Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/itcl3-3.4.3/generic/itcl_linkage.c Examining data/itcl3-3.4.3/generic/itcl_util.c Examining data/itcl3-3.4.3/generic/itclIntDecls.h Examining data/itcl3-3.4.3/generic/itcl_parse.c Examining data/itcl3-3.4.3/generic/itclDecls.h Examining data/itcl3-3.4.3/generic/itcl.h Examining data/itcl3-3.4.3/generic/itcl_ensemble.c Examining data/itcl3-3.4.3/generic/itcl_methods.c Examining data/itcl3-3.4.3/generic/itclInt.h Examining data/itcl3-3.4.3/generic/itcl_class.c Examining data/itcl3-3.4.3/generic/itcl_bicmds.c Examining data/itcl3-3.4.3/generic/itcl_objects.c Examining data/itcl3-3.4.3/generic/itclStubLib.c Examining data/itcl3-3.4.3/generic/itclStubInit.c Examining data/itcl3-3.4.3/generic/itcl_cmds.c Examining data/itcl3-3.4.3/generic/itcl_migrate.c Examining data/itcl3-3.4.3/win/dllEntryPoint.c Examining data/itcl3-3.4.3/win/nmakehlp.c FINAL RESULTS: data/itcl3-3.4.3/generic/itcl_class.c:203:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cdPtr->name, classNs->name); data/itcl3-3.4.3/generic/itcl_class.c:206:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cdPtr->fullname, classNs->fullName); data/itcl3-3.4.3/generic/itcl_class.c:1595:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(vdefn->init, init); data/itcl3-3.4.3/generic/itcl_class.c:1699:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(memPtr->fullname, cdefn->fullname); data/itcl3-3.4.3/generic/itcl_class.c:1701:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(memPtr->fullname, name); data/itcl3-3.4.3/generic/itcl_class.c:1704:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(memPtr->name, name); data/itcl3-3.4.3/generic/itcl_ensemble.c:877:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ensPart->usage, usageInfo); data/itcl3-3.4.3/generic/itcl_ensemble.c:1085:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(part->name, partName); data/itcl3-3.4.3/generic/itcl_methods.c:1175:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(localPtr->name, name); data/itcl3-3.4.3/generic/itcl_util.c:791:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(info->errorInfo, val); data/itcl3-3.4.3/generic/itcl_util.c:797:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(info->errorCode, val); data/itcl3-3.4.3/generic/itcl_util.c:1277:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cmdName, name); data/itcl3-3.4.3/generic/itcl_util.c:1304:25: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(cmdName, listv[3]); data/itcl3-3.4.3/win/nmakehlp.c:145:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(cmdline, option); data/itcl3-3.4.3/win/nmakehlp.c:236:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(cmdline, option); data/itcl3-3.4.3/win/nmakehlp.c:149:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ok = CreateProcess( data/itcl3-3.4.3/win/nmakehlp.c:149:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ok = CreateProcess( data/itcl3-3.4.3/win/nmakehlp.c:238:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ok = CreateProcess( data/itcl3-3.4.3/win/nmakehlp.c:238:10: [3] (shell) CreateProcess: This causes a new process to execute and is difficult to use safely (CWE-78). Specify the application path in the first argument, NOT as part of the second, or embedded spaces could allow an attacker to force a different program to run. ok = CreateProcess( data/itcl3-3.4.3/generic/itcl_bicmds.c:473:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/itcl3-3.4.3/generic/itcl_bicmds.c:474:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "\n (error in configuration of public variable \"%.100s\")", member->fullname); data/itcl3-3.4.3/generic/itcl_bicmds.c:502:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/itcl3-3.4.3/generic/itcl_bicmds.c:503:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "\n (error in configuration of public variable \"%.100s\")", member->fullname); data/itcl3-3.4.3/generic/itcl_class.c:680:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/itcl3-3.4.3/generic/itcl_class.c:681:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "\n (while attempting to autoload class \"%.200s\")", path); data/itcl3-3.4.3/generic/itcl_class.c:856:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unique[TCL_INTEGER_SPACE]; /* for unique part of object names */ data/itcl3-3.4.3/generic/itcl_class.c:876:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(unique, "%d", cdefnPtr->unique++); data/itcl3-3.4.3/generic/itcl_class.c:1186:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *buffer, storage[64]; data/itcl3-3.4.3/generic/itcl_class.c:1199:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void*)buffer, (void*)name, (size_t)length); data/itcl3-3.4.3/generic/itcl_class.c:1700:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(memPtr->fullname, "::"); data/itcl3-3.4.3/generic/itcl_cmds.c:898:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[256], *name; data/itcl3-3.4.3/generic/itcl_cmds.c:900:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mesg, "\n (%.100s body line %d)", name, data/itcl3-3.4.3/generic/itcl_ensemble.c:1071:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((VOID*)partList, (VOID*)ensData->parts, (size_t)size); data/itcl3-3.4.3/generic/itcl_ensemble.c:1705:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/itcl3-3.4.3/generic/itcl_ensemble.c:1706:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "\n (\"ensemble\" body line %d)", data/itcl3-3.4.3/generic/itcl_ensemble.c:2225:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((VOID *) objPtr->bytes, (VOID *) name, (unsigned) length); data/itcl3-3.4.3/generic/itcl_methods.c:796:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/itcl3-3.4.3/generic/itcl_methods.c:797:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "\n (while autoloading code for \"%.100s\")", data/itcl3-3.4.3/generic/itcl_methods.c:1081:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[100]; data/itcl3-3.4.3/generic/itcl_methods.c:1082:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mesg, "argument #%d has no name", i); data/itcl3-3.4.3/generic/itcl_methods.c:2246:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/itcl3-3.4.3/generic/itcl_methods.c:2247:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "\n (while configuring public variable \"%.100s\")", vars[i]->member->fullname); data/itcl3-3.4.3/generic/itcl_methods.c:2274:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/itcl3-3.4.3/generic/itcl_methods.c:2275:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "\n (while configuring public variable \"%.100s\")", vars[i]->member->fullname); data/itcl3-3.4.3/generic/itcl_methods.c:2475:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char num[20]; data/itcl3-3.4.3/generic/itcl_methods.c:2529:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(num, "%d", Tcl_GetErrorLine((Tcl_Interp *)iPtr)); data/itcl3-3.4.3/generic/itcl_parse.c:218:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/itcl3-3.4.3/generic/itcl_parse.c:219:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "\n (while parsing class definition for \"%.100s\")", data/itcl3-3.4.3/generic/itcl_parse.c:241:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/itcl3-3.4.3/generic/itcl_parse.c:242:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "\n (while installing built-in commands for class \"%.100s\")", className); data/itcl3-3.4.3/generic/itcl_parse.c:266:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/itcl3-3.4.3/generic/itcl_parse.c:267:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "\n (class \"%.200s\" body line %d)", data/itcl3-3.4.3/generic/itcl_parse.c:592:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mesg[256], *token; data/itcl3-3.4.3/generic/itcl_parse.c:594:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mesg, "\n (%.100s body line %d)", token, data/itcl3-3.4.3/generic/itcl_util.c:153:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*)newStack, (char*)stack->values, data/itcl3-3.4.3/generic/itcl_util.c:1311:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[512]; data/itcl3-3.4.3/generic/itcl_util.c:1316:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "\n (while decoding scoped command \"%.400s\")", name); data/itcl3-3.4.3/win/nmakehlp.c:30:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[STATICBUFFERSIZE]; data/itcl3-3.4.3/win/nmakehlp.c:42:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[300]; data/itcl3-3.4.3/win/nmakehlp.c:112:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[300]; data/itcl3-3.4.3/win/nmakehlp.c:115:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdline[100]; data/itcl3-3.4.3/win/nmakehlp.c:143:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(cmdline, "cl.exe -nologo -c -TC -Zs -X "); data/itcl3-3.4.3/win/nmakehlp.c:147:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(cmdline, " .\\nul"); data/itcl3-3.4.3/win/nmakehlp.c:203:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[300]; data/itcl3-3.4.3/win/nmakehlp.c:206:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdline[100]; data/itcl3-3.4.3/win/nmakehlp.c:234:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(cmdline, "link.exe -nologo "); data/itcl3-3.4.3/win/nmakehlp.c:326:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s1[51], s2[51], s3[51]; data/itcl3-3.4.3/win/nmakehlp.c:330:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(file, "rt"); data/itcl3-3.4.3/generic/itcl_class.c:202:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cdPtr->name = (char*)ckalloc((unsigned)(strlen(classNs->name)+1)); data/itcl3-3.4.3/generic/itcl_class.c:205:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cdPtr->fullname = (char*)ckalloc((unsigned)(strlen(classNs->fullName)+1)); data/itcl3-3.4.3/generic/itcl_class.c:1067:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int nameLen = strlen(name); data/itcl3-3.4.3/generic/itcl_class.c:1594:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vdefn->init = (char*)ckalloc((unsigned)(strlen(init)+1)); data/itcl3-3.4.3/generic/itcl_class.c:1697:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullsize = strlen(cdefn->fullname) + strlen(name) + 2; data/itcl3-3.4.3/generic/itcl_class.c:1697:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fullsize = strlen(cdefn->fullname) + strlen(name) + 2; data/itcl3-3.4.3/generic/itcl_class.c:1703:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memPtr->name = (char*)ckalloc((unsigned)(strlen(name)+1)); data/itcl3-3.4.3/generic/itcl_ensemble.c:876:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ensPart->usage = ckalloc((unsigned)(strlen(usageInfo)+1)); data/itcl3-3.4.3/generic/itcl_ensemble.c:1084:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). part->name = (char*)ckalloc((unsigned)(strlen(partName)+1)); data/itcl3-3.4.3/generic/itcl_ensemble.c:1210:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(partName); data/itcl3-3.4.3/generic/itcl_ensemble.c:1420:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). max = strlen(ensData->parts[pos]->name); data/itcl3-3.4.3/generic/itcl_ensemble.c:2223:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(name); data/itcl3-3.4.3/generic/itcl_methods.c:1156:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameLen = strlen(name); data/itcl3-3.4.3/generic/itcl_util.c:790:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). info->errorInfo = ckalloc((unsigned)(strlen(val)+1)); data/itcl3-3.4.3/generic/itcl_util.c:796:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). info->errorCode = ckalloc((unsigned)(strlen(val)+1)); data/itcl3-3.4.3/generic/itcl_util.c:1271:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(name); data/itcl3-3.4.3/generic/itcl_util.c:1276:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmdName = ckalloc((unsigned)strlen(name)+1); data/itcl3-3.4.3/generic/itcl_util.c:1303:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cmdName = ckalloc((unsigned)(strlen(listv[3])+1)); data/itcl3-3.4.3/win/nmakehlp.c:168:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WriteFile(GetStdHandle(STD_ERROR_HANDLE), msg, strlen(msg), &err, NULL); data/itcl3-3.4.3/win/nmakehlp.c:257:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WriteFile(GetStdHandle(STD_ERROR_HANDLE), msg, strlen(msg), &err, NULL); data/itcl3-3.4.3/win/nmakehlp.c:336:6: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. r = fscanf(f, "%50s", s1); data/itcl3-3.4.3/win/nmakehlp.c:339:10: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. r = fscanf(f, "%50s %50s", s2, s3); ANALYSIS SUMMARY: Hits = 90 Lines analyzed = 17344 in approximately 0.45 seconds (38298 lines/second) Physical Source Lines of Code (SLOC) = 9863 Hits@level = [0] 0 [1] 22 [2] 49 [3] 4 [4] 15 [5] 0 Hits@level+ = [0+] 90 [1+] 90 [2+] 68 [3+] 19 [4+] 15 [5+] 0 Hits/KSLOC@level+ = [0+] 9.12501 [1+] 9.12501 [2+] 6.89445 [3+] 1.92639 [4+] 1.52084 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.