloc((unsigned)(strlen(init)+1));
data/itcl3-3.4.3/generic/itcl_class.c:1697:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    fullsize = strlen(cdefn->fullname) + strlen(name) + 2;
data/itcl3-3.4.3/generic/itcl_class.c:1697:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    fullsize = strlen(cdefn->fullname) + strlen(name) + 2;
data/itcl3-3.4.3/generic/itcl_class.c:1703:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memPtr->name = (char*)ckalloc((unsigned)(strlen(name)+1));
data/itcl3-3.4.3/generic/itcl_ensemble.c:876:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ensPart->usage = ckalloc((unsigned)(strlen(usageInfo)+1));
data/itcl3-3.4.3/generic/itcl_ensemble.c:1084:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    part->name = (char*)ckalloc((unsigned)(strlen(partName)+1));
data/itcl3-3.4.3/generic/itcl_ensemble.c:1210:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nlen  = strlen(partName);
data/itcl3-3.4.3/generic/itcl_ensemble.c:1420:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    max = strlen(ensData->parts[pos]->name);
data/itcl3-3.4.3/generic/itcl_ensemble.c:2223:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    length = strlen(name);
data/itcl3-3.4.3/generic/itcl_methods.c:1156:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nameLen = strlen(name);
data/itcl3-3.4.3/generic/itcl_util.c:790:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            info->errorInfo = ckalloc((unsigned)(strlen(val)+1));
data/itcl3-3.4.3/generic/itcl_util.c:796:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            info->errorCode = ckalloc((unsigned)(strlen(val)+1));
data/itcl3-3.4.3/generic/itcl_util.c:1271:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(name);
data/itcl3-3.4.3/generic/itcl_util.c:1276:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cmdName = ckalloc((unsigned)strlen(name)+1);
data/itcl3-3.4.3/generic/itcl_util.c:1303:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        cmdName = ckalloc((unsigned)(strlen(listv[3])+1));
data/itcl3-3.4.3/win/nmakehlp.c:168:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	WriteFile(GetStdHandle(STD_ERROR_HANDLE), msg, strlen(msg), &err, NULL);
data/itcl3-3.4.3/win/nmakehlp.c:257:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	WriteFile(GetStdHandle(STD_ERROR_HANDLE), msg, strlen(msg), &err, NULL);
data/itcl3-3.4.3/win/nmakehlp.c:336:6:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	r = fscanf(f, "%50s", s1);
data/itcl3-3.4.3/win/nmakehlp.c:339:10:  [1] (buffer) fscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
	    r = fscanf(f, "%50s %50s", s2, s3);

ANALYSIS SUMMARY:

Hits = 90
Lines analyzed = 17344 in approximately 0.45 seconds (38298 lines/second)
Physical Source Lines of Code (SLOC) = 9863
Hits@level = [0]   0 [1]  22 [2]  49 [3]   4 [4]  15 [5]   0
Hits@level+ = [0+]  90 [1+]  90 [2+]  68 [3+]  19 [4+]  15 [5+]   0
Hits/KSLOC@level+ = [0+] 9.12501 [1+] 9.12501 [2+] 6.89445 [3+] 1.92639 [4+] 1.52084 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.