Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libarchive-3.4.3/cat/test/test_version.c
Examining data/libarchive-3.4.3/cat/test/list.h
Examining data/libarchive-3.4.3/cat/test/test_error_mixed.c
Examining data/libarchive-3.4.3/cat/test/test_empty_gz.c
Examining data/libarchive-3.4.3/cat/test/test_expand_xz.c
Examining data/libarchive-3.4.3/cat/test/test_help.c
Examining data/libarchive-3.4.3/cat/test/test_stdin.c
Examining data/libarchive-3.4.3/cat/test/test_expand_mixed.c
Examining data/libarchive-3.4.3/cat/test/test_expand_Z.c
Examining data/libarchive-3.4.3/cat/test/test_error.c
Examining data/libarchive-3.4.3/cat/test/test_expand_bz2.c
Examining data/libarchive-3.4.3/cat/test/test_expand_plain.c
Examining data/libarchive-3.4.3/cat/test/test.h
Examining data/libarchive-3.4.3/cat/test/test_expand_lz4.c
Examining data/libarchive-3.4.3/cat/test/test_empty_xz.c
Examining data/libarchive-3.4.3/cat/test/test_expand_gz.c
Examining data/libarchive-3.4.3/cat/test/test_expand_zstd.c
Examining data/libarchive-3.4.3/cat/test/test_empty_zstd.c
Examining data/libarchive-3.4.3/cat/test/test_empty_lz4.c
Examining data/libarchive-3.4.3/cat/test/test_0.c
Examining data/libarchive-3.4.3/cat/bsdcat_platform.h
Examining data/libarchive-3.4.3/cat/bsdcat.h
Examining data/libarchive-3.4.3/cat/cmdline.c
Examining data/libarchive-3.4.3/cat/bsdcat.c
Examining data/libarchive-3.4.3/build/cmake/CheckFileOffsetBits.c
Examining data/libarchive-3.4.3/contrib/shar/tree.c
Examining data/libarchive-3.4.3/contrib/shar/tree_config.h
Examining data/libarchive-3.4.3/contrib/shar/shar.c
Examining data/libarchive-3.4.3/contrib/shar/tree.h
Examining data/libarchive-3.4.3/contrib/oss-fuzz/libarchive_fuzzer.cc
Examining data/libarchive-3.4.3/contrib/archivetest.c
Examining data/libarchive-3.4.3/contrib/android/include/android_lf.h
Examining data/libarchive-3.4.3/contrib/android/include/Windows.h
Examining data/libarchive-3.4.3/contrib/android/include/Bcrypt.h
Examining data/libarchive-3.4.3/contrib/android/config/linux_host.h
Examining data/libarchive-3.4.3/contrib/android/config/windows_host.h
Examining data/libarchive-3.4.3/contrib/android/config/android.h
Examining data/libarchive-3.4.3/contrib/untar.c
Examining data/libarchive-3.4.3/cpio/cpio.h
Examining data/libarchive-3.4.3/cpio/cpio_windows.h
Examining data/libarchive-3.4.3/cpio/cmdline.c
Examining data/libarchive-3.4.3/cpio/cpio_windows.c
Examining data/libarchive-3.4.3/cpio/cpio_platform.h
Examining data/libarchive-3.4.3/cpio/config_freebsd.h
Examining data/libarchive-3.4.3/cpio/cpio.c
Examining data/libarchive-3.4.3/cpio/test/test_extract_cpio_grz.c
Examining data/libarchive-3.4.3/cpio/test/test_owner_parse.c
Examining data/libarchive-3.4.3/cpio/test/test_option_z.c
Examining data/libarchive-3.4.3/cpio/test/test_option_passphrase.c
Examining data/libarchive-3.4.3/cpio/test/test_option_lzma.c
Examining data/libarchive-3.4.3/cpio/test/test_extract_cpio_Z.c
Examining data/libarchive-3.4.3/cpio/test/test_missing_file.c
Examining data/libarchive-3.4.3/cpio/test/test_option_grzip.c
Examining data/libarchive-3.4.3/cpio/test/test_option_help.c
Examining data/libarchive-3.4.3/cpio/test/test_option_L_upper.c
Examining data/libarchive-3.4.3/cpio/test/test_option_uuencode.c
Examining data/libarchive-3.4.3/cpio/test/list.h
Examining data/libarchive-3.4.3/cpio/test/test_option_d.c
Examining data/libarchive-3.4.3/cpio/test/test_option_b64encode.c
Examining data/libarchive-3.4.3/cpio/test/test_option_y.c
Examining data/libarchive-3.4.3/cpio/test/test_option_f.c
Examining data/libarchive-3.4.3/cpio/test/test_extract_cpio_gz.c
Examining data/libarchive-3.4.3/cpio/test/test_extract_cpio_bz2.c
Examining data/libarchive-3.4.3/cpio/test/test_extract_cpio_lzo.c
Examining data/libarchive-3.4.3/cpio/test/test_extract_cpio_lzma.c
Examining data/libarchive-3.4.3/cpio/test/test_option_l.c
Examining data/libarchive-3.4.3/cpio/test/test_passthrough_dotdot.c
Examining data/libarchive-3.4.3/cpio/test/test_option_version.c
Examining data/libarchive-3.4.3/cpio/test/test_option_0.c
Examining data/libarchive-3.4.3/cpio/test/test_option_m.c
Examining data/libarchive-3.4.3/cpio/test/test_option_c.c
Examining data/libarchive-3.4.3/cpio/test/test_option_C_upper.c
Examining data/libarchive-3.4.3/cpio/test/test_passthrough_reverse.c
Examining data/libarchive-3.4.3/cpio/test/test_extract_cpio_lz.c
Examining data/libarchive-3.4.3/cpio/test/test_option_lz4.c
Examining data/libarchive-3.4.3/cpio/test/test_option_xz.c
Examining data/libarchive-3.4.3/cpio/test/test_cmdline.c
Examining data/libarchive-3.4.3/cpio/test/test_gcpio_compat.c
Examining data/libarchive-3.4.3/cpio/test/test_extract_cpio_lrz.c
Examining data/libarchive-3.4.3/cpio/test/test_extract_cpio_xz.c
Examining data/libarchive-3.4.3/cpio/test/test_extract_cpio_zstd.c
Examining data/libarchive-3.4.3/cpio/test/test_extract_cpio_lz4.c
Examining data/libarchive-3.4.3/cpio/test/test_option_u.c
Examining data/libarchive-3.4.3/cpio/test/test_option_lzop.c
Examining data/libarchive-3.4.3/cpio/test/test_0.c
Examining data/libarchive-3.4.3/cpio/test/test_option_Z_upper.c
Examining data/libarchive-3.4.3/cpio/test/test_option_t.c
Examining data/libarchive-3.4.3/cpio/test/test_option_lrzip.c
Examining data/libarchive-3.4.3/cpio/test/test_option_J_upper.c
Examining data/libarchive-3.4.3/cpio/test/test_option_B_upper.c
Examining data/libarchive-3.4.3/cpio/test/test_option_zstd.c
Examining data/libarchive-3.4.3/cpio/test/test.h
Examining data/libarchive-3.4.3/cpio/test/test_basic.c
Examining data/libarchive-3.4.3/cpio/test/test_format_newc.c
Examining data/libarchive-3.4.3/cpio/test/test_option_a.c
Examining data/libarchive-3.4.3/test_utils/test_utils.c
Examining data/libarchive-3.4.3/test_utils/test_common.h
Examining data/libarchive-3.4.3/test_utils/test_utils.h
Examining data/libarchive-3.4.3/test_utils/test_main.c
Examining data/libarchive-3.4.3/examples/tarfilter.c
Examining data/libarchive-3.4.3/examples/minitar/minitar.c
Examining data/libarchive-3.4.3/examples/untar.c
Examining data/libarchive-3.4.3/libarchive_fe/line_reader.c
Examining data/libarchive-3.4.3/libarchive_fe/err.c
Examining data/libarchive-3.4.3/libarchive_fe/passphrase.h
Examining data/libarchive-3.4.3/libarchive_fe/err.h
Examining data/libarchive-3.4.3/libarchive_fe/line_reader.h
Examining data/libarchive-3.4.3/libarchive_fe/lafe_platform.h
Examining data/libarchive-3.4.3/libarchive_fe/passphrase.c
Examining data/libarchive-3.4.3/tar/bsdtar_windows.h
Examining data/libarchive-3.4.3/tar/read.c
Examining data/libarchive-3.4.3/tar/cmdline.c
Examining data/libarchive-3.4.3/tar/bsdtar.h
Examining data/libarchive-3.4.3/tar/bsdtar_platform.h
Examining data/libarchive-3.4.3/tar/util.c
Examining data/libarchive-3.4.3/tar/test/test_option_X_upper.c
Examining data/libarchive-3.4.3/tar/test/test_option_b64encode.c
Examining data/libarchive-3.4.3/tar/test/test_option_T_upper.c
Examining data/libarchive-3.4.3/tar/test/test_extract_tar_grz.c
Examining data/libarchive-3.4.3/tar/test/test_option_L_upper.c
Examining data/libarchive-3.4.3/tar/test/test_option_lz4.c
Examining data/libarchive-3.4.3/tar/test/test_option_H_upper.c
Examining data/libarchive-3.4.3/tar/test/test_format_newc.c
Examining data/libarchive-3.4.3/tar/test/test_option_n.c
Examining data/libarchive-3.4.3/tar/test/test_option_q.c
Examining data/libarchive-3.4.3/tar/test/test_option_uid_uname.c
Examining data/libarchive-3.4.3/tar/test/test_option_zstd.c
Examining data/libarchive-3.4.3/tar/test/test_copy.c
Examining data/libarchive-3.4.3/tar/test/test_option_z.c
Examining data/libarchive-3.4.3/tar/test/test_option_uuencode.c
Examining data/libarchive-3.4.3/tar/test/test_extract_tar_zstd.c
Examining data/libarchive-3.4.3/tar/test/test_option_lzop.c
Examining data/libarchive-3.4.3/tar/test/test_extract_tar_gz.c
Examining data/libarchive-3.4.3/tar/test/test_extract_tar_lzo.c
Examining data/libarchive-3.4.3/tar/test/test_extract_tar_bz2.c
Examining data/libarchive-3.4.3/tar/test/list.h
Examining data/libarchive-3.4.3/tar/test/test_option_xattrs.c
Examining data/libarchive-3.4.3/tar/test/test_option_gid_gname.c
Examining data/libarchive-3.4.3/tar/test/test_option_r.c
Examining data/libarchive-3.4.3/tar/test/test_option_U_upper.c
Examining data/libarchive-3.4.3/tar/test/test_option_s.c
Examining data/libarchive-3.4.3/tar/test/test_missing_file.c
Examining data/libarchive-3.4.3/tar/test/test_option_older_than.c
Examining data/libarchive-3.4.3/tar/test/test_option_grzip.c
Examining data/libarchive-3.4.3/tar/test/test_basic.c
Examining data/libarchive-3.4.3/tar/test/test_option_newer_than.c
Examining data/libarchive-3.4.3/tar/test/test_strip_components.c
Examining data/libarchive-3.4.3/tar/test/test_option_nodump.c
Examining data/libarchive-3.4.3/tar/test/test_option_C_mtree.c
Examining data/libarchive-3.4.3/tar/test/test_option_xz.c
Examining data/libarchive-3.4.3/tar/test/test_option_lrzip.c
Examining data/libarchive-3.4.3/tar/test/test.h
Examining data/libarchive-3.4.3/tar/test/test_option_b.c
Examining data/libarchive-3.4.3/tar/test/test_option_exclude_vcs.c
Examining data/libarchive-3.4.3/tar/test/test_version.c
Examining data/libarchive-3.4.3/tar/test/test_option_passphrase.c
Examining data/libarchive-3.4.3/tar/test/test_option_O_upper.c
Examining data/libarchive-3.4.3/tar/test/test_option_acls.c
Examining data/libarchive-3.4.3/tar/test/test_option_C_upper.c
Examining data/libarchive-3.4.3/tar/test/test_empty_mtree.c
Examining data/libarchive-3.4.3/tar/test/test_symlink_dir.c
Examining data/libarchive-3.4.3/tar/test/test_leading_slash.c
Examining data/libarchive-3.4.3/tar/test/test_option_fflags.c
Examining data/libarchive-3.4.3/tar/test/test_extract_tar_lrz.c
Examining data/libarchive-3.4.3/tar/test/test_extract_tar_lzma.c
Examining data/libarchive-3.4.3/tar/test/test_print_longpath.c
Examining data/libarchive-3.4.3/tar/test/test_stdio.c
Examining data/libarchive-3.4.3/tar/test/test_extract_tar_xz.c
Examining data/libarchive-3.4.3/tar/test/test_extract_tar_lz4.c
Examining data/libarchive-3.4.3/tar/test/test_option_a.c
Examining data/libarchive-3.4.3/tar/test/test_patterns.c
Examining data/libarchive-3.4.3/tar/test/test_extract_tar_Z.c
Examining data/libarchive-3.4.3/tar/test/test_option_k.c
Examining data/libarchive-3.4.3/tar/test/test_windows.c
Examining data/libarchive-3.4.3/tar/test/test_option_j.c
Examining data/libarchive-3.4.3/tar/test/test_option_lzma.c
Examining data/libarchive-3.4.3/tar/test/test_0.c
Examining data/libarchive-3.4.3/tar/test/test_extract_tar_lz.c
Examining data/libarchive-3.4.3/tar/test/test_option_exclude.c
Examining data/libarchive-3.4.3/tar/test/test_option_keep_newer_files.c
Examining data/libarchive-3.4.3/tar/test/test_help.c
Examining data/libarchive-3.4.3/tar/test/test_option_safe_writes.c
Examining data/libarchive-3.4.3/tar/creation_set.c
Examining data/libarchive-3.4.3/tar/bsdtar_windows.c
Examining data/libarchive-3.4.3/tar/config_freebsd.h
Examining data/libarchive-3.4.3/tar/write.c
Examining data/libarchive-3.4.3/tar/bsdtar.c
Examining data/libarchive-3.4.3/tar/subst.c
Examining data/libarchive-3.4.3/libarchive/archive_entry.c
Examining data/libarchive-3.4.3/libarchive/archive_write_set_format_warc.c
Examining data/libarchive-3.4.3/libarchive/archive_options_private.h
Examining data/libarchive-3.4.3/libarchive/archive_disk_acl_sunos.c
Examining data/libarchive-3.4.3/libarchive/archive_read_private.h
Examining data/libarchive-3.4.3/libarchive/archive_write_add_filter_uuencode.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_filter_grzip.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_filter_xz.c
Examining data/libarchive-3.4.3/libarchive/archive_write_set_format_v7tar.c
Examining data/libarchive-3.4.3/libarchive/archive_string_sprintf.c
Examining data/libarchive-3.4.3/libarchive/archive_write_add_filter_by_name.c
Examining data/libarchive-3.4.3/libarchive/archive_read_data_into_fd.c
Examining data/libarchive-3.4.3/libarchive/archive_entry_copy_stat.c
Examining data/libarchive-3.4.3/libarchive/archive_write_open_fd.c
Examining data/libarchive-3.4.3/libarchive/archive.h
Examining data/libarchive-3.4.3/libarchive/archive_entry_copy_bhfi.c
Examining data/libarchive-3.4.3/libarchive/archive_disk_acl_linux.c
Examining data/libarchive-3.4.3/libarchive/archive_openssl_hmac_private.h
Examining data/libarchive-3.4.3/libarchive/archive_read_disk_windows.c
Examining data/libarchive-3.4.3/libarchive/archive_entry_xattr.c
Examining data/libarchive-3.4.3/libarchive/archive_read_disk_entry_from_file.c
Examining data/libarchive-3.4.3/libarchive/archive_windows.h
Examining data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c
Examining data/libarchive-3.4.3/libarchive/archive_read_extract2.c
Examining data/libarchive-3.4.3/libarchive/archive_read.c
Examining data/libarchive-3.4.3/libarchive/archive_read_disk_set_standard_lookup.c
Examining data/libarchive-3.4.3/libarchive/archive_write_add_filter_bzip2.c
Examining data/libarchive-3.4.3/libarchive/archive_read_extract.c
Examining data/libarchive-3.4.3/libarchive/archive_hmac_private.h
Examining data/libarchive-3.4.3/libarchive/archive_write_add_filter_compress.c
Examining data/libarchive-3.4.3/libarchive/archive_write_add_filter_grzip.c
Examining data/libarchive-3.4.3/libarchive/archive_string.h
Examining data/libarchive-3.4.3/libarchive/archive_private.h
Examining data/libarchive-3.4.3/libarchive/config_freebsd.h
Examining data/libarchive-3.4.3/libarchive/archive_disk_acl_darwin.c
Examining data/libarchive-3.4.3/libarchive/archive_pack_dev.c
Examining data/libarchive-3.4.3/libarchive/archive_write_add_filter_gzip.c
Examining data/libarchive-3.4.3/libarchive/archive_write_set_format_private.h
Examining data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c
Examining data/libarchive-3.4.3/libarchive/archive_write_add_filter_none.c
Examining data/libarchive-3.4.3/libarchive/archive_read_disk_posix.c
Examining data/libarchive-3.4.3/libarchive/archive_write_set_format_gnutar.c
Examining data/libarchive-3.4.3/libarchive/archive_entry_sparse.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_format_cab.c
Examining data/libarchive-3.4.3/libarchive/archive_acl_private.h
Examining data/libarchive-3.4.3/libarchive/archive_read_support_filter_lzop.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_filter_all.c
Examining data/libarchive-3.4.3/libarchive/archive_crc32.h
Examining data/libarchive-3.4.3/libarchive/archive_rb.c
Examining data/libarchive-3.4.3/libarchive/archive_blake2s_ref.c
Examining data/libarchive-3.4.3/libarchive/archive_write_disk_private.h
Examining data/libarchive-3.4.3/libarchive/archive_read_support_filter_compress.c
Examining data/libarchive-3.4.3/libarchive/archive_hmac.c
Examining data/libarchive-3.4.3/libarchive/archive_disk_acl_freebsd.c
Examining data/libarchive-3.4.3/libarchive/archive_entry_link_resolver.c
Examining data/libarchive-3.4.3/libarchive/archive_write_set_format.c
Examining data/libarchive-3.4.3/libarchive/archive_ppmd_private.h
Examining data/libarchive-3.4.3/libarchive/archive_read_open_fd.c
Examining data/libarchive-3.4.3/libarchive/archive_write_add_filter_lz4.c
Examining data/libarchive-3.4.3/libarchive/archive_getdate.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_format_7zip.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c
Examining data/libarchive-3.4.3/libarchive/archive_ppmd8.c
Examining data/libarchive-3.4.3/libarchive/archive_entry_strmode.c
Examining data/libarchive-3.4.3/libarchive/archive_write_set_format_by_name.c
Examining data/libarchive-3.4.3/libarchive/archive_virtual.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_filter_bzip2.c
Examining data/libarchive-3.4.3/libarchive/archive_write_add_filter_program.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_format_iso9660.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_filter_zstd.c
Examining data/libarchive-3.4.3/libarchive/archive_write_private.h
Examining data/libarchive-3.4.3/libarchive/filter_fork_windows.c
Examining data/libarchive-3.4.3/libarchive/archive_pathmatch.h
Examining data/libarchive-3.4.3/libarchive/archive_read_support_filter_lz4.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_format_all.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_filter_none.c
Examining data/libarchive-3.4.3/libarchive/archive_write_set_options.c
Examining data/libarchive-3.4.3/libarchive/archive_read_open_file.c
Examining data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c
Examining data/libarchive-3.4.3/libarchive/archive_write_add_filter_lzop.c
Examining data/libarchive-3.4.3/libarchive/archive_cryptor_private.h
Examining data/libarchive-3.4.3/libarchive/archive_openssl_evp_private.h
Examining data/libarchive-3.4.3/libarchive/archive_cmdline.c
Examining data/libarchive-3.4.3/libarchive/archive_write_disk_windows.c
Examining data/libarchive-3.4.3/libarchive/archive_platform_xattr.h
Examining data/libarchive-3.4.3/libarchive/archive_digest.c
Examining data/libarchive-3.4.3/libarchive/archive_write_set_format_shar.c
Examining data/libarchive-3.4.3/libarchive/archive_ppmd8_private.h
Examining data/libarchive-3.4.3/libarchive/archive_windows.c
Examining data/libarchive-3.4.3/libarchive/archive_random.c
Examining data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c
Examining data/libarchive-3.4.3/libarchive/archive_write_open_filename.c
Examining data/libarchive-3.4.3/libarchive/archive_entry_stat.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_format_xar.c
Examining data/libarchive-3.4.3/libarchive/archive_write_disk_set_standard_lookup.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_filter_gzip.c
Examining data/libarchive-3.4.3/libarchive/archive_write_add_filter_lrzip.c
Examining data/libarchive-3.4.3/libarchive/archive_read_set_options.c
Examining data/libarchive-3.4.3/libarchive/archive_cmdline_private.h
Examining data/libarchive-3.4.3/libarchive/archive_write_set_passphrase.c
Examining data/libarchive-3.4.3/libarchive/archive_match.c
Examining data/libarchive-3.4.3/libarchive/archive_write_add_filter.c
Examining data/libarchive-3.4.3/libarchive/archive_platform.h
Examining data/libarchive-3.4.3/libarchive/archive_blake2_impl.h
Examining data/libarchive-3.4.3/libarchive/archive_write_add_filter_zstd.c
Examining data/libarchive-3.4.3/libarchive/xxhash.c
Examining data/libarchive-3.4.3/libarchive/filter_fork.h
Examining data/libarchive-3.4.3/libarchive/archive_endian.h
Examining data/libarchive-3.4.3/libarchive/archive_read_support_format_raw.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_filter_lrzip.c
Examining data/libarchive-3.4.3/libarchive/test/test_compat_plexus_archiver_tar.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_cpio_svr4_gzip.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_cpio_newc.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_mtree_classic_indent.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_pax_truncated.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_7zip_encryption_partially.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_disk_secure746.c
Examining data/libarchive-3.4.3/libarchive/test/test.h
Examining data/libarchive-3.4.3/libarchive/test/test_read_file_nonexistent.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_read_format_zip.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_read_set_format_option.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_write_set_format_by_name.c
Examining data/libarchive-3.4.3/libarchive/test/test_open_file.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_encryption_partially.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_lha_filename_utf16.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_open_memory.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_traditional_encryption_data.c
Examining data/libarchive-3.4.3/libarchive/test/test_entry.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_raw.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_tar_ustar.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_isozisofs_bz2.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_filter_lzop.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_gtar_lzma.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_filter_lzop.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_pax.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_disk_mac_metadata.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_lha.c
Examining data/libarchive-3.4.3/libarchive/test/test_compat_solaris_tar_acl.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_mtree.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_gtar_filename.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_getdate.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_gtar_sparse.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_read_close_twice_open_fd.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_7zip.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_7zip.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_jar.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_rar_encryption_partially.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_write_set_passphrase.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_zip_file.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_isorr_new_bz2.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_mtree_fflags.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_disk_appledouble.c
Examining data/libarchive-3.4.3/libarchive/test/test_compat_bzip2.c
Examining data/libarchive-3.4.3/libarchive/test/test_compat_gtar.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_empty.c
Examining data/libarchive-3.4.3/libarchive/test/test_warn_missing_hardlink_target.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_disk_failures.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_filter_bzip2.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_padded.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_filter_uudecode.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_filter_zstd.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_tar_empty_with_gnulabel.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_read_add_passphrase.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_write_set_filter_option.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_encryption_header.c
Examining data/libarchive-3.4.3/libarchive/test/test_gnutar_filename_encoding.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_msdos.c
Examining data/libarchive-3.4.3/libarchive/test/test_sparse_basic.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_cpio_odc.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_digest.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_filter_compress.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_7zip_malformed.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_mac_metadata.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_tar_concatenated.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_data_large.c
Examining data/libarchive-3.4.3/libarchive/test/read_open_memory.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_zisofs.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_xar.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_match_owner.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_filter_xz.c
Examining data/libarchive-3.4.3/libarchive/test/test_pax_xattr_header.c
Examining data/libarchive-3.4.3/libarchive/test/test_compat_lz4.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_filter_compress.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_cpio_odc.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_disk_secure745.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_disk_hardlink.c
Examining data/libarchive-3.4.3/libarchive/test/test_acl_posix1e.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_read_multiple_data_objects.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_raw_b64.c
Examining data/libarchive-3.4.3/libarchive/test/test_compat_cpio.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_isojoliet_bz2.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_disk.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_mtree_quoted_filename.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_filename.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_cpio_filename.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c
Examining data/libarchive-3.4.3/libarchive/test/test_compat_star_acl.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_high_compression.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_isorr_bz2.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_rar_invalid1.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_pax_xattr_rht_security_selinux.c
Examining data/libarchive-3.4.3/libarchive/test/test_compat_zip.c
Examining data/libarchive-3.4.3/libarchive/test/test_compat_zstd.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_winzip_aes_large.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_xar.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_mtree_classic.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_cpio_bin_Z.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_pax_bz2.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_zip_empty.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_gtar_gz.c
Examining data/libarchive-3.4.3/libarchive/test/test_open_failure.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_iso_Z.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_filter_lzip.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_write_set_option.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_zip_large.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_too_many_filters.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_disk.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_string.c
Examining data/libarchive-3.4.3/libarchive/test/test_compat_uudecode_large.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_disk_times.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_ustar_filename.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_cpio_bin_xz.c
Examining data/libarchive-3.4.3/libarchive/test/test_fuzz.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_txz.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_write_set_format_filter_by_ext.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_mtree_absolute_path.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_7075_utf8_paths.c
Examining data/libarchive-3.4.3/libarchive/test/test_acl_nfs4.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_tlz.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_encryption_data.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_zip64.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_winzip_aes.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_cpio_svr4_gzip_rpm.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_cpio_bin_le.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_read_close_twice.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_write_add_filter_by_name.c
Examining data/libarchive-3.4.3/libarchive/test/test_compat_solaris_pax_sparse.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_cpio_svr4c_Z.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_nofiletype.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_cab_filename.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_cpio_bin_lzma.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_disk_secure.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_iso_multi_extent.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_cpio_bin_bz2.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_filter_uuencode.c
Examining data/libarchive-3.4.3/libarchive/test/test_compat_uudecode.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_zip_compression_store.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_7zip_packinfo_digests.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_tar_filename.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_extra_padding.c
Examining data/libarchive-3.4.3/libarchive/test/test_compat_lzop.c
Examining data/libarchive-3.4.3/libarchive/test/test_entry_strmode.c
Examining data/libarchive-3.4.3/libarchive/test/test_tar_filenames.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_raw.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_disk_secure744.c
Examining data/libarchive-3.4.3/libarchive/test/test_acl_platform_posix1e.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_boot.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_zip.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_read_set_options.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_read_next_header_raw.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_tar_empty_pax.c
Examining data/libarchive-3.4.3/libarchive/test/test_compat_mac.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_disk_sparse.c
Examining data/libarchive-3.4.3/libarchive/test/test_acl_text.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_cpio_bin.c
Examining data/libarchive-3.4.3/libarchive/test/test_compat_xz.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_disk_no_hfs_compression.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_tar.c
Examining data/libarchive-3.4.3/libarchive/test/test_xattr_platform.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_pax_xattr_schily.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_rar_encryption_header.c
Examining data/libarchive-3.4.3/libarchive/test/test_zip_filename_encoding.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_match_time.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_empty.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_cpio_afio.c
Examining data/libarchive-3.4.3/libarchive/test/test_empty_write.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_truncated_filter.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_tz.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_large.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_ar.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_isorr_rr_moved.c
Examining data/libarchive-3.4.3/libarchive/test/test_extattr_freebsd.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_read_close_twice_open_filename.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_disk_hfs_compression.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_rar5.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_xar_empty.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_mtree_no_separator.c
Examining data/libarchive-3.4.3/libarchive/test/test_compat_tar_hardlink.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_filter_lrzip.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_nested.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_with_invalid_traditional_eocd.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_tgz.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_isojoliet_long.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_shar_empty.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_set_error.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_cpio_bin_gz.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_warc_empty.c
Examining data/libarchive-3.4.3/libarchive/test/test_compat_gzip.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_mtree.c
Examining data/libarchive-3.4.3/libarchive/test/test_ustar_filename_encoding.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_filter_lz4.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_cpio_svr4_bzip2_rpm.c
Examining data/libarchive-3.4.3/libarchive/test/test_filter_count.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_lha_bugfix_0.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_filter_b64encode.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_tar_v7tar.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_disk_entry_from_file.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_gnutar.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_read_next_header_empty.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_zip_file_zip64.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_gtar_sparse_skip_entry.c
Examining data/libarchive-3.4.3/libarchive/test/test_ustar_filenames.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_7zip_encryption_data.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_tar_sparse.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_sfx.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_cpio_bin_be.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_rar_encryption_data.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_tbz.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_match_path.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_filter_lzma.c
Examining data/libarchive-3.4.3/libarchive/test/list.h
Examining data/libarchive-3.4.3/libarchive/test/test_archive_read_set_filter_option.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_truncated.c
Examining data/libarchive-3.4.3/libarchive/test/test_bad_fd.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_7zip_encryption_header.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_pathmatch.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_tar_empty.c
Examining data/libarchive-3.4.3/libarchive/test/test_open_filename.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_filter_gzip.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_api_feature.c
Examining data/libarchive-3.4.3/libarchive/test/test_acl_pax.c
Examining data/libarchive-3.4.3/libarchive/test/test_acl_platform_nfs4.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_clear_error.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_ar.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_read_set_option.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_isojoliet_versioned.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_read_open2.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_filename.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_cpio_empty.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_tar.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_position.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_extract.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_filter_program_signature.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_filter_grzip.c
Examining data/libarchive-3.4.3/libarchive/test/test_tar_large.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_disk_symlink.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_zip_empty_zip64.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_tar_empty_filename.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_filter_gzip_timestamp.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_filter_lzop_multiple_parts.c
Examining data/libarchive-3.4.3/libarchive/test/test_compat_perl_archive_tar.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_malformed.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_gnutar_filenames.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_warc.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_warc.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_write_set_format_option.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_isorr_ce.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_cpio_bin_lzip.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_zip_zip64.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_cab.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_7zip_large.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_disk_lookup.c
Examining data/libarchive-3.4.3/libarchive/test/test_open_fd.c
Examining data/libarchive-3.4.3/libarchive/test/test_pax_filename_encoding.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_read_support.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_disk_perms.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_zip_comment_stored.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_iso_xorriso.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_filter_program.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_disk_directory_traversals.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_filter_program.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_isojoliet_rr.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_set_format.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_write_set_options.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_mtree_crash747.c
Examining data/libarchive-3.4.3/libarchive/test/test_link_resolver.c
Examining data/libarchive-3.4.3/libarchive/test/test_read_format_lha_filename.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_7zip_empty.c
Examining data/libarchive-3.4.3/libarchive/test/test_archive_cmdline.c
Examining data/libarchive-3.4.3/libarchive/test/test_compat_lzip.c
Examining data/libarchive-3.4.3/libarchive/test/test_compat_lzma.c
Examining data/libarchive-3.4.3/libarchive/test/test_write_format_cpio.c
Examining data/libarchive-3.4.3/libarchive/archive_entry.h
Examining data/libarchive-3.4.3/libarchive/archive_read_support_format_lha.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_format_zip.c
Examining data/libarchive-3.4.3/libarchive/archive_blake2sp_ref.c
Examining data/libarchive-3.4.3/libarchive/archive_write_set_format_ustar.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_format_warc.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_format_empty.c
Examining data/libarchive-3.4.3/libarchive/archive_read_append_filter.c
Examining data/libarchive-3.4.3/libarchive/archive_options.c
Examining data/libarchive-3.4.3/libarchive/archive_blake2.h
Examining data/libarchive-3.4.3/libarchive/archive_write_open_file.c
Examining data/libarchive-3.4.3/libarchive/archive_pathmatch.c
Examining data/libarchive-3.4.3/libarchive/archive_version_details.c
Examining data/libarchive-3.4.3/libarchive/archive_random_private.h
Examining data/libarchive-3.4.3/libarchive/archive_string_composition.h
Examining data/libarchive-3.4.3/libarchive/archive_read_set_format.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_format_ar.c
Examining data/libarchive-3.4.3/libarchive/archive_write_open_memory.c
Examining data/libarchive-3.4.3/libarchive/archive_write_set_format_filter_by_ext.c
Examining data/libarchive-3.4.3/libarchive/archive_getdate.h
Examining data/libarchive-3.4.3/libarchive/archive_xxhash.h
Examining data/libarchive-3.4.3/libarchive/filter_fork_posix.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_filter_program.c
Examining data/libarchive-3.4.3/libarchive/archive_cryptor.c
Examining data/libarchive-3.4.3/libarchive/archive_ppmd7_private.h
Examining data/libarchive-3.4.3/libarchive/archive_read_open_filename.c
Examining data/libarchive-3.4.3/libarchive/archive_entry_private.h
Examining data/libarchive-3.4.3/libarchive/archive_rb.h
Examining data/libarchive-3.4.3/libarchive/archive_read_support_filter_lrzip.c
Examining data/libarchive-3.4.3/libarchive/archive_write_add_filter_b64encode.c
Examining data/libarchive-3.4.3/libarchive/archive_entry_locale.h
Examining data/libarchive-3.4.3/libarchive/archive_read_disk_private.h
Examining data/libarchive-3.4.3/libarchive/archive_util.c
Examining data/libarchive-3.4.3/libarchive/archive_digest_private.h
Examining data/libarchive-3.4.3/libarchive/archive_platform_acl.h
Examining data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c
Examining data/libarchive-3.4.3/libarchive/archive_write_set_format_raw.c
Examining data/libarchive-3.4.3/libarchive/archive_read_add_passphrase.c
Examining data/libarchive-3.4.3/libarchive/archive_write.c
Examining data/libarchive-3.4.3/libarchive/archive_pack_dev.h
Examining data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c
Examining data/libarchive-3.4.3/libarchive/archive_read_open_memory.c
Examining data/libarchive-3.4.3/libarchive/archive_string.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_filter_rpm.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_format_cpio.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_filter_uu.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_format_mtree.c
Examining data/libarchive-3.4.3/libarchive/archive_write_set_format_cpio_newc.c
Examining data/libarchive-3.4.3/libarchive/archive_write_set_format_cpio.c
Examining data/libarchive-3.4.3/libarchive/archive_acl.c
Examining data/libarchive-3.4.3/libarchive/archive_check_magic.c
Examining data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_format_by_code.c
Examining data/libarchive-3.4.3/libarchive/archive_read_support_format_rar5.c
Examining data/libarchive-3.4.3/libarchive/archive_ppmd7.c
Examining data/libarchive-3.4.3/libarchive/archive_write_add_filter_xz.c
Examining data/libarchive-3.4.3/libarchive/archive_write_set_format_7zip.c
Examining data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c
FINAL RESULTS:
data/libarchive-3.4.3/contrib/shar/shar.c:143:17: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if ((lnklen = readlink(accpath, lnkbuff, PATH_MAX)) == -1) {
data/libarchive-3.4.3/libarchive/archive_read_disk_entry_from_file.c:273:13: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
lnklen = readlink(path, linkbuffer, linkbuffer_len);
data/libarchive-3.4.3/libarchive/archive_read_disk_entry_from_file.c:276:13: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
lnklen = readlink(path, linkbuffer, linkbuffer_len);
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:2490:4: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(p->name, p->mode);
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:3344:27: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
if (!S_ISLNK(a->mode) && chown(a->name, a->uid, a->gid) == 0) {
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:3668:8: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
r2 = chmod(a->name, mode);
data/libarchive-3.4.3/libarchive/test/test_extattr_freebsd.c:126:3: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod("test1", S_IRUSR);
data/libarchive-3.4.3/libarchive/test/test_write_disk_perms.c:146:20: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
assertEqualInt(0, chown(".", getuid(), getgid()));
data/libarchive-3.4.3/libarchive/test/test_write_disk_perms.c:212:21: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
assertEqualInt(0, chown("dir_owner", original_uid, getgid()));
data/libarchive-3.4.3/tar/test/test_option_fflags.c:29:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
#define chmod _chmod
data/libarchive-3.4.3/tar/test/test_option_fflags.c:73:2: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod("f", 0644);
data/libarchive-3.4.3/test_utils/test_main.c:1866:12: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
linklen = readlink(pathname, buff, sizeof(buff) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:1907:12: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (0 == chmod(dirname, mode)) {
data/libarchive-3.4.3/test_utils/test_main.c:1960:11: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (0 != chmod(path, mode)) {
data/libarchive-3.4.3/contrib/archivetest.c:99:7: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
r = vfprintf(stdout, format, args);
data/libarchive-3.4.3/contrib/shar/tree.c:143:43: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
fprintf(out, "\tpwd: "); fflush(stdout); system("pwd");
data/libarchive-3.4.3/cpio/cpio.c:752:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cpio->pass_destpath, cpio->destdir);
data/libarchive-3.4.3/cpio/cpio.c:753:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cpio->pass_destpath, remove_leading_slash(srcpath));
data/libarchive-3.4.3/cpio/cpio.c:1156:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(uids, cpio_i64toa(archive_entry_uid(entry)));
data/libarchive-3.4.3/cpio/cpio.c:1158:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(gids, cpio_i64toa(archive_entry_gid(entry)));
data/libarchive-3.4.3/cpio/cpio.c:1178:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(size, cpio_i64toa(archive_entry_size(entry)));
data/libarchive-3.4.3/cpio/cpio_windows.h:41:10: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf sprintf_s
data/libarchive-3.4.3/examples/tarfilter.c:31:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/libarchive-3.4.3/libarchive/archive_acl.c:785:3: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(*wp, prefix);
data/libarchive-3.4.3/libarchive/archive_acl.c:833:4: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(*wp, wname);
data/libarchive-3.4.3/libarchive/archive_acl.c:1020:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*p, prefix);
data/libarchive-3.4.3/libarchive/archive_acl.c:1068:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*p, name);
data/libarchive-3.4.3/libarchive/archive_check_magic.c:113:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buff, state_name(lowbit));
data/libarchive-3.4.3/libarchive/archive_cmdline.c:174:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(data->path, path);
data/libarchive-3.4.3/libarchive/archive_entry.c:126:18: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
static wchar_t * wcscpy(wchar_t *s1, const wchar_t *s2)
data/libarchive-3.4.3/libarchive/archive_read_open_filename.c:130:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mine->filename.m, filename);
data/libarchive-3.4.3/libarchive/archive_read_open_filename.c:177:3: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(mine->filename.w, wfilename);
data/libarchive-3.4.3/libarchive/archive_read_open_filename.c:201:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mine->filename.m, fn.s);
data/libarchive-3.4.3/libarchive/archive_read_support_format_cab.c:999:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cab->format_name, "CAB %d.%d (%s)",
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar5.c:66:23: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define LOG(...) do { printf("rar5: " __VA_ARGS__); puts(""); } while(0)
data/libarchive-3.4.3/libarchive/archive_read_support_format_zip.c:94:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
unsigned char system; /* From "version written by" */
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:2181:26: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#error no way to get the system identifier on your platform.
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:4917:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rp, p+3);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:4920:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dirname, p+4);
data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c:1828:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rp, p+3);
data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c:1831:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dirname, p+4);
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:754:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, oname);
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:1632:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, insert);
data/libarchive-3.4.3/libarchive/archive_write_set_format_warc.c:414:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libarchive-3.4.3/libarchive/archive_write_set_format_warc.c:414:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c:2173:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rp, p+3);
data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c:2176:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dirname, p+4);
data/libarchive-3.4.3/libarchive/filter_fork_posix.c:167:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(cmdline->path, cmdline->argv);
data/libarchive-3.4.3/libarchive/test/test_archive_read_multiple_data_objects.c:296:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mydata->filename, filename);
data/libarchive-3.4.3/libarchive/test/test_entry.c:35:18: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
static wchar_t * wcscpy(wchar_t *s1, const wchar_t *s2)
data/libarchive-3.4.3/libarchive/test/test_read_disk_directory_traversals.c:439:2: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
wcscat(fullpath, wcwd);
data/libarchive-3.4.3/libarchive/test/test_read_disk_directory_traversals.c:471:2: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
wcscat(fullpath, wcwd);
data/libarchive-3.4.3/libarchive/test/test_read_truncated_filter.c:84:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s%d", compression, i);
data/libarchive-3.4.3/libarchive/test/test_read_truncated_filter.c:123:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path, "%s%d", compression, i);
data/libarchive-3.4.3/libarchive/test/test_tar_filenames.c:48:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, prefix);
data/libarchive-3.4.3/libarchive/test/test_tar_filenames.c:60:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dirname, filename);
data/libarchive-3.4.3/libarchive/test/test_ustar_filenames.c:45:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, prefix);
data/libarchive-3.4.3/libarchive/test/test_ustar_filenames.c:58:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dirname, filename);
data/libarchive-3.4.3/libarchive/test/test_write_disk.c:217:2: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(fname, archive_entry_pathname_w(ae));
data/libarchive-3.4.3/libarchive/test/test_write_disk_appledouble.c:52:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(_acl_temp, acl);
data/libarchive-3.4.3/libarchive/test/test_write_disk_mac_metadata.c:52:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(_acl_temp, acl);
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660.c:123:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dirname, dir+1);
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660.c:125:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dirname, dir);
data/libarchive-3.4.3/libarchive/test/test_write_format_mtree.c:241:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str + 2, entries2[i].path);
data/libarchive-3.4.3/libarchive_fe/err.c:75:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/libarchive-3.4.3/tar/bsdtar.c:877:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buff, compression_name);
data/libarchive-3.4.3/tar/bsdtar.c:885:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buff, compression2_name);
data/libarchive-3.4.3/tar/creation_set.c:293:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(name, code);
data/libarchive-3.4.3/tar/subst.c:204:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_str + old_len, append);
data/libarchive-3.4.3/tar/test/test_copy.c:163:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff, "f/%s", filenames[i]);
data/libarchive-3.4.3/tar/test/test_copy.c:167:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff2, "l/%s", filenames[i]);
data/libarchive-3.4.3/tar/test/test_copy.c:171:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff2, "m/%s", filenames[i]);
data/libarchive-3.4.3/tar/test/test_copy.c:176:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff, "s/%s", filenames[i]);
data/libarchive-3.4.3/tar/test/test_copy.c:177:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff2, "../f/%s", filenames[i]);
data/libarchive-3.4.3/tar/test/test_copy.c:205:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name1, "f/%s", filenames[i]);
data/libarchive-3.4.3/tar/test/test_copy.c:211:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name2, "l/%s", filenames[i]);
data/libarchive-3.4.3/tar/test/test_copy.c:222:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name1, "s/%s", filenames[i]);
data/libarchive-3.4.3/tar/test/test_copy.c:223:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name2, "../f/%s", filenames[i]);
data/libarchive-3.4.3/tar/test/test_copy.c:229:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name1, "d/%s", filenames[i]);
data/libarchive-3.4.3/tar/test/test_option_C_mtree.c:46:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(absolute_path, testworkdir);
data/libarchive-3.4.3/tar/test/test_option_C_mtree.c:47:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(absolute_path, mtree_file );
data/libarchive-3.4.3/tar/test/test_option_b.c:40:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(testprog_ustar, testprog);
data/libarchive-3.4.3/tar/test/test_option_b.c:41:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(testprog_ustar, USTAR_OPT);
data/libarchive-3.4.3/tar/util.c:115:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
length = vsnprintf(fmtbuff, fmtbuff_length, fmt, ap);
data/libarchive-3.4.3/tar/util.c:138:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
length = vsnprintf(fmtbuff, fmtbuff_length, fmt, ap);
data/libarchive-3.4.3/tar/util.c:241:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/libarchive-3.4.3/tar/util.c:316:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bsdtar->pending_chdir, "%s/%s",
data/libarchive-3.4.3/tar/util.c:730:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, tar_i64toa(archive_entry_size(entry)));
data/libarchive-3.4.3/test_utils/test_common.h:111:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf sprintf_s
data/libarchive-3.4.3/test_utils/test_main.c:121:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
#define access _access
data/libarchive-3.4.3/test_utils/test_main.c:399:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, fmt, ap);
data/libarchive-3.4.3/test_utils/test_main.c:402:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logfile, fmt, lfap);
data/libarchive-3.4.3/test_utils/test_main.c:405:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logfile, fmt, ap);
data/libarchive-3.4.3/test_utils/test_main.c:429:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(msgbuff, fmt, ap);
data/libarchive-3.4.3/test_utils/test_main.c:554:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buff, fmt, ap);
data/libarchive-3.4.3/test_utils/test_main.c:1059:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(f, F_OK))
data/libarchive-3.4.3/test_utils/test_main.c:1077:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(f, F_OK))
data/libarchive-3.4.3/test_utils/test_main.c:3055:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buff, fmt, ap);
data/libarchive-3.4.3/test_utils/test_main.c:3058:6: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
r = system(buff);
data/libarchive-3.4.3/test_utils/test_main.c:3080:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(filename, fmt, ap);
data/libarchive-3.4.3/test_utils/test_main.c:3147:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff, "%s/%s.uu", refdir, name);
data/libarchive-3.4.3/test_utils/test_main.c:3208:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff, "%s/%s", refdir, name);
data/libarchive-3.4.3/test_utils/test_main.c:3475:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(failed ? "E" : ".");
data/libarchive-3.4.3/test_utils/test_main.c:3479:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(failed ? "FAIL\n" : skips_num ? "ok (S)\n" : "ok\n");
data/libarchive-3.4.3/test_utils/test_main.c:3529:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(logfilename, "%s.log", tests[i].name);
data/libarchive-3.4.3/test_utils/test_main.c:3790:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(testprogdir, progname);
data/libarchive-3.4.3/test_utils/test_main.c:3938:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp2, testprogdir);
data/libarchive-3.4.3/test_utils/test_main.c:3940:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tmp2, PROGRAM);
data/libarchive-3.4.3/test_utils/test_main.c:3958:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(testprg, testprogfile);
data/libarchive-3.4.3/contrib/archivetest.c:121:14: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt (argc, argv, "f:hqs")) != -1) {
data/libarchive-3.4.3/contrib/shar/shar.c:286:16: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((opt = getopt(argc, argv, "bro:")) != -1) {
data/libarchive-3.4.3/libarchive/archive_read_disk_entry_from_file.c:357:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tempdir = getenv("TMPDIR");
data/libarchive-3.4.3/libarchive/archive_read_disk_windows.c:1744:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((e = getenv("LIBARCHIVE_DIRECT_IO")) != NULL) {
data/libarchive-3.4.3/libarchive/archive_read_disk_windows.c:1753:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((e = getenv("LIBARCHIVE_ASYNC_IO")) != NULL) {
data/libarchive-3.4.3/libarchive/archive_util.c:402:8: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tmp = getenv("TMPDIR");
data/libarchive-3.4.3/libarchive/archive_write_disk_windows.c:571:9: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
lib = LoadLibrary(TEXT("kernel32.dll"));
data/libarchive-3.4.3/libarchive/test/test_archive_string.c:407:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int)time(NULL));
data/libarchive-3.4.3/libarchive/test/test_fuzz.c:63:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
skip_fuzz_tests = getenv("SKIP_TEST_FUZZ");
data/libarchive-3.4.3/libarchive/test/test_fuzz.c:154:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)time(NULL));
data/libarchive-3.4.3/libarchive/test/test_open_fd.c:120:26: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
skip_open_fd_err_test = getenv("SKIP_OPEN_FD_ERR_TEST");
data/libarchive-3.4.3/libarchive/test/test_sparse_basic.c:571:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
skip_sparse_tests = getenv("SKIP_TEST_SPARSE");
data/libarchive-3.4.3/libarchive/test/test_sparse_basic.c:631:22: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
skip_sparse_tests = getenv("SKIP_TEST_SPARSE");
data/libarchive-3.4.3/tar/bsdtar.c:219:21: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
bsdtar->filename = getenv("TAPE");
data/libarchive-3.4.3/tar/bsdtar.c:255:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv(COPYFILE_DISABLE_VAR))
data/libarchive-3.4.3/tar/read.c:189:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
reader_options = getenv(ENV_READER_OPTIONS);
data/libarchive-3.4.3/tar/read.c:239:7: [3] (misc) chroot:
chroot can be very helpful, but is hard to use correctly (CWE-250, CWE-22).
Make sure the program immediately chdir("/"), closes file descriptors, and
drops root privileges, and that all necessary files (and no more!) are in
the new root.
if (chroot(".") != 0)
data/libarchive-3.4.3/tar/write.c:146:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
writer_options = getenv(ENV_WRITER_OPTIONS);
data/libarchive-3.4.3/tar/write.c:178:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
reader_options = getenv(ENV_READER_OPTIONS);
data/libarchive-3.4.3/test_utils/test_main.c:204:9: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
lib = LoadLibrary("kernel32.dll");
data/libarchive-3.4.3/test_utils/test_main.c:3827:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
testprogfile = getenv(ENVBASE);
data/libarchive-3.4.3/test_utils/test_main.c:3830:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("TMPDIR") != NULL)
data/libarchive-3.4.3/test_utils/test_main.c:3831:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tmp = getenv("TMPDIR");
data/libarchive-3.4.3/test_utils/test_main.c:3832:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if (getenv("TMP") != NULL)
data/libarchive-3.4.3/test_utils/test_main.c:3833:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tmp = getenv("TMP");
data/libarchive-3.4.3/test_utils/test_main.c:3834:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if (getenv("TEMP") != NULL)
data/libarchive-3.4.3/test_utils/test_main.c:3835:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tmp = getenv("TEMP");
data/libarchive-3.4.3/test_utils/test_main.c:3836:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
else if (getenv("TEMPDIR") != NULL)
data/libarchive-3.4.3/test_utils/test_main.c:3837:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tmp = getenv("TEMPDIR");
data/libarchive-3.4.3/test_utils/test_main.c:3842:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv(ENVBASE "_DEBUG") != NULL)
data/libarchive-3.4.3/test_utils/test_main.c:3846:6: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("_VERBOSITY_LEVEL") != NULL)
data/libarchive-3.4.3/test_utils/test_main.c:3848:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
vlevel = getenv("_VERBOSITY_LEVEL");
data/libarchive-3.4.3/test_utils/test_main.c:3859:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
refdir = getenv(ENVBASE "_TEST_FILES");
data/libarchive-3.4.3/contrib/android/include/android_lf.h:27:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open open64
data/libarchive-3.4.3/contrib/android/include/android_lf.h:28:9: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
#define mkstemp mkstemp64
data/libarchive-3.4.3/contrib/archivetest.c:111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4096];
data/libarchive-3.4.3/contrib/shar/shar.c:86:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[32768];
data/libarchive-3.4.3/contrib/shar/shar.c:134:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open(accpath, O_RDONLY)) == -1) {
data/libarchive-3.4.3/contrib/shar/shar.c:141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lnkbuff[PATH_MAX + 1];
data/libarchive-3.4.3/contrib/shar/tree.c:216:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t->initialDirFd = open(".", O_RDONLY);
data/libarchive-3.4.3/contrib/shar/tree.c:315:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t->stack->fd = open(".", O_RDONLY);
data/libarchive-3.4.3/contrib/untar.c:102:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(pathname, "wb+");
data/libarchive-3.4.3/contrib/untar.c:110:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(pathname, "wb+");
data/libarchive-3.4.3/contrib/untar.c:124:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
u += ((unsigned char *)p)[n];
data/libarchive-3.4.3/contrib/untar.c:136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[512];
data/libarchive-3.4.3/contrib/untar.c:220:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
a = fopen(*argv, "rb");
data/libarchive-3.4.3/cpio/cmdline.c:307:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errbuff[128];
data/libarchive-3.4.3/cpio/cmdline.c:344:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(user, u, ue - u);
data/libarchive-3.4.3/cpio/cpio.c:133:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[16384];
data/libarchive-3.4.3/cpio/cpio.c:846:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(srcpath, O_RDONLY | O_BINARY);
data/libarchive-3.4.3/cpio/cpio.c:1134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[32];
data/libarchive-3.4.3/cpio/cpio.c:1135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[32];
data/libarchive-3.4.3/cpio/cpio.c:1136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uids[16], gids[16];
data/libarchive-3.4.3/cpio/cpio.c:1235:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cpio->destdir, destdir, cpio->destdir_len);
data/libarchive-3.4.3/cpio/cpio.c:1292:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[1024];
data/libarchive-3.4.3/cpio/cpio.c:1298:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t = fopen("CONIN$", "r");
data/libarchive-3.4.3/cpio/cpio.c:1301:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
to = fopen("CONOUT$", "w");
data/libarchive-3.4.3/cpio/cpio.c:1309:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t = fopen("/dev/tty", "r+");
data/libarchive-3.4.3/cpio/cpio.c:1358:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asnum[16];
data/libarchive-3.4.3/cpio/cpio.c:1469:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[22];
data/libarchive-3.4.3/cpio/cpio_windows.c:71:6: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
l = MultiByteToWideChar(CP_ACP, 0, name, len, wn, len);
data/libarchive-3.4.3/cpio/cpio_windows.h:44:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/libarchive-3.4.3/cpio/test/test_basic.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[1024];
data/libarchive-3.4.3/cpio/test/test_basic.c:141:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filelist = fopen("filelist", "w");
data/libarchive-3.4.3/cpio/test/test_cmdline.c:37:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("empty", "wb");
data/libarchive-3.4.3/cpio/test/test_format_newc.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char result[1024];
data/libarchive-3.4.3/cpio/test/test_format_newc.c:103:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
list = fopen("list", "w");
data/libarchive-3.4.3/cpio/test/test_option_0.c:42:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filelist = fopen("filelist", "wb");
data/libarchive-3.4.3/cpio/test/test_option_0.c:50:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filelist = fopen("filelistNull", "wb");
data/libarchive-3.4.3/cpio/test/test_option_L_upper.c:49:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filelist = fopen("filelist", "w");
data/libarchive-3.4.3/cpio/test/test_option_c.c:80:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filelist = fopen("filelist", "w");
data/libarchive-3.4.3/cpio/test/test_option_t.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[32];
data/libarchive-3.4.3/cpio/test/test_option_t.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date2[32];
data/libarchive-3.4.3/cpio/test/test_passthrough_dotdot.c:42:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filelist = fopen("filelist", "w");
data/libarchive-3.4.3/cpio/test/test_passthrough_reverse.c:47:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filelist = fopen("filelist", "w");
data/libarchive-3.4.3/examples/minitar/minitar.c:219:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[16384];
data/libarchive-3.4.3/examples/minitar/minitar.c:309:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(archive_entry_sourcepath(entry), O_RDONLY);
data/libarchive-3.4.3/examples/tarfilter.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[8192];
data/libarchive-3.4.3/libarchive/archive_acl.c:793:4: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(*wp, L"owner@");
data/libarchive-3.4.3/libarchive/archive_acl.c:798:3: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(*wp, L"user");
data/libarchive-3.4.3/libarchive/archive_acl.c:804:4: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(*wp, L"group@");
data/libarchive-3.4.3/libarchive/archive_acl.c:809:3: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(*wp, L"group");
data/libarchive-3.4.3/libarchive/archive_acl.c:812:3: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(*wp, L"mask");
data/libarchive-3.4.3/libarchive/archive_acl.c:817:3: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(*wp, L"other");
data/libarchive-3.4.3/libarchive/archive_acl.c:822:3: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(*wp, L"everyone@");
data/libarchive-3.4.3/libarchive/archive_acl.c:870:4: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(*wp, L"allow");
data/libarchive-3.4.3/libarchive/archive_acl.c:873:4: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(*wp, L"deny");
data/libarchive-3.4.3/libarchive/archive_acl.c:876:4: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(*wp, L"audit");
data/libarchive-3.4.3/libarchive/archive_acl.c:879:4: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(*wp, L"alarm");
data/libarchive-3.4.3/libarchive/archive_acl.c:1028:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*p, "owner@");
data/libarchive-3.4.3/libarchive/archive_acl.c:1033:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*p, "user");
data/libarchive-3.4.3/libarchive/archive_acl.c:1039:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*p, "group@");
data/libarchive-3.4.3/libarchive/archive_acl.c:1044:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*p, "group");
data/libarchive-3.4.3/libarchive/archive_acl.c:1047:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*p, "mask");
data/libarchive-3.4.3/libarchive/archive_acl.c:1052:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*p, "other");
data/libarchive-3.4.3/libarchive/archive_acl.c:1057:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*p, "everyone@");
data/libarchive-3.4.3/libarchive/archive_acl.c:1105:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*p, "allow");
data/libarchive-3.4.3/libarchive/archive_acl.c:1108:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*p, "deny");
data/libarchive-3.4.3/libarchive/archive_acl.c:1111:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*p, "audit");
data/libarchive-3.4.3/libarchive/archive_acl.c:1114:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(*p, "alarm");
data/libarchive-3.4.3/libarchive/archive_blake2_impl.h:38:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&w, src, sizeof w);
data/libarchive-3.4.3/libarchive/archive_blake2_impl.h:53:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&w, src, sizeof w);
data/libarchive-3.4.3/libarchive/archive_blake2_impl.h:72:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&w, src, sizeof w);
data/libarchive-3.4.3/libarchive/archive_blake2_impl.h:84:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &w, sizeof w);
data/libarchive-3.4.3/libarchive/archive_blake2_impl.h:95:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &w, sizeof w);
data/libarchive-3.4.3/libarchive/archive_blake2_impl.h:108:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &w, sizeof w);
data/libarchive-3.4.3/libarchive/archive_blake2s_ref.c:141:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( block, key, keylen );
data/libarchive-3.4.3/libarchive/archive_blake2s_ref.c:224:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( S->buf + left, in, fill ); /* Fill buffer */
data/libarchive-3.4.3/libarchive/archive_blake2s_ref.c:235:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( S->buf + S->buflen, in, inlen );
data/libarchive-3.4.3/libarchive/archive_blake2s_ref.c:260:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( out, buffer, outlen );
data/libarchive-3.4.3/libarchive/archive_blake2sp_ref.c:122:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( block, key, keylen );
data/libarchive-3.4.3/libarchive/archive_blake2sp_ref.c:142:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( S->buf + left, in, fill );
data/libarchive-3.4.3/libarchive/archive_blake2sp_ref.c:177:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( S->buf + left, in, inlen );
data/libarchive-3.4.3/libarchive/archive_blake2sp_ref.c:241:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( block, key, keylen );
data/libarchive-3.4.3/libarchive/archive_check_magic.c:133:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char states1[64];
data/libarchive-3.4.3/libarchive/archive_check_magic.c:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char states2[64];
data/libarchive-3.4.3/libarchive/archive_cryptor.c:170:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->key, key, key_len);
data/libarchive-3.4.3/libarchive/archive_cryptor.c:308:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->key, key, key_len);
data/libarchive-3.4.3/libarchive/archive_cryptor.c:340:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->key, key, key_len);
data/libarchive-3.4.3/libarchive/archive_cryptor.c:378:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->key, key, key_len);
data/libarchive-3.4.3/libarchive/archive_entry.c:1415:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entry->mac_metadata, p, s);
data/libarchive-3.4.3/libarchive/archive_entry_private.h:178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strmode[12];
data/libarchive-3.4.3/libarchive/archive_entry_strmode.c:49:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(bp, "?rwxrwxrwx ");
data/libarchive-3.4.3/libarchive/archive_entry_xattr.c:101:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xp->value, value, size);
data/libarchive-3.4.3/libarchive/archive_getdate.c:695:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char DaysInMonth[12] = {
data/libarchive-3.4.3/libarchive/archive_getdate.c:876:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/archive_hmac.c:140:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, ctx->hash, *out_len);
data/libarchive-3.4.3/libarchive/archive_ppmd7.c:860:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define MASK(sym) ((signed char *)charMask)[sym]
data/libarchive-3.4.3/libarchive/archive_ppmd7.c:1042:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define MASK(sym) ((signed char *)charMask)[sym]
data/libarchive-3.4.3/libarchive/archive_ppmd8.c:1156:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
#define MASK(sym) ((signed char *)charMask)[sym]
data/libarchive-3.4.3/libarchive/archive_random.c:207:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(RANDOMDEV, O_RDONLY | O_CLOEXEC, 0);
data/libarchive-3.4.3/libarchive/archive_read.c:896:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, a->read_data_block, len);
data/libarchive-3.4.3/libarchive/archive_read.c:1481:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filter->next + filter->avail,
data/libarchive-3.4.3/libarchive/archive_read_append_filter.c:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[20];
data/libarchive-3.4.3/libarchive/archive_read_append_filter.c:57:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "gzip");
data/libarchive-3.4.3/libarchive/archive_read_append_filter.c:61:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "bzip2");
data/libarchive-3.4.3/libarchive/archive_read_append_filter.c:65:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "compress (.Z)");
data/libarchive-3.4.3/libarchive/archive_read_append_filter.c:73:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "lzma");
data/libarchive-3.4.3/libarchive/archive_read_append_filter.c:77:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "xz");
data/libarchive-3.4.3/libarchive/archive_read_append_filter.c:81:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "uu");
data/libarchive-3.4.3/libarchive/archive_read_append_filter.c:85:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "rpm");
data/libarchive-3.4.3/libarchive/archive_read_append_filter.c:89:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "lz4");
data/libarchive-3.4.3/libarchive/archive_read_append_filter.c:93:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "zstd");
data/libarchive-3.4.3/libarchive/archive_read_append_filter.c:97:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "lzip");
data/libarchive-3.4.3/libarchive/archive_read_append_filter.c:101:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "lrzip");
data/libarchive-3.4.3/libarchive/archive_read_disk_entry_from_file.c:231:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY | O_NONBLOCK |
data/libarchive-3.4.3/libarchive/archive_read_disk_entry_from_file.c:363:11: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
tempfd = mkstemp(tempfile.s);
data/libarchive-3.4.3/libarchive/archive_read_disk_entry_from_file.c:707:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[512];
data/libarchive-3.4.3/libarchive/archive_read_disk_entry_from_file.c:763:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buff, "user.");
data/libarchive-3.4.3/libarchive/archive_read_disk_entry_from_file.c:765:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, p + 1, len);
data/libarchive-3.4.3/libarchive/archive_read_disk_entry_from_file.c:813:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/archive_read_disk_entry_from_file.c:835:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*fd = open(path, O_RDONLY | O_NONBLOCK | O_CLOEXEC);
data/libarchive-3.4.3/libarchive/archive_read_disk_entry_from_file.c:954:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*fd = open(path, O_RDONLY | O_NONBLOCK | O_CLOEXEC);
data/libarchive-3.4.3/libarchive/archive_read_disk_posix.c:2061:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return (open(path, flags));
data/libarchive-3.4.3/libarchive/archive_read_disk_posix.c:2196:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t->initial_dir_fd = open(".", O_RDONLY | O_CLOEXEC);
data/libarchive-3.4.3/libarchive/archive_read_disk_posix.c:2205:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
t->initial_dir_fd = open(".", o_flag | O_CLOEXEC);
data/libarchive-3.4.3/libarchive/archive_read_disk_windows.c:385:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tbuf, &((BYTE *)buf->SymbolicLinkReparseBuffer.PathBuffer)
data/libarchive-3.4.3/libarchive/archive_read_disk_windows.c:1510:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t vol[256];
data/libarchive-3.4.3/libarchive/archive_read_open_filename.c:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m[1];/* MBS filename. */
data/libarchive-3.4.3/libarchive/archive_read_open_filename.c:82:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t w[1];/* WCS filename. */
data/libarchive-3.4.3/libarchive/archive_read_open_filename.c:106:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *filenames[2];
data/libarchive-3.4.3/libarchive/archive_read_open_filename.c:255:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY | O_BINARY | O_CLOEXEC);
data/libarchive-3.4.3/libarchive/archive_read_private.h:90:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(struct archive_read_filter *self);
data/libarchive-3.4.3/libarchive/archive_read_set_format.c:41:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[10];
data/libarchive-3.4.3/libarchive/archive_read_set_format.c:53:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "7zip");
data/libarchive-3.4.3/libarchive/archive_read_set_format.c:56:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "ar");
data/libarchive-3.4.3/libarchive/archive_read_set_format.c:59:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "cab");
data/libarchive-3.4.3/libarchive/archive_read_set_format.c:62:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "cpio");
data/libarchive-3.4.3/libarchive/archive_read_set_format.c:65:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "iso9660");
data/libarchive-3.4.3/libarchive/archive_read_set_format.c:68:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "lha");
data/libarchive-3.4.3/libarchive/archive_read_set_format.c:71:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "mtree");
data/libarchive-3.4.3/libarchive/archive_read_set_format.c:74:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "rar");
data/libarchive-3.4.3/libarchive/archive_read_set_format.c:77:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "rar5");
data/libarchive-3.4.3/libarchive/archive_read_set_format.c:80:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "tar");
data/libarchive-3.4.3/libarchive/archive_read_set_format.c:83:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "xar");
data/libarchive-3.4.3/libarchive/archive_read_set_format.c:86:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "zip");
data/libarchive-3.4.3/libarchive/archive_read_support_filter_compress.c:119:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char suffix[65536];
data/libarchive-3.4.3/libarchive/archive_read_support_filter_compress.c:131:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char stack[65300];
data/libarchive-3.4.3/libarchive/archive_read_support_filter_lz4.c:540:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->out_block
data/libarchive-3.4.3/libarchive/archive_read_support_filter_lz4.c:547:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->out_block,
data/libarchive-3.4.3/libarchive/archive_read_support_filter_program.c:134:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->signature, signature, signature_len);
data/libarchive-3.4.3/libarchive/archive_read_support_filter_rpm.c:44:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[16];
data/libarchive-3.4.3/libarchive/archive_read_support_filter_rpm.c:205:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rpm->header+rpm->hpos, b, n);
data/libarchive-3.4.3/libarchive/archive_read_support_filter_uu.c:100:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char ascii[256] = {
data/libarchive-3.4.3/libarchive/archive_read_support_filter_uu.c:119:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char uuchar[256] = {
data/libarchive-3.4.3/libarchive/archive_read_support_filter_uu.c:138:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char base64[256] = {
data/libarchive-3.4.3/libarchive/archive_read_support_filter_uu.c:472:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uudecode->in_buff + uudecode->in_cnt,
data/libarchive-3.4.3/libarchive/archive_read_support_filter_xz.c:545:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char props[5];
data/libarchive-3.4.3/libarchive/archive_read_support_format_7zip.c:300:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char odd_bcj[4];
data/libarchive-3.4.3/libarchive/archive_read_support_format_7zip.c:308:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *sub_stream_buff[3];
data/libarchive-3.4.3/libarchive/archive_read_support_format_7zip.c:329:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_name[64];
data/libarchive-3.4.3/libarchive/archive_read_support_format_7zip.c:759:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(symname+symsize, buff, size);
data/libarchive-3.4.3/libarchive/archive_read_support_format_7zip.c:778:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zip->format_name, "7-Zip");
data/libarchive-3.4.3/libarchive/archive_read_support_format_7zip.c:1382:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t_next_out, t_next_in, bytes);
data/libarchive-3.4.3/libarchive/archive_read_support_format_7zip.c:1559:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zip->odd_bcj, ((unsigned char *)buff) + l,
data/libarchive-3.4.3/libarchive/archive_read_support_format_7zip.c:1907:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f->coders[i].properties, p,
data/libarchive-3.4.3/libarchive/archive_read_support_format_7zip.c:2507:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(np, p, b);
data/libarchive-3.4.3/libarchive/archive_read_support_format_7zip.c:3398:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *b[3] = {NULL, NULL, NULL};
data/libarchive-3.4.3/libarchive/archive_read_support_format_7zip.c:3520:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b[i]+s[i], buff, bytes);
data/libarchive-3.4.3/libarchive/archive_read_support_format_ar.c:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[AR_name_size + 1];
data/libarchive-3.4.3/libarchive/archive_read_support_format_ar.c:295:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(st, b, entry_size);
data/libarchive-3.4.3/libarchive/archive_read_support_format_cab.c:82:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rbytes[4];
data/libarchive-3.4.3/libarchive/archive_read_support_format_cab.c:206:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sum_extra[4];
data/libarchive-3.4.3/libarchive/archive_read_support_format_cab.c:297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_name[64];
data/libarchive-3.4.3/libarchive/archive_read_support_format_cab.c:1141:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cfdata->sum_extra, p + sumbytes - odd, odd);
data/libarchive-3.4.3/libarchive/archive_read_support_format_cab.c:1308:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cfdata->memimage, p, l);
data/libarchive-3.4.3/libarchive/archive_read_support_format_cab.c:2593:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(strm->next_out, strm->next_in, l);
data/libarchive-3.4.3/libarchive/archive_read_support_format_cab.c:2594:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(ds->w_buff[ds->w_pos]),
data/libarchive-3.4.3/libarchive/archive_read_support_format_cab.c:2970:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(w_buff + w_pos, s, l);
data/libarchive-3.4.3/libarchive/archive_read_support_format_cab.c:2971:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(noutp, s, l);
data/libarchive-3.4.3/libarchive/archive_read_support_format_iso9660.c:219:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char zisofs_magic[8] = {
data/libarchive-3.4.3/libarchive/archive_read_support_format_iso9660.c:234:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[16];
data/libarchive-3.4.3/libarchive/archive_read_support_format_iso9660.c:378:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char null[2048];
data/libarchive-3.4.3/libarchive/archive_read_support_format_iso9660.c:1373:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iso9660->utf16be_previous_path, iso9660->utf16be_path,
data/libarchive-3.4.3/libarchive/archive_read_support_format_iso9660.c:1480:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zisofs->header + zisofs->header_avail, p, xsize);
data/libarchive-3.4.3/libarchive/archive_read_support_format_iso9660.c:1516:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zisofs->block_pointers
data/libarchive-3.4.3/libarchive/archive_read_support_format_iso9660.c:1873:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(file->utf16be_name, p, name_len);
data/libarchive-3.4.3/libarchive/archive_read_support_format_iso9660.c:2316:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, heap->reqs, heap->cnt * sizeof(*p));
data/libarchive-3.4.3/libarchive/archive_read_support_format_iso9660.c:3038:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_pending_files, heap->files,
data/libarchive-3.4.3/libarchive/archive_read_support_format_iso9660.c:3140:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
offset = ((const signed char *)v)[6];
data/libarchive-3.4.3/libarchive/archive_read_support_format_iso9660.c:3168:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
offset = ((const signed char *)v)[16];
data/libarchive-3.4.3/libarchive/archive_read_support_format_iso9660.c:3245:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + *len, file->utf16be_name, file->utf16be_bytes);
data/libarchive-3.4.3/libarchive/archive_read_support_format_lha.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char method[3]; /* compress type */
data/libarchive-3.4.3/libarchive/archive_read_support_format_lha.c:200:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format_name[64];
data/libarchive-3.4.3/libarchive/archive_read_support_format_lha.c:742:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lha->format_name, "lha -%c%c%c-",
data/libarchive-3.4.3/libarchive/archive_read_support_format_lha.c:1213:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char zeros[2] = {0, 0};
data/libarchive-3.4.3/libarchive/archive_read_support_format_lha.c:1796:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c[4];
data/libarchive-3.4.3/libarchive/archive_read_support_format_lha.c:2490:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(w_buff + w_pos,
data/libarchive-3.4.3/libarchive/archive_read_support_format_lha.c:2578:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char bitlen_tbl[0x400] = {
data/libarchive-3.4.3/libarchive/archive_read_support_format_lha.c:2795:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p[cnt], pc,
data/libarchive-3.4.3/libarchive/archive_read_support_format_lha.c:2800:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p[cnt], pc,
data/libarchive-3.4.3/libarchive/archive_read_support_format_lha.c:2805:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, pc, cnt * sizeof(uint16_t));
data/libarchive-3.4.3/libarchive/archive_read_support_format_mtree.c:562:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char safe_char[256] = {
data/libarchive-3.4.3/libarchive/archive_read_support_format_mtree.c:808:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opt->value, value, len);
data/libarchive-3.4.3/libarchive/archive_read_support_format_mtree.c:968:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entry->name, name, name_len);
data/libarchive-3.4.3/libarchive/archive_read_support_format_mtree.c:1232:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mtree->fd = open(path, O_RDONLY | O_BINARY | O_CLOEXEC);
data/libarchive-3.4.3/libarchive/archive_read_support_format_mtree.c:1995:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mtree->line.s + total_size, t, bytes_read);
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:157:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crc[2];
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:159:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[2];
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[2];
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pack_size[4];
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unp_size[4];
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:169:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_crc[4];
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:170:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_time[4];
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:173:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_size[2];
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:174:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_attr[4];
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:218:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserved1[2];
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:219:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserved2[4];
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:236:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char salt[8];
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:271:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char lengthtable[HUFFMAN_TABLE_SIZE];
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:599:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, s, l);
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:1268:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char packed_size[8];
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:1269:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unp_size[8];
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:1368:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packed_size, file_header.pack_size, 4);
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:1369:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packed_size + 4, p, 4); /* High pack size */
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:1371:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(unp_size, file_header.unp_size, 4);
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:1372:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(unp_size + 4, p, 4); /* High unpack size */
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:1425:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(filename, p, filename_size);
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:1579:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rar->filename_save, rar->filename, filename_size + 1);
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:1602:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rar->salt, p, 8);
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:2086:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bitlengths[MAX_SYMBOLS], zerocount, ppmd_flags;
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:2937:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rar->unp_buffer[rar->unp_offset], &rar->lzss.window[windowoffs],
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:2947:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rar->unp_buffer[rar->unp_offset],
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:2949:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rar->unp_buffer[rar->unp_offset + firstpart],
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:2952:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rar->unp_buffer[rar->unp_offset],
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar5.c:510:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &window[start & mask], len1);
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar5.c:511:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst + len1, window, len2);
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar5.c:513:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &window[start & mask], (size_t) (end - start));
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar5.c:1089:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[sizeof(rar5_signature_xor)];
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar5.c:1211:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rar->file.blake2sp, p, hash_size);
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar5.c:1367:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_utf8_buf[MAX_NAME_IN_BYTES];
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar5.c:1401:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(target_utf8_buf, p, target_size);
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar5.c:1441:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[OWNER_MAXNAMELEN];
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar5.c:1464:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(namebuf, p, name_len);
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar5.c:1485:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(namebuf, p, name_len);
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar5.c:1590:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_utf8_buf[MAX_NAME_IN_BYTES];
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar5.c:1765:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ptr, "rdonly,");
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar5.c:1769:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ptr, "hidden,");
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar5.c:1773:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ptr, "system,");
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar5.c:1816:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name_utf8_buf, p, name_size);
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar5.c:2654:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hdr, p, sizeof(struct compressed_block_header));
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar5.c:3097:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char signature[sizeof(rar5_signature_xor)];
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar5.c:3284:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rar->vol.push_buf[partial_offset], lp, cur_block_size);
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[8];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uid[8];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gid[8];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[12];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtime[12];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char checksum[8];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char typeflag[1];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkname[100]; /* "old format" header ends here */
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[6]; /* For POSIX: "ustar\0" */
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[2]; /* For POSIX: "00" */
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uname[32];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gname[32];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rdevmajor[8];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rdevminor[8];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[155];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char offset[12];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numbytes[12];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode[8];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uid[8];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:85:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gid[8];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size[12];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:87:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtime[12];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char checksum[8];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char typeflag[1];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linkname[100];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[8]; /* "ustar \0" (note blank/blank/null at end) */
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uname[32];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gname[32];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rdevmajor[8];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rdevminor[8];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char atime[12];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctime[12];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:98:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char offset[12];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char longnames[4];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:100:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unused[1];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char isextended[1];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:103:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char realsize[12];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:1160:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(as->s, src, (size_t)size);
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:2325:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char isextended[1];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:2326:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padding[7];
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:2779:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tar->line.s + total_size, t, bytes_read);
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:2813:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char digits[64] = {
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:2819:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char decode_table[128];
data/libarchive-3.4.3/libarchive/archive_read_support_format_warc.c:130:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned int _warc_rdver(const char buf[10], size_t bsz);
data/libarchive-3.4.3/libarchive/archive_read_support_format_warc.c:327:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(w->pool.str, fnam.str, fnam.len);
data/libarchive-3.4.3/libarchive/archive_read_support_format_xar.c:122:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char val[MAX_SUM_SIZE];
data/libarchive-3.4.3/libarchive/archive_read_support_format_xar.c:1249:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_pending_files, heap->files,
data/libarchive-3.4.3/libarchive/archive_read_support_format_xar.c:1388:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sum[MAX_SUM_SIZE];
data/libarchive-3.4.3/libarchive/archive_read_support_format_xar.c:1707:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outbuff, b, avail_out);
data/libarchive-3.4.3/libarchive/archive_read_support_format_xar.c:2613:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buff[256];
data/libarchive-3.4.3/libarchive/archive_read_support_format_xar.c:2678:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/libarchive-3.4.3/libarchive/archive_read_support_format_zip.c:348:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md1[MD_SIZE];
data/libarchive-3.4.3/libarchive/archive_read_support_format_zip.c:349:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md2[MD_SIZE * 2];
data/libarchive-3.4.3/libarchive/archive_read_support_format_zip.c:350:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char mkb[64];
data/libarchive-3.4.3/libarchive/archive_read_support_format_zip.c:373:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, md2, key_size);
data/libarchive-3.4.3/libarchive/archive_read_support_format_zip.c:1613:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&alone_header.bytes[0], p + 4, 5);
data/libarchive-3.4.3/libarchive/archive_read_support_format_zip.c:2394:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zip->iv, p, zip->iv_size);
data/libarchive-3.4.3/libarchive/archive_read_support_format_zip.c:2492:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zip->erd, p, zip->erd_size);
data/libarchive-3.4.3/libarchive/archive_read_support_format_zip.c:2531:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zip->v_data, p, zip->v_size);
data/libarchive-3.4.3/libarchive/archive_read_support_format_zip.c:3841:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mp, p, bytes_avail);
data/libarchive-3.4.3/libarchive/archive_string.c:71:36: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define wmemcpy(a,b,i) (wchar_t *)memcpy((a), (b), (i) * sizeof(wchar_t))
data/libarchive-3.4.3/libarchive/archive_string.c:562:12: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
count = MultiByteToWideChar(from_cp,
data/libarchive-3.4.3/libarchive/archive_string.c:1090:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cs[16];
data/libarchive-3.4.3/libarchive/archive_string.c:1448:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cs[16];
data/libarchive-3.4.3/libarchive/archive_string.c:1757:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oemcp[16];
data/libarchive-3.4.3/libarchive/archive_string.c:1778:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oemcp[16];
data/libarchive-3.4.3/libarchive/archive_string.c:2080:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outp, utf8_replacement_char, sizeof(utf8_replacement_char));
data/libarchive-3.4.3/libarchive/archive_string.c:2172:6: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
if (MultiByteToWideChar(codepage, mbflag, p, (int)n, NULL, 0) == 0)
data/libarchive-3.4.3/libarchive/archive_string.c:2291:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char utf8_count[256] = {
data/libarchive-3.4.3/libarchive/archive_string.c:2679:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, ss, s - ss);
data/libarchive-3.4.3/libarchive/archive_string.c:3553:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp.s, _p, bytes);
data/libarchive-3.4.3/libarchive/archive_string.c:3566:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp.s, _p, bytes);
data/libarchive-3.4.3/libarchive/archive_string.c:3661:11: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
count = MultiByteToWideChar(sc->from_cp,
data/libarchive-3.4.3/libarchive/archive_string.c:3669:11: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
count = MultiByteToWideChar(sc->from_cp,
data/libarchive-3.4.3/libarchive/archive_string_composition.h:989:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char u_decomposable_blocks[0x1D2+1] = {
data/libarchive-3.4.3/libarchive/archive_util.c:437:7: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(temp_name.s);
data/libarchive-3.4.3/libarchive/archive_util.c:451:7: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(template);
data/libarchive-3.4.3/libarchive/archive_util.c:523:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(template, O_CREAT | O_EXCL | O_RDWR | O_CLOEXEC,
data/libarchive-3.4.3/libarchive/archive_windows.c:618:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exttype[4];
data/libarchive-3.4.3/libarchive/archive_windows.h:110:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open __la_open
data/libarchive-3.4.3/libarchive/archive_write.c:266:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ret = (f->open)(f);
data/libarchive-3.4.3/libarchive/archive_write.c:412:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->next, buff, to_copy);
data/libarchive-3.4.3/libarchive/archive_write.c:451:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->next, buff, remaining);
data/libarchive-3.4.3/libarchive/archive_write_add_filter_b64encode.c:53:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hold[LBYTES];
data/libarchive-3.4.3/libarchive/archive_write_add_filter_b64encode.c:241:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->hold, p, length);
data/libarchive-3.4.3/libarchive/archive_write_add_filter_compress.c:223:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char rmask[9] =
data/libarchive-3.4.3/libarchive/archive_write_add_filter_gzip.c:304:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char trailer[8];
data/libarchive-3.4.3/libarchive/archive_write_add_filter_lz4.c:321:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->out_buffer,
data/libarchive-3.4.3/libarchive/archive_write_add_filter_lz4.c:449:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->in, p, l);
data/libarchive-3.4.3/libarchive/archive_write_add_filter_lz4.c:523:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->out, p, length);
data/libarchive-3.4.3/libarchive/archive_write_add_filter_lz4.c:608:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->out, p, length);
data/libarchive-3.4.3/libarchive/archive_write_add_filter_lzop.c:293:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->compressed, header, sizeof(header));
data/libarchive-3.4.3/libarchive/archive_write_add_filter_lzop.c:399:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->uncompressed
data/libarchive-3.4.3/libarchive/archive_write_add_filter_lzop.c:407:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->uncompressed + data->uncompressed_buffer_size
data/libarchive-3.4.3/libarchive/archive_write_add_filter_uuencode.c:53:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hold[LBYTES];
data/libarchive-3.4.3/libarchive/archive_write_add_filter_uuencode.c:232:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->hold, p, length);
data/libarchive-3.4.3/libarchive/archive_write_add_filter_zstd.c:183:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int level = atoi(value);
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:461:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return (open(path, flags));
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:882:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fe->mac_metadata, metadata,
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:1175:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char rsrc_footer[RSRC_F_SIZE] = {
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:1186:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, rsrc_footer, sizeof(rsrc_footer));
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:1325:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer_compressed + 1, buff, size);
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:1340:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a->decmpfs_header_p + DECMPFS_HEADER_SIZE,
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:1375:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a->compressed_buffer,
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:1527:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a->uncompressed_buffer +
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:1580:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nullblock[1024];
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:1687:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char null_d[1024];
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:2312:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
a->fd = open(a->name, O_WRONLY | O_TRUNC |
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:2368:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
a->fd = open(a->name,
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:2474:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(p->name,
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:3902:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
myfd = open(name, O_RDONLY | O_NONBLOCK | O_BINARY | O_CLOEXEC);
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:4126:10: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
tmpfd = mkstemp(tmpdatafork.s);
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:4164:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dffd = open(datafork, 0);
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:4207:7: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
fd = mkstemp(tmp.s);
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:4241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[8];
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:4272:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pathname, O_RDONLY | O_BINARY | O_CLOEXEC);
data/libarchive-3.4.3/libarchive/archive_write_disk_set_standard_lookup.c:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _buffer[128];
data/libarchive-3.4.3/libarchive/archive_write_disk_set_standard_lookup.c:193:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _buffer[128];
data/libarchive-3.4.3/libarchive/archive_write_open_filename.c:177:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mine->fd = open(mbs, flags, 0666);
data/libarchive-3.4.3/libarchive/archive_write_open_memory.c:98:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mine->buff + mine->used, buff, length);
data/libarchive-3.4.3/libarchive/archive_write_private.h:54:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(struct archive_write_filter *);
data/libarchive-3.4.3/libarchive/archive_write_private.h:146:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
__archive_write_format_header_ustar(struct archive_write *, char buff[512],
data/libarchive-3.4.3/libarchive/archive_write_set_format_7zip.c:203:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char wbuff[512 * 20 * 6];
data/libarchive-3.4.3/libarchive/archive_write_set_format_7zip.c:831:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&wb[0], "7z\xBC\xAF\x27\x1C", 6);
data/libarchive-3.4.3/libarchive/archive_write_set_format_7zip.c:1526:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(file->utf16name, u16, u16len);
data/libarchive-3.4.3/libarchive/archive_write_set_format_7zip.c:1651:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lastrm->next_out, lastrm->next_in, bytes);
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[60];
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:184:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buff[AR_fmag_offset], "`\n", 2);
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:193:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff + AR_name_offset, "/SYM64/", 7);
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:198:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff + AR_name_offset, "__.SYMDEF", 9);
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:234:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buff[AR_name_offset],
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:257:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(se, filename, strlen(filename));
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:258:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(se + strlen(filename), "/\n");
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:294:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buff[AR_name_offset], filename, strlen(filename));
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:298:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff + AR_name_offset, "#1/", 3);
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:389:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ar->strtab, buff, s);
data/libarchive-3.4.3/libarchive/archive_write_set_format_cpio.c:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h[76];
data/libarchive-3.4.3/libarchive/archive_write_set_format_cpio_newc.c:224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char h[c_header_size];
data/libarchive-3.4.3/libarchive/archive_write_set_format_gnutar.c:157:65: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int archive_format_gnutar_header(struct archive_write *, char h[512],
data/libarchive-3.4.3/libarchive/archive_write_set_format_gnutar.c:277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[512];
data/libarchive-3.4.3/libarchive/archive_write_set_format_gnutar.c:566:55: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
archive_format_gnutar_header(struct archive_write *a, char h[512],
data/libarchive-3.4.3/libarchive/archive_write_set_format_gnutar.c:583:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h, &template_header, 512);
data/libarchive-3.4.3/libarchive/archive_write_set_format_gnutar.c:600:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h + GNUTAR_name_offset, p, copy_length);
data/libarchive-3.4.3/libarchive/archive_write_set_format_gnutar.c:605:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h + GNUTAR_linkname_offset, gnutar->linkname,
data/libarchive-3.4.3/libarchive/archive_write_set_format_gnutar.c:620:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h + GNUTAR_uname_offset, p, copy_length);
data/libarchive-3.4.3/libarchive/archive_write_set_format_gnutar.c:634:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h + GNUTAR_gname_offset, p, copy_length);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:114:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char zisofs_magic[8] = {
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:128:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[LOGICAL_BLOCK_SIZE];
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:761:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char magic_buffer[64];
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:797:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char wbuff[LOGICAL_BLOCK_SIZE * 32];
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:895:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char char_map[0x80];
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:1397:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[5];
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:1403:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p, 4); buf[4] = '\0'; p += 4;
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:1405:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p, 2); buf[2] = '\0'; p += 2;
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:1407:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p, 2); buf[2] = '\0'; p += 2;
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:1409:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p, 2); buf[2] = '\0'; p += 2;
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:1411:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p, 2); buf[2] = '\0'; p += 2;
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:1413:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, p, 2); buf[2] = '\0';
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:1686:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wb_buffptr(a), xp, size);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:2256:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, iso9660->utf16be.s, size);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:2265:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, s, size);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:2282:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char a_characters_map[0x80] = {
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:2294:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char a1_characters_map[0x80] = {
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:2306:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char d_characters_map[0x80] = {
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:2318:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char d1_characters_map[0x80] = {
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:2393:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp + 2, "CD001", 5);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:2530:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tm, localtime(t), sizeof(*tm));
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:2908:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp+6, nm, length - 5);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:2930:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp+6, nm, nmlen);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:3537:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp+34, isoent->identifier, fi_len);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:3779:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char identifier[256];
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:3809:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(identifier, isoent->identifier, len);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:3839:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char identifier[256];
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:3991:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bp+8, "EL TORITO SPECIFICATION", 23);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:4055:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:4174:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wb_buffptr(a), info.s, info_size);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:4195:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p[8], rrip_identifier, p[4]);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:4196:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p[8+p[4]], rrip_descriptor, p[5]);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:4197:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p[8+p[4]+p[5]], rrip_source, p[6]);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:4289:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bp[9], np->identifier, len);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:4446:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wb, extr->buf, extr->offset);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:4817:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(file->basename_utf16.s, ulast, ulen_last);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:5538:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, fn, l);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:5551:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[_MAX_FNAME];/* Included null terminator size. */
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:5553:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAX+1];
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:5555:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:5748:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[_MAX_FNAME];/* Included null terminator size. */
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:5750:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAX+1];
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:5752:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:6040:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, np->file->basename.s, l);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:6266:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, np->file->basename_utf16.s, l);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:7317:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buff[4096];
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:7534:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(iso9660->zisofs.magic_buffer
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:7712:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buff[16];
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:7751:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, zisofs_magic, 8);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:7880:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zisofs->block_pointers
data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c:86:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf_md5[16];
data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c:89:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf_rmd160[20];
data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c:92:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf_sha1[20];
data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c:95:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf_sha256[32];
data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c:98:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf_sha384[48];
data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c:101:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf_sha512[64];
data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c:323:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char safe_char[256] = {
data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c:352:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c:1988:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, fn, l);
data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c:2001:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[_MAX_FNAME];/* Included null terminator size. */
data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c:2003:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAX+1];
data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c:2005:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:250:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1 + 3*sizeof(sec) + 1 + 3*sizeof(nanos)];
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1 + 3 * sizeof(value)];
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:322:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1 + 3 * sizeof(int)]; /* < 3 base-10 digits per byte */
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:587:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char paxbuff[512];
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:588:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ustarbuff[512];
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:589:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ustar_entry_name[256];
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:590:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pax_entry_name[256];
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:591:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gnu_sparse_name[256];
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:1671:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:1676:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest, "PaxHeader/blank");
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:1700:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest, "/PaxHeader/rootdir");
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:1706:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest, "PaxHeader/currentdir");
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:1716:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "PaxHeader.%d", getpid());
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:1719:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buff, "PaxHeader");
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:1744:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dest, "GNUSparseFile/blank");
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:1941:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char digits[64] =
data/libarchive-3.4.3/libarchive/archive_write_set_format_shar.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuff[45];
data/libarchive-3.4.3/libarchive/archive_write_set_format_shar.c:398:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
uuencode_group(const char _in[3], char out[4])
data/libarchive-3.4.3/libarchive/archive_write_set_format_shar.c:398:35: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
uuencode_group(const char _in[3], char out[4])
data/libarchive-3.4.3/libarchive/archive_write_set_format_shar.c:432:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_buf[3];
data/libarchive-3.4.3/libarchive/archive_write_set_format_shar.c:477:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(shar->outbuff + shar->outpos, src, n);
data/libarchive-3.4.3/libarchive/archive_write_set_format_shar.c:503:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(shar->outbuff, src, n);
data/libarchive-3.4.3/libarchive/archive_write_set_format_ustar.c:239:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[512];
data/libarchive-3.4.3/libarchive/archive_write_set_format_ustar.c:384:62: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
__archive_write_format_header_ustar(struct archive_write *a, char h[512],
data/libarchive-3.4.3/libarchive/archive_write_set_format_ustar.c:401:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h, &template_header, 512);
data/libarchive-3.4.3/libarchive/archive_write_set_format_ustar.c:421:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h + USTAR_name_offset, pp, copy_length);
data/libarchive-3.4.3/libarchive/archive_write_set_format_ustar.c:455:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h + USTAR_prefix_offset, pp, p - pp);
data/libarchive-3.4.3/libarchive/archive_write_set_format_ustar.c:456:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h + USTAR_name_offset, p + 1,
data/libarchive-3.4.3/libarchive/archive_write_set_format_ustar.c:498:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h + USTAR_linkname_offset, p, copy_length);
data/libarchive-3.4.3/libarchive/archive_write_set_format_ustar.c:523:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h + USTAR_uname_offset, p, copy_length);
data/libarchive-3.4.3/libarchive/archive_write_set_format_ustar.c:548:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h + USTAR_gname_offset, p, copy_length);
data/libarchive-3.4.3/libarchive/archive_write_set_format_v7tar.c:138:56: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static int format_header_v7tar(struct archive_write *, char h[512],
data/libarchive-3.4.3/libarchive/archive_write_set_format_v7tar.c:216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[512];
data/libarchive-3.4.3/libarchive/archive_write_set_format_v7tar.c:361:46: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
format_header_v7tar(struct archive_write *a, char h[512],
data/libarchive-3.4.3/libarchive/archive_write_set_format_v7tar.c:378:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h, &template_header, 512);
data/libarchive-3.4.3/libarchive/archive_write_set_format_v7tar.c:398:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h + V7TAR_name_offset, pp, copy_length);
data/libarchive-3.4.3/libarchive/archive_write_set_format_v7tar.c:400:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h + V7TAR_name_offset, pp, copy_length);
data/libarchive-3.4.3/libarchive/archive_write_set_format_v7tar.c:445:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(h + V7TAR_linkname_offset, p, copy_length);
data/libarchive-3.4.3/libarchive/archive_write_set_format_warc.c:339:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strtime[100];
data/libarchive-3.4.3/libarchive/archive_write_set_format_warc.c:365:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const _typ[LAST_WT] = {
data/libarchive-3.4.3/libarchive/archive_write_set_format_warc.c:368:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char std_uuid[48U];
data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c:165:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char val[MAX_SUM_SIZE];
data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c:254:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char wbuff[1024 * 64];
data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c:907:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timestr[100];
data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c:933:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ms[5];
data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c:950:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[MAX_SUM_SIZE*2 + 1];
data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c:1895:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wb, xar->toc.a_sum.val, xar->toc.a_sum.len);
data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c:2245:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, fn, l);
data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c:2258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[_MAX_FNAME];/* Included null terminator size. */
data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c:2260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAX+1];
data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c:2262:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:514:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char local_header[32];
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:515:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char local_extra[144];
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:773:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(local_header, "PK\003\004", 4);
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:810:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zip->file_header, "PK\001\002", 4);
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:839:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e, "UT", 2);
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:865:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e, "ux\013\000\001", 5);
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:879:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e, "\001\231\007\000\001\000AE", 8);
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:903:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cd_extra, local_extra, e - local_extra);
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:916:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e, "\001\000\020\000", 4);
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:929:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e, "xl\000\000", 4); // 0x6c65 + 2-byte length
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:1193:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d[24];
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:1194:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, "PK\007\010", 4);
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:1222:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char zip64[32];
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:1224:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(z, "\001\000\000\000", 4);
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:1245:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zd, zip64, z - zip64);
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:1299:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, "PK\006\006", 4);
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:1315:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, "PK\006\007", 4);
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:1328:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, "PK\005\006", 4);
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:1479:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, path, pathlen);
data/libarchive-3.4.3/libarchive/filter_fork_posix.c:150:10: [2] (race) vfork:
On some old systems, vfork() permits race conditions, and it's very
difficult to use correctly (CWE-362). Use fork() instead.
child = vfork();
data/libarchive-3.4.3/libarchive/test/read_open_memory.c:154:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mine->copy_buff + mine->copy_buff_offset, mine->p, size);
data/libarchive-3.4.3/libarchive/test/test_acl_pax.c:37:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buff[16384];
data/libarchive-3.4.3/libarchive/test/test_acl_pax.c:265:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert(NULL != (f = fopen("testout", "wb")));
data/libarchive-3.4.3/libarchive/test/test_acl_pax.c:370:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert(NULL != (f = fopen("testout", "wb")));
data/libarchive-3.4.3/libarchive/test/test_acl_platform_nfs4.c:855:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_acl_platform_nfs4.c:910:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "dir%d", i);
data/libarchive-3.4.3/libarchive/test/test_acl_platform_nfs4.c:963:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "dir%d", i);
data/libarchive-3.4.3/libarchive/test/test_acl_platform_posix1e.c:409:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("f1", O_WRONLY | O_CREAT | O_EXCL, 0777);
data/libarchive-3.4.3/libarchive/test/test_acl_platform_posix1e.c:495:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("d/f1", O_WRONLY | O_CREAT | O_EXCL, 0777);
data/libarchive-3.4.3/libarchive/test/test_archive_api_feature.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/libarchive-3.4.3/libarchive/test/test_archive_api_feature.c:35:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "libarchive %d.%d.%d",
data/libarchive-3.4.3/libarchive/test/test_archive_digest.c:37:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[16];
data/libarchive-3.4.3/libarchive/test/test_archive_digest.c:54:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[20];
data/libarchive-3.4.3/libarchive/test/test_archive_digest.c:71:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[20];
data/libarchive-3.4.3/libarchive/test/test_archive_digest.c:88:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[32];
data/libarchive-3.4.3/libarchive/test/test_archive_digest.c:107:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[48];
data/libarchive-3.4.3/libarchive/test/test_archive_digest.c:128:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md[64];
data/libarchive-3.4.3/libarchive/test/test_archive_read_multiple_data_objects.c:31:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/libarchive-3.4.3/libarchive/test/test_archive_read_multiple_data_objects.c:45:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_archive_read_multiple_data_objects.c:137:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_archive_read_multiple_data_objects.c:185:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
mydata->fd = open(mydata->filename, O_RDONLY | O_BINARY);
data/libarchive-3.4.3/libarchive/test/test_archive_read_multiple_data_objects.c:260:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_archive_read_next_header_empty.c:92:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nulls[512];
data/libarchive-3.4.3/libarchive/test/test_archive_read_next_header_empty.c:99:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("emptyfile", "wb");
data/libarchive-3.4.3/libarchive/test/test_archive_read_next_header_empty.c:103:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("empty.tar", "wb");
data/libarchive-3.4.3/libarchive/test/test_archive_read_next_header_raw.c:31:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char data[sizeof(DATA)] = DATA;
data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c:260:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[512];
data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c:303:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert((fp = fopen(testdata, "r")) != NULL);
data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c:313:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nfc[80], nfd[80];
data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c:314:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8_nfc[80], utf8_nfd[80];
data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c:315:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf16be_nfc[80], utf16be_nfd[80];
data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c:316:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf16le_nfc[80], utf16le_nfd[80];
data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c:317:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wc_nfc[40], wc_nfd[40];
data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c:471:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[512];
data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c:514:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert((fp = fopen(testdata, "r")) != NULL);
data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c:524:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nfc[80], nfd[80];
data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c:525:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8_nfc[80], utf8_nfd[80];
data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c:526:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf16be_nfc[80], utf16be_nfd[80];
data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c:527:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf16le_nfc[80], utf16le_nfd[80];
data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c:528:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wc_nfc[40], wc_nfd[40];
data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c:786:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[512];
data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c:801:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert((fp = fopen(testdata, "w")) != NULL);
data/libarchive-3.4.3/libarchive/test/test_compat_bzip2.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *n[7] = { "f1", "f2", "f3", "d1/f1", "d1/f2", "d1/f3", NULL };
data/libarchive-3.4.3/libarchive/test/test_compat_gzip.c:44:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *n[7] = { "f1", "f2", "f3", "d1/f1", "d1/f2", "d1/f3", NULL };
data/libarchive-3.4.3/libarchive/test/test_compat_lz4.c:89:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *n[7] = { "f1", "f2", "f3", "d1/f1", "d1/f2", "d1/f3", NULL };
data/libarchive-3.4.3/libarchive/test/test_compat_lz4.c:90:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *n2[7] = { "xfile", "README", "NEWS", NULL };
data/libarchive-3.4.3/libarchive/test/test_compat_lzip.c:95:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *n[7] = { "f1", "f2", "f3", "d1/f1", "d1/f2", "d1/f3", NULL };
data/libarchive-3.4.3/libarchive/test/test_compat_lzma.c:104:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *n[7] = { "f1", "f2", "f3", "d1/f1", "d1/f2", "d1/f3", NULL };
data/libarchive-3.4.3/libarchive/test/test_compat_solaris_pax_sparse.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1024*8];
data/libarchive-3.4.3/libarchive/test/test_compat_solaris_pax_sparse.c:161:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[32];
data/libarchive-3.4.3/libarchive/test/test_compat_xz.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *n[7] = { "f1", "f2", "f3", "d1/f1", "d1/f2", "d1/f3", NULL };
data/libarchive-3.4.3/libarchive/test/test_compat_zstd.c:39:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *n[7] = { "f1", "f2", "f3", "d1/f1", "d1/f2", "d1/f3", NULL };
data/libarchive-3.4.3/libarchive/test/test_empty_write.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[32768];
data/libarchive-3.4.3/libarchive/test/test_entry.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/libarchive-3.4.3/libarchive/test/test_entry.c:58:2: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wbuff[128];
data/libarchive-3.4.3/libarchive/test/test_entry.c:180:2: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(wbuff, L"wgroup");
data/libarchive-3.4.3/libarchive/test/test_entry.c:189:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buff, "hardlinkname2");
data/libarchive-3.4.3/libarchive/test/test_entry.c:197:2: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(wbuff, L"whardlink");
data/libarchive-3.4.3/libarchive/test/test_entry.c:275:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buff, "path2");
data/libarchive-3.4.3/libarchive/test/test_entry.c:280:2: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(wbuff, L"wpath");
data/libarchive-3.4.3/libarchive/test/test_entry.c:305:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buff, "symlinkname2");
data/libarchive-3.4.3/libarchive/test/test_entry.c:326:2: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(wbuff, L"wuser");
data/libarchive-3.4.3/libarchive/test/test_extattr_freebsd.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_extattr_freebsd.c:58:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("pretest", O_RDWR | O_CREAT, 0777);
data/libarchive-3.4.3/libarchive/test/test_filter_count.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_fuzz.c:133:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rawimage + oldsize, tmp, size);
data/libarchive-3.4.3/libarchive/test/test_fuzz.c:161:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(image, rawimage, size);
data/libarchive-3.4.3/libarchive/test/test_fuzz.c:172:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("after.test.failure.send.this.file."
data/libarchive-3.4.3/libarchive/test/test_gnutar_filename_encoding.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_gnutar_filename_encoding.c:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_gnutar_filename_encoding.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_gnutar_filename_encoding.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_gnutar_filename_encoding.c:202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_gnutar_filename_encoding.c:242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_gnutar_filename_encoding.c:277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_gnutar_filename_encoding.c:317:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_gnutar_filename_encoding.c:357:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_open_fd.c:29:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/libarchive-3.4.3/libarchive/test/test_open_fd.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_open_fd.c:48:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("test.tar", O_RDWR | O_CREAT | O_BINARY);
data/libarchive-3.4.3/libarchive/test/test_open_fd.c:50:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("test.tar", O_RDWR | O_CREAT | O_BINARY, 0777);
data/libarchive-3.4.3/libarchive/test/test_open_file.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_open_file.c:35:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("test.tar", "wb");
data/libarchive-3.4.3/libarchive/test/test_open_file.c:76:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("test.tar", "rb");
data/libarchive-3.4.3/libarchive/test/test_open_filename.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_open_filename.c:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_pax_filename_encoding.c:94:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[65536];
data/libarchive-3.4.3/libarchive/test/test_pax_filename_encoding.c:197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[65536];
data/libarchive-3.4.3/libarchive/test/test_pax_filename_encoding.c:342:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_pax_filename_encoding.c:388:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_pax_filename_encoding.c:435:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_pax_filename_encoding.c:482:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_pax_filename_encoding.c:531:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_read_data_large.c:37:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/libarchive-3.4.3/libarchive/test/test_read_data_large.c:41:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff1[11000000];
data/libarchive-3.4.3/libarchive/test/test_read_data_large.c:42:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff2[10000000];
data/libarchive-3.4.3/libarchive/test/test_read_data_large.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff3[10000000];
data/libarchive-3.4.3/libarchive/test/test_read_data_large.c:98:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpfilefd = open(tmpfilename, O_WRONLY | O_CREAT | O_BINARY);
data/libarchive-3.4.3/libarchive/test/test_read_data_large.c:100:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpfilefd = open(tmpfilename, O_WRONLY | O_CREAT | O_BINARY, 0777);
data/libarchive-3.4.3/libarchive/test/test_read_data_large.c:108:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(tmpfilename, "rb");
data/libarchive-3.4.3/libarchive/test/test_read_disk_directory_traversals.c:438:2: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(fullpath, L"//?/");
data/libarchive-3.4.3/libarchive/test/test_read_disk_directory_traversals.c:440:2: [2] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
wcscat(fullpath, L"/dir1/file1");
data/libarchive-3.4.3/libarchive/test/test_read_disk_directory_traversals.c:470:2: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(fullpath, L"//?/");
data/libarchive-3.4.3/libarchive/test/test_read_disk_directory_traversals.c:472:2: [2] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
wcscat(fullpath, L"/dir1/*1");
data/libarchive-3.4.3/libarchive/test/test_read_disk_directory_traversals.c:480:2: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(wp+1, L"file1");
data/libarchive-3.4.3/libarchive/test/test_read_disk_directory_traversals.c:493:2: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(wp+1, L"sub1");
data/libarchive-3.4.3/libarchive/test/test_read_disk_directory_traversals.c:503:2: [2] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
wcscpy(wp+1, L"sub1/file1");
data/libarchive-3.4.3/libarchive/test/test_read_disk_entry_from_file.c:60:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("foo", "wb");
data/libarchive-3.4.3/libarchive/test/test_read_filter_uudecode.c:78:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char extradata_no_nl[sizeof(extradata)];
data/libarchive-3.4.3/libarchive/test/test_read_filter_uudecode.c:86:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(extradata_no_nl, extradata, sizeof(extradata));
data/libarchive-3.4.3/libarchive/test/test_read_filter_uudecode.c:105:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, extradata_ptr, sizeof(extradata)-1);
data/libarchive-3.4.3/libarchive/test/test_read_filter_uudecode.c:109:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, extradata_ptr, size-1);
data/libarchive-3.4.3/libarchive/test/test_read_filter_uudecode.c:116:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, uudata, uusize);
data/libarchive-3.4.3/libarchive/test/test_read_filter_uudecode.c:148:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff + size, uudata, uusize);
data/libarchive-3.4.3/libarchive/test/test_read_format_7zip.c:30:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/libarchive-3.4.3/libarchive/test/test_read_format_7zip.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_7zip.c:51:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(refname, O_RDONLY | O_BINARY);
data/libarchive-3.4.3/libarchive/test/test_read_format_7zip.c:167:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_7zip.c:210:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_7zip.c:295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_7zip.c:375:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_7zip.c:506:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/libarchive-3.4.3/libarchive/test/test_read_format_7zip.c:562:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/libarchive-3.4.3/libarchive/test/test_read_format_7zip.c:619:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/libarchive-3.4.3/libarchive/test/test_read_format_7zip.c:671:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_7zip_encryption_data.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_7zip_encryption_header.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_7zip_encryption_partially.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_7zip_packinfo_digests.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4];
data/libarchive-3.4.3/libarchive/test/test_read_format_ar.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_read_format_cab.c:182:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_cab.c:183:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zero[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_cab.c:282:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_cab.c:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zero[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_cab.c:348:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zero[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_cpio_afio.c:91:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, archive, sizeof(archive));
data/libarchive-3.4.3/libarchive/test/test_read_format_isojoliet_long.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathname[104];
data/libarchive-3.4.3/libarchive/test/test_read_format_isorr_ce.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path1[160];
data/libarchive-3.4.3/libarchive/test/test_read_format_isorr_ce.c:89:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path2[160];
data/libarchive-3.4.3/libarchive/test/test_read_format_isorr_ce.c:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path3[160];
data/libarchive-3.4.3/libarchive/test/test_read_format_lha.c:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_mtree.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[16];
data/libarchive-3.4.3/libarchive/test/test_read_format_mtree.c:68:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("file", "wb");
data/libarchive-3.4.3/libarchive/test/test_read_format_mtree.c:457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[16];
data/libarchive-3.4.3/libarchive/test/test_read_format_mtree.c:477:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("file", "wb");
data/libarchive-3.4.3/libarchive/test/test_read_format_mtree.c:562:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[16];
data/libarchive-3.4.3/libarchive/test/test_read_format_mtree.c:582:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("file", "wb");
data/libarchive-3.4.3/libarchive/test/test_read_format_mtree.c:629:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[16];
data/libarchive-3.4.3/libarchive/test/test_read_format_mtree.c:649:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("file", "wb");
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:132:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[30];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:333:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[30];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:441:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file1_buff[20111];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:447:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file2_buff[20];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:552:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:590:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file1_buff[20111];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:596:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file2_buff[20];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:701:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:747:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file2_buff[32618];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:802:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[441];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:893:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:896:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file2_buff[20111];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:902:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file3_buff[20];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:1130:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[441];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:1219:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_buff[20111];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:1301:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:1435:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:1576:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar.c:1643:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar5.c:138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar5.c:386:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[6];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar5.c:407:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[405];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar5.c:426:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar5.c:1190:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar5.c:1211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar5.c:1226:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar5.c:1247:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar5.c:1262:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar_encryption_data.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar_encryption_header.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar_encryption_partially.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_rar_invalid1.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buff[100];
data/libarchive-3.4.3/libarchive/test/test_read_format_raw.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[512];
data/libarchive-3.4.3/libarchive/test/test_read_format_tar.c:434:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, d, s);
data/libarchive-3.4.3/libarchive/test/test_read_format_warc.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256U];
data/libarchive-3.4.3/libarchive/test/test_read_format_xar.c:769:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, d, s);
data/libarchive-3.4.3/libarchive/test/test_read_format_zip.c:108:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buff[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_zip.c:214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buff[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_zip.c:818:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/libarchive-3.4.3/libarchive/test/test_read_format_zip.c:840:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/libarchive-3.4.3/libarchive/test/test_read_format_zip.c:866:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/libarchive-3.4.3/libarchive/test/test_read_format_zip.c:887:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/libarchive-3.4.3/libarchive/test/test_read_format_zip_encryption_data.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_zip_encryption_header.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_zip_encryption_partially.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[128];
data/libarchive-3.4.3/libarchive/test/test_read_format_zip_jar.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[16];
data/libarchive-3.4.3/libarchive/test/test_read_format_zip_nofiletype.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[16];
data/libarchive-3.4.3/libarchive/test/test_read_format_zip_traditional_encryption_data.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[512];
data/libarchive-3.4.3/libarchive/test/test_read_format_zip_winzip_aes.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[512];
data/libarchive-3.4.3/libarchive/test/test_read_format_zip_winzip_aes_large.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[512];
data/libarchive-3.4.3/libarchive/test/test_read_format_zip_zip64.c:44:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[16];
data/libarchive-3.4.3/libarchive/test/test_read_format_zip_zip64.c:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[16];
data/libarchive-3.4.3/libarchive/test/test_read_large.c:28:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char testdata[10 * 1024 * 1024];
data/libarchive-3.4.3/libarchive/test/test_read_large.c:29:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char testdatacopy[10 * 1024 * 1024];
data/libarchive-3.4.3/libarchive/test/test_read_large.c:30:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buff[11 * 1024 * 1024];
data/libarchive-3.4.3/libarchive/test/test_read_large.c:33:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/libarchive-3.4.3/libarchive/test/test_read_large.c:80:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpfilefd = open(tmpfilename, O_WRONLY | O_CREAT | O_BINARY);
data/libarchive-3.4.3/libarchive/test/test_read_large.c:82:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tmpfilefd = open(tmpfilename, O_WRONLY | O_CREAT | O_BINARY, 0755);
data/libarchive-3.4.3/libarchive/test/test_read_large.c:89:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(tmpfilename, "rb");
data/libarchive-3.4.3/libarchive/test/test_read_pax_truncated.c:169:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff2, buff, buff_size);
data/libarchive-3.4.3/libarchive/test/test_read_pax_truncated.c:182:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff2, buff, buff_size);
data/libarchive-3.4.3/libarchive/test/test_read_pax_truncated.c:193:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff2, buff, buff_size);
data/libarchive-3.4.3/libarchive/test/test_read_pax_truncated.c:206:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff2, buff, buff_size);
data/libarchive-3.4.3/libarchive/test/test_read_pax_truncated.c:220:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff2, buff, buff_size);
data/libarchive-3.4.3/libarchive/test/test_read_pax_truncated.c:232:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff2, buff, buff_size);
data/libarchive-3.4.3/libarchive/test/test_read_pax_truncated.c:243:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff2, buff, buff_size);
data/libarchive-3.4.3/libarchive/test/test_read_position.c:28:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char nulls[1000];
data/libarchive-3.4.3/libarchive/test/test_read_position.c:29:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char tmp[1000];
data/libarchive-3.4.3/libarchive/test/test_read_position.c:30:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buff[10000];
data/libarchive-3.4.3/libarchive/test/test_read_set_format.c:31:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[64];
data/libarchive-3.4.3/libarchive/test/test_read_truncated.c:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[1000000];
data/libarchive-3.4.3/libarchive/test/test_read_truncated.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff2[100000];
data/libarchive-3.4.3/libarchive/test/test_read_truncated_filter.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[16];
data/libarchive-3.4.3/libarchive/test/test_sparse_basic.c:95:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char root[MAX_PATH+1];
data/libarchive-3.4.3/libarchive/test/test_sparse_basic.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vol[MAX_PATH+1];
data/libarchive-3.4.3/libarchive/test/test_sparse_basic.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sys[MAX_PATH+1];
data/libarchive-3.4.3/libarchive/test/test_sparse_basic.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/libarchive-3.4.3/libarchive/test/test_sparse_basic.c:188:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/libarchive-3.4.3/libarchive/test/test_sparse_basic.c:194:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(testfile, O_RDWR);
data/libarchive-3.4.3/libarchive/test/test_sparse_basic.c:247:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(testfile, O_RDWR);
data/libarchive-3.4.3/libarchive/test/test_sparse_basic.c:283:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/libarchive-3.4.3/libarchive/test/test_sparse_basic.c:289:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
assert((fd = open(path, O_CREAT | O_WRONLY, 0600)) != -1);
data/libarchive-3.4.3/libarchive/test/test_sparse_basic.c:442:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/libarchive-3.4.3/libarchive/test/test_sparse_basic.c:459:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY | O_BINARY);
data/libarchive-3.4.3/libarchive/test/test_tar_filenames.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[8192];
data/libarchive-3.4.3/libarchive/test/test_tar_filenames.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[400];
data/libarchive-3.4.3/libarchive/test/test_tar_filenames.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[400];
data/libarchive-3.4.3/libarchive/test/test_tar_large.c:107:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block->buff, buff, size);
data/libarchive-3.4.3/libarchive/test/test_tar_large.c:202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuff[64];
data/libarchive-3.4.3/libarchive/test/test_tar_large.c:227:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(namebuff, "file_%d", i);
data/libarchive-3.4.3/libarchive/test/test_tar_large.c:274:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(namebuff, "file_%d", i);
data/libarchive-3.4.3/libarchive/test/test_ustar_filename_encoding.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_ustar_filename_encoding.c:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_ustar_filename_encoding.c:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_ustar_filename_encoding.c:157:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_ustar_filename_encoding.c:202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_ustar_filename_encoding.c:242:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_ustar_filename_encoding.c:277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_ustar_filename_encoding.c:317:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_ustar_filename_encoding.c:357:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_ustar_filenames.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[8192];
data/libarchive-3.4.3/libarchive/test/test_ustar_filenames.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[400];
data/libarchive-3.4.3/libarchive/test/test_ustar_filenames.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[400];
data/libarchive-3.4.3/libarchive/test/test_write_disk.c:327:2: [2] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
wcscat(fullpath, L"\\f:i*l?e\"f<i>l|e");
data/libarchive-3.4.3/libarchive/test/test_write_disk.c:340:2: [2] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
wcscat(fullpath, L"\\d:i*r?e\"c<t>o|ry/file1");
data/libarchive-3.4.3/libarchive/test/test_write_disk_appledouble.c:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char _acl_temp[256];
data/libarchive-3.4.3/libarchive/test/test_write_disk_failures.c:44:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("dir/testfile", O_WRONLY | O_CREAT | O_BINARY, 0777);
data/libarchive-3.4.3/libarchive/test/test_write_disk_hfs_compression.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rsrc[50];
data/libarchive-3.4.3/libarchive/test/test_write_disk_hfs_compression.c:100:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char rsrc_footer[50] = {
data/libarchive-3.4.3/libarchive/test/test_write_disk_mac_metadata.c:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char _acl_temp[256];
data/libarchive-3.4.3/libarchive/test/test_write_disk_perms.c:63:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("test_gid", O_CREAT | O_BINARY, 0664);
data/libarchive-3.4.3/libarchive/test/test_write_disk_secure744.c:78:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "target%d", n);
data/libarchive-3.4.3/libarchive/test/test_write_disk_sparse.c:61:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, data, sizeof(data));
data/libarchive-3.4.3/libarchive/test/test_write_disk_sparse.c:67:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff + buff_size / 2 - 3, data, sizeof(data));
data/libarchive-3.4.3/libarchive/test/test_write_disk_sparse.c:73:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff + buff_size - sizeof(data), data, sizeof(data));
data/libarchive-3.4.3/libarchive/test/test_write_disk_sparse.c:83:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(archive_entry_pathname(ae), "rb");
data/libarchive-3.4.3/libarchive/test/test_write_disk_sparse.c:159:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, data, sizeof(data));
data/libarchive-3.4.3/libarchive/test/test_write_disk_sparse.c:166:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff + buff_size / 2 - 3, data, sizeof(data));
data/libarchive-3.4.3/libarchive/test/test_write_disk_sparse.c:173:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff + buff_size - sizeof(data), data, sizeof(data));
data/libarchive-3.4.3/libarchive/test/test_write_disk_sparse.c:184:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(archive_entry_pathname(ae), "rb");
data/libarchive-3.4.3/libarchive/test/test_write_filter_b64encode.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[16];
data/libarchive-3.4.3/libarchive/test/test_write_filter_b64encode.c:67:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_b64encode.c:82:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_b64encode.c:114:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_b64encode.c:131:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_bzip2.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[16];
data/libarchive-3.4.3/libarchive/test/test_write_filter_bzip2.c:86:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_bzip2.c:102:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_bzip2.c:136:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_bzip2.c:163:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_bzip2.c:190:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_bzip2.c:215:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_compress.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[16];
data/libarchive-3.4.3/libarchive/test/test_write_filter_compress.c:62:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_compress.c:86:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_gzip.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[16];
data/libarchive-3.4.3/libarchive/test/test_write_filter_gzip.c:88:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_gzip.c:116:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_gzip.c:151:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_gzip.c:190:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_gzip.c:215:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_gzip.c:252:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lrzip.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[16];
data/libarchive-3.4.3/libarchive/test/test_write_filter_lrzip.c:71:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lrzip.c:87:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lz4.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[16];
data/libarchive-3.4.3/libarchive/test/test_write_filter_lz4.c:87:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lz4.c:110:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lz4.c:145:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lz4.c:173:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lz4.c:198:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lz4.c:228:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lz4.c:284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[16];
data/libarchive-3.4.3/libarchive/test/test_write_filter_lz4.c:333:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lz4.c:353:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzip.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[16];
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzip.c:84:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzip.c:106:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzip.c:136:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzip.c:160:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzip.c:184:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzip.c:213:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzma.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[16];
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzma.c:83:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzma.c:105:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzma.c:135:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzma.c:159:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzma.c:183:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzma.c:217:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzop.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[16];
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzop.c:82:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzop.c:102:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzop.c:138:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzop.c:166:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzop.c:191:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_lzop.c:221:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_program.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[1000000];
data/libarchive-3.4.3/libarchive/test/test_write_filter_program.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff2[64];
data/libarchive-3.4.3/libarchive/test/test_write_filter_uuencode.c:40:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[16];
data/libarchive-3.4.3/libarchive/test/test_write_filter_uuencode.c:67:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_uuencode.c:82:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_uuencode.c:114:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_uuencode.c:131:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_xz.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[16];
data/libarchive-3.4.3/libarchive/test/test_write_filter_xz.c:83:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_xz.c:105:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_xz.c:135:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_xz.c:166:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_xz.c:190:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_xz.c:223:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_zstd.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[16];
data/libarchive-3.4.3/libarchive/test/test_write_filter_zstd.c:77:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_zstd.c:99:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_zstd.c:134:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_zstd.c:157:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_zstd.c:184:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_filter_zstd.c:204:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "file%03d", i);
data/libarchive-3.4.3/libarchive/test/test_write_format_7zip.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filedata[64];
data/libarchive-3.4.3/libarchive/test/test_write_format_7zip.c:323:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filedata[64];
data/libarchive-3.4.3/libarchive/test/test_write_format_ar.c:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_write_format_ar.c:32:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff2[64];
data/libarchive-3.4.3/libarchive/test/test_write_format_cpio.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filedata[64];
data/libarchive-3.4.3/libarchive/test/test_write_format_cpio.c:57:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, "XXXX");
data/libarchive-3.4.3/libarchive/test/test_write_format_cpio.c:77:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, "XXXX");
data/libarchive-3.4.3/libarchive/test/test_write_format_cpio_empty.c:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[2048];
data/libarchive-3.4.3/libarchive/test/test_write_format_gnutar.c:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff2[64];
data/libarchive-3.4.3/libarchive/test/test_write_format_gnutar_filenames.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char filename[2048];
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff2[64];
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[1024];
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[6];
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660.c:119:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dir, "/dir0");
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660.c:137:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dirname, "/file");
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_boot.c:87:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff2[1024];
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_boot.c:92:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nullb[2048];
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_filename.c:212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname1[256];
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_filename.c:213:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname2[256];
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_filename.c:214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sym1[2];
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_filename.c:215:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sym128[129];
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_filename.c:216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sym255[256];
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_zisofs.c:56:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char zisofs_magic[8] = {
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_zisofs.c:60:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char zisofs_data[24] = {
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_zisofs.c:96:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buff2[1024];
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_zisofs.c:97:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nullb[1024];
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_zisofs.c:329:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buff2[1024];
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_zisofs.c:330:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[1024];
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_zisofs.c:581:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buff2[1024];
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_zisofs.c:582:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nullb[2048];
data/libarchive-3.4.3/libarchive/test/test_write_format_mtree.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_write_format_mtree.c:166:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/libarchive-3.4.3/libarchive/test/test_write_format_mtree.c:232:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, "./");
data/libarchive-3.4.3/libarchive/test/test_write_format_mtree_absolute_path.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_write_format_mtree_classic.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_write_format_mtree_classic_indent.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_write_format_mtree_fflags.c:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_write_format_mtree_no_separator.c:33:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_write_format_mtree_quoted_filename.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_write_format_pax.c:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff2[64];
data/libarchive-3.4.3/libarchive/test/test_write_format_pax.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nulls[1024];
data/libarchive-3.4.3/libarchive/test/test_write_format_raw.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filedata[64];
data/libarchive-3.4.3/libarchive/test/test_write_format_raw_b64.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filedata[64];
data/libarchive-3.4.3/libarchive/test/test_write_format_shar_empty.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[2048];
data/libarchive-3.4.3/libarchive/test/test_write_format_tar.c:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[1000000];
data/libarchive-3.4.3/libarchive/test/test_write_format_tar.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff2[64];
data/libarchive-3.4.3/libarchive/test/test_write_format_tar.c:67:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(p, "XXXX");
data/libarchive-3.4.3/libarchive/test/test_write_format_tar_empty.c:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[2048];
data/libarchive-3.4.3/libarchive/test/test_write_format_tar_sparse.c:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[1000000];
data/libarchive-3.4.3/libarchive/test/test_write_format_tar_sparse.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff3[1024];
data/libarchive-3.4.3/libarchive/test/test_write_format_tar_sparse.c:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff3[1024];
data/libarchive-3.4.3/libarchive/test/test_write_format_tar_ustar.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f99[100];
data/libarchive-3.4.3/libarchive/test/test_write_format_tar_ustar.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f100[101];
data/libarchive-3.4.3/libarchive/test/test_write_format_tar_ustar.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f256[257];
data/libarchive-3.4.3/libarchive/test/test_write_format_tar_v7tar.c:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f99[100];
data/libarchive-3.4.3/libarchive/test/test_write_format_tar_v7tar.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f100[101];
data/libarchive-3.4.3/libarchive/test/test_write_format_warc.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filedata[64];
data/libarchive-3.4.3/libarchive/test/test_write_format_warc_empty.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[512U];
data/libarchive-3.4.3/libarchive/test/test_write_format_xar.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff2[64];
data/libarchive-3.4.3/libarchive/test/test_write_format_xar_empty.c:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/libarchive-3.4.3/libarchive/test/test_write_format_zip.c:276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filedata[64];
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_compression_store.c:336:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[100000];
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_empty.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_empty_zip64.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_large.c:104:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(block->buff, buff, size);
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_large.c:288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuff[64];
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_large.c:312:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(namebuff, "file_%d", i);
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_large.c:328:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuff[64];
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_large.c:362:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(namebuff, "file_%d", i);
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_large.c:423:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff + buffsize, p, s);
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_zip64.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[256];
data/libarchive-3.4.3/libarchive/test/test_write_open_memory.c:29:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buff[16384];
data/libarchive-3.4.3/libarchive/test/test_write_read_format_zip.c:273:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filedata[64];
data/libarchive-3.4.3/libarchive/test/test_zip_filename_encoding.c:34:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_zip_filename_encoding.c:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_zip_filename_encoding.c:222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_zip_filename_encoding.c:265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_zip_filename_encoding.c:334:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/test/test_zip_filename_encoding.c:433:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[4096];
data/libarchive-3.4.3/libarchive/xxhash.c:93:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define XXH_memcpy memcpy
data/libarchive-3.4.3/libarchive/xxhash.c:326:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char memory[16];
data/libarchive-3.4.3/libarchive_fe/line_reader.c:73:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
lr->f = fopen(pathname, "r");
data/libarchive-3.4.3/libarchive_fe/passphrase.c:194:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(input = output = open(_PATH_TTY, O_RDWR)) == -1) {
data/libarchive-3.4.3/tar/bsdtar.c:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[16];
data/libarchive-3.4.3/tar/bsdtar.c:872:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buff, "-?");
data/libarchive-3.4.3/tar/bsdtar.c:876:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buff, "--");
data/libarchive-3.4.3/tar/bsdtar.c:884:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buff, "--");
data/libarchive-3.4.3/tar/bsdtar.c:892:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buff, "-?");
data/libarchive-3.4.3/tar/bsdtar_windows.c:72:6: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
l = MultiByteToWideChar(CP_ACP, 0, name, len, wn, len);
data/libarchive-3.4.3/tar/read.c:200:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, IGNORE_WRONG_MODULE_NAME, module_len);
data/libarchive-3.4.3/tar/read.c:201:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p + module_len, reader_options, opt_len);
data/libarchive-3.4.3/tar/subst.c:104:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pattern, rule_text + 1, end_pattern - rule_text - 1);
data/libarchive-3.4.3/tar/subst.c:108:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/libarchive-3.4.3/tar/subst.c:122:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rule->result, start_subst, end_pattern - start_subst);
data/libarchive-3.4.3/tar/subst.c:181:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_str, *str, old_len);
data/libarchive-3.4.3/tar/subst.c:182:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_str + old_len, append, len);
data/libarchive-3.4.3/tar/subst.c:203:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_str, *str, old_len);
data/libarchive-3.4.3/tar/test/test_basic.c:34:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("file", "wb");
data/libarchive-3.4.3/tar/test/test_copy.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_PATH];
data/libarchive-3.4.3/tar/test/test_copy.c:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wbuf[PATH_MAX];
data/libarchive-3.4.3/tar/test/test_copy.c:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pbuf[PATH_MAX];
data/libarchive-3.4.3/tar/test/test_copy.c:104:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *filenames[201];
data/libarchive-3.4.3/tar/test/test_copy.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[250];
data/libarchive-3.4.3/tar/test/test_copy.c:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[260];
data/libarchive-3.4.3/tar/test/test_copy.c:138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff2[260];
data/libarchive-3.4.3/tar/test/test_copy.c:196:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name1[260];
data/libarchive-3.4.3/tar/test/test_copy.c:197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name2[260];
data/libarchive-3.4.3/tar/test/test_copy.c:247:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[2];
data/libarchive-3.4.3/tar/test/test_option_T_upper.c:31:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(fn, "w");
data/libarchive-3.4.3/tar/test/test_option_T_upper.c:58:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("filelist", "w+");
data/libarchive-3.4.3/tar/test/test_option_T_upper.c:69:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("filelist2", "w+");
data/libarchive-3.4.3/tar/test/test_option_fflags.c:41:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pathname, O_RDONLY | O_NONBLOCK);
data/libarchive-3.4.3/tar/test/test_patterns.c:53:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen("foo", "w");
data/libarchive-3.4.3/tar/test/test_print_longpath.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[2048];
data/libarchive-3.4.3/tar/test/test_stdio.c:46:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
filelist = fopen("filelist", "w");
data/libarchive-3.4.3/tar/test/test_windows.c:36:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(name, "wb");
data/libarchive-3.4.3/tar/test/test_windows.c:83:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p1, "\\\\.\\", 4);
data/libarchive-3.4.3/tar/test/test_windows.c:85:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p1, "//./", 4);
data/libarchive-3.4.3/tar/test/test_windows.c:88:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p1 + 4, fp1, l);
data/libarchive-3.4.3/tar/util.c:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmtbuff_stack[256]; /* Place to format the printf() string. */
data/libarchive-3.4.3/tar/util.c:97:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuff[256]; /* Buffer for outgoing characters. */
data/libarchive-3.4.3/tar/util.c:224:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff + i, "%03o", 0xFF & (int)c);
data/libarchive-3.4.3/tar/util.c:235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[32];
data/libarchive-3.4.3/tar/util.c:572:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buff[24];
data/libarchive-3.4.3/tar/util.c:663:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100];
data/libarchive-3.4.3/tar/util.c:698:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%lu ",
data/libarchive-3.4.3/tar/util.c:713:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%lu",
data/libarchive-3.4.3/tar/util.c:726:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tmp, "%lu,%lu",
data/libarchive-3.4.3/tar/write.c:131:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open _open
data/libarchive-3.4.3/tar/write.c:157:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, IGNORE_WRONG_MODULE_NAME, module_len);
data/libarchive-3.4.3/tar/write.c:158:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, writer_options, opt_len);
data/libarchive-3.4.3/tar/write.c:190:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, IGNORE_WRONG_MODULE_NAME, module_len);
data/libarchive-3.4.3/tar/write.c:191:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, reader_options, opt_len);
data/libarchive-3.4.3/tar/write.c:269:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bsdtar->fd = open(bsdtar->filename, O_RDWR | O_CREAT | O_BINARY);
data/libarchive-3.4.3/tar/write.c:271:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bsdtar->fd = open(bsdtar->filename, O_RDWR | O_CREAT | O_BINARY, 0666);
data/libarchive-3.4.3/tar/write.c:363:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bsdtar->fd = open(bsdtar->filename, O_RDWR | O_BINARY);
data/libarchive-3.4.3/test_utils/test_main.c:419:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msgbuff[4096];
data/libarchive-3.4.3/test_utils/test_main.c:550:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/libarchive-3.4.3/test_utils/test_main.c:621:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char utf8_count[256] = {
data/libarchive-3.4.3/test_utils/test_main.c:955:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/libarchive-3.4.3/test_utils/test_main.c:973:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(f1, "rb");
data/libarchive-3.4.3/test_utils/test_main.c:1013:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff1[1024];
data/libarchive-3.4.3/test_utils/test_main.c:1014:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff2[1024];
data/libarchive-3.4.3/test_utils/test_main.c:1020:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f1 = fopen(fn1, "rb");
data/libarchive-3.4.3/test_utils/test_main.c:1021:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f2 = fopen(fn2, "rb");
data/libarchive-3.4.3/test_utils/test_main.c:1095:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fn, "rb");
data/libarchive-3.4.3/test_utils/test_main.c:1132:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fn, "r");
data/libarchive-3.4.3/test_utils/test_main.c:1826:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(linknamew, &((BYTE *)buf->SymbolicLinkReparseBuffer.PathBuffer)
data/libarchive-3.4.3/test_utils/test_main.c:1848:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[300];
data/libarchive-3.4.3/test_utils/test_main.c:1928:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(path, "wb");
data/libarchive-3.4.3/test_utils/test_main.c:1954:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_CREAT | O_WRONLY, mode >= 0 ? mode : 0644);
data/libarchive-3.4.3/test_utils/test_main.c:2190:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(patha, O_RDONLY | O_NONBLOCK);
data/libarchive-3.4.3/test_utils/test_main.c:2209:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pathb, O_RDONLY | O_NONBLOCK);
data/libarchive-3.4.3/test_utils/test_main.c:2270:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(pathname, O_RDONLY | O_NONBLOCK);
data/libarchive-3.4.3/test_utils/test_main.c:2661:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY | O_NONBLOCK);
data/libarchive-3.4.3/test_utils/test_main.c:2688:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(path, O_RDONLY | O_NONBLOCK);
data/libarchive-3.4.3/test_utils/test_main.c:3050:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[8192];
data/libarchive-3.4.3/test_utils/test_main.c:3071:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[8192];
data/libarchive-3.4.3/test_utils/test_main.c:3083:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/libarchive-3.4.3/test_utils/test_main.c:3126:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "wb");
data/libarchive-3.4.3/test_utils/test_main.c:3144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/libarchive-3.4.3/test_utils/test_main.c:3148:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(buff, "r");
data/libarchive-3.4.3/test_utils/test_main.c:3163:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name, "wb");
data/libarchive-3.4.3/test_utils/test_main.c:3204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[1024];
data/libarchive-3.4.3/test_utils/test_main.c:3209:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(buff, "rb");
data/libarchive-3.4.3/test_utils/test_main.c:3216:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name, "wb");
data/libarchive-3.4.3/test_utils/test_main.c:3502:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workdir[PATH_MAX * 2];
data/libarchive-3.4.3/test_utils/test_main.c:3504:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workdir[1024 * 2];
data/libarchive-3.4.3/test_utils/test_main.c:3506:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char logfilename[64];
data/libarchive-3.4.3/test_utils/test_main.c:3530:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfile = fopen(logfilename, "w");
data/libarchive-3.4.3/test_utils/test_main.c:3755:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpdir[PATH_MAX];
data/libarchive-3.4.3/test_utils/test_main.c:3757:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpdir[256];
data/libarchive-3.4.3/test_utils/test_main.c:3760:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpdir_timestamp[32];
data/libarchive-3.4.3/test_utils/test_main.c:3821:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(testprogdir, pwd, strlen(pwd));
data/libarchive-3.4.3/test_utils/test_main.c:3849:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
verbosity = atoi(vlevel);
data/libarchive-3.4.3/cat/cmdline.c:222:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optlength = strlen(bsdcat->getopt_word);
data/libarchive-3.4.3/cat/cmdline.c:235:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(popt->name) == optlength) {
data/libarchive-3.4.3/cat/test/test_help.c:35:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(substring);
data/libarchive-3.4.3/contrib/shar/shar.c:99:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(fd, buffer, sizeof(buffer));
data/libarchive-3.4.3/contrib/shar/shar.c:108:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(fd, buffer, sizeof(buffer));
data/libarchive-3.4.3/contrib/shar/tree.c:131:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define D_NAMELEN(dp) (strlen((dp)->d_name))
data/libarchive-3.4.3/contrib/shar/tree.c:200:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, name, name_length);
data/libarchive-3.4.3/contrib/shar/tree.c:215:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tree_append(t, path, strlen(path));
data/libarchive-3.4.3/contrib/shar/tree.c:311:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tree_append(t, t->stack->name, strlen(t->stack->name));
data/libarchive-3.4.3/contrib/untar.c:77:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pathname[strlen(pathname) - 1] == '/')
data/libarchive-3.4.3/contrib/untar.c:78:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathname[strlen(pathname) - 1] = '\0';
data/libarchive-3.4.3/cpio/cmdline.c:217:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optlength = strlen(opt_word);
data/libarchive-3.4.3/cpio/cmdline.c:230:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(popt->name) == optlength) {
data/libarchive-3.4.3/cpio/cpio.c:740:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = cpio->destdir_len + strlen(srcpath) + 8;
data/libarchive-3.4.3/cpio/cpio.c:869:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(fd, cpio->buff, (unsigned)cpio->buff_size);
data/libarchive-3.4.3/cpio/cpio.c:882:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(fd, cpio->buff,
data/libarchive-3.4.3/cpio/cpio.c:1233:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cpio->destdir_len = strlen(destdir);
data/libarchive-3.4.3/cpio/cpio_windows.c:67:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (DWORD)strlen(name);
data/libarchive-3.4.3/cpio/cpio_windows.c:137:2: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
wcsncpy(wsp, L"\\\\?\\", 4);
data/libarchive-3.4.3/cpio/cpio_windows.c:142:3: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
wcsncpy(wsp, L"UNC\\", 4);
data/libarchive-3.4.3/cpio/cpio_windows.c:146:2: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(wsp, wnp, slen);
data/libarchive-3.4.3/cpio/cpio_windows.h:45:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read _read
data/libarchive-3.4.3/cpio/test/test_basic.c:148:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(result,
data/libarchive-3.4.3/cpio/test/test_basic.c:150:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_basic.c:151:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(result,
data/libarchive-3.4.3/cpio/test/test_basic.c:153:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_basic.c:154:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(result,
data/libarchive-3.4.3/cpio/test/test_basic.c:156:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_basic.c:163:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(result,
data/libarchive-3.4.3/cpio/test/test_basic.c:165:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_basic.c:166:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(result,
data/libarchive-3.4.3/cpio/test/test_basic.c:168:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_basic.c:169:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(result,
data/libarchive-3.4.3/cpio/test/test_basic.c:171:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_basic.c:179:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(result,
data/libarchive-3.4.3/cpio/test/test_basic.c:181:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_basic.c:182:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(result,
data/libarchive-3.4.3/cpio/test/test_basic.c:184:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_basic.c:185:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(result,
data/libarchive-3.4.3/cpio/test/test_basic.c:187:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_basic.c:195:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(result,
data/libarchive-3.4.3/cpio/test/test_basic.c:197:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_basic.c:198:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(result,
data/libarchive-3.4.3/cpio/test/test_basic.c:200:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_basic.c:201:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(result,
data/libarchive-3.4.3/cpio/test/test_basic.c:203:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_basic.c:210:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(result,
data/libarchive-3.4.3/cpio/test/test_basic.c:212:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_basic.c:213:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(result,
data/libarchive-3.4.3/cpio/test/test_basic.c:215:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_basic.c:216:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(result,
data/libarchive-3.4.3/cpio/test/test_basic.c:218:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_basic.c:220:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(result, "2 blocks\n", sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_basic.c:220:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(result, "2 blocks\n", sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_format_newc.c:129:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(result,
data/libarchive-3.4.3/cpio/test/test_format_newc.c:131:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_format_newc.c:132:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(result, strerror(ERANGE),
data/libarchive-3.4.3/cpio/test/test_format_newc.c:133:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_format_newc.c:134:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(result, "\n",
data/libarchive-3.4.3/cpio/test/test_format_newc.c:135:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_format_newc.c:138:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(result,
data/libarchive-3.4.3/cpio/test/test_format_newc.c:140:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_format_newc.c:141:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(result, strerror(ERANGE),
data/libarchive-3.4.3/cpio/test/test_format_newc.c:142:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_format_newc.c:143:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(result, "\n",
data/libarchive-3.4.3/cpio/test/test_format_newc.c:144:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_format_newc.c:147:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(result,
data/libarchive-3.4.3/cpio/test/test_format_newc.c:149:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_format_newc.c:150:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(result, strerror(ERANGE),
data/libarchive-3.4.3/cpio/test/test_format_newc.c:151:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_format_newc.c:152:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(result, "\n",
data/libarchive-3.4.3/cpio/test/test_format_newc.c:153:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_format_newc.c:156:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(result,
data/libarchive-3.4.3/cpio/test/test_format_newc.c:158:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_format_newc.c:159:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(result, strerror(ERANGE),
data/libarchive-3.4.3/cpio/test/test_format_newc.c:160:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_format_newc.c:161:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(result, "\n",
data/libarchive-3.4.3/cpio/test/test_format_newc.c:162:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_format_newc.c:177:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(result, "2 blocks\n", sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_format_newc.c:177:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(result, "2 blocks\n", sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_format_newc.c:179:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(result, "1 block\n", sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_format_newc.c:179:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(result, "1 block\n", sizeof(result) - strlen(result) -1);
data/libarchive-3.4.3/cpio/test/test_option_help.c:36:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(substring);
data/libarchive-3.4.3/cpio/test/test_option_t.c:97:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualMem(p + 42, date, strlen(date));
data/libarchive-3.4.3/examples/minitar/minitar.c:158:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p);
data/libarchive-3.4.3/examples/minitar/minitar.c:310:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buff, sizeof(buff));
data/libarchive-3.4.3/examples/minitar/minitar.c:313:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(fd, buff, sizeof(buff));
data/libarchive-3.4.3/examples/minitar/minitar.c:434:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(1, m, strlen(m));
data/libarchive-3.4.3/examples/minitar/minitar.c:443:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(2, m, strlen(m));
data/libarchive-3.4.3/examples/untar.c:100:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p);
data/libarchive-3.4.3/examples/untar.c:237:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(1, m, strlen(m));
data/libarchive-3.4.3/examples/untar.c:243:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
write(2, m, strlen(m));
data/libarchive-3.4.3/libarchive/archive_acl.c:592:16: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += wcslen(wname);
data/libarchive-3.4.3/libarchive/archive_acl.c:757:8: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = wcslen(ws);
data/libarchive-3.4.3/libarchive/archive_acl.c:786:10: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*wp += wcslen(*wp);
data/libarchive-3.4.3/libarchive/archive_acl.c:827:9: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*wp += wcslen(*wp);
data/libarchive-3.4.3/libarchive/archive_acl.c:834:11: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*wp += wcslen(*wp);
data/libarchive-3.4.3/libarchive/archive_acl.c:884:10: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*wp += wcslen(*wp);
data/libarchive-3.4.3/libarchive/archive_acl.c:992:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/libarchive-3.4.3/libarchive/archive_acl.c:1021:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*p += strlen(*p);
data/libarchive-3.4.3/libarchive/archive_acl.c:1062:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*p += strlen(*p);
data/libarchive-3.4.3/libarchive/archive_acl.c:1069:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*p += strlen(*p);
data/libarchive-3.4.3/libarchive/archive_acl.c:1117:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*p += strlen(*p);
data/libarchive-3.4.3/libarchive/archive_check_magic.c:53:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t s = strlen(m);
data/libarchive-3.4.3/libarchive/archive_check_magic.c:115:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buff, "/");
data/libarchive-3.4.3/libarchive/archive_cmdline.c:170:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newptr = realloc(data->path, strlen(path) + 1);
data/libarchive-3.4.3/libarchive/archive_entry.c:135:15: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
static size_t wcslen(const wchar_t *s)
data/libarchive-3.4.3/libarchive/archive_entry.c:1458:36: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
type, permset, tag, id, name, wcslen(name));
data/libarchive-3.4.3/libarchive/archive_entry.c:1881:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen(flag->name) + 1;
data/libarchive-3.4.3/libarchive/archive_entry.c:1945:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t flag_length = strlen(flag->name);
data/libarchive-3.4.3/libarchive/archive_entry.c:2013:25: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t flag_length = wcslen(flag->wname);
data/libarchive-3.4.3/libarchive/archive_getdate.c:926:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
abbrev = strlen(tp->name);
data/libarchive-3.4.3/libarchive/archive_getdate.c:927:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buff) >= abbrev
data/libarchive-3.4.3/libarchive/archive_getdate.c:928:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strncmp(tp->name, buff, strlen(buff))
data/libarchive-3.4.3/libarchive/archive_match.c:562:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pattern);
data/libarchive-3.4.3/libarchive/archive_match.c:582:8: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = wcslen(pattern);
data/libarchive-3.4.3/libarchive/archive_match.c:1131:51: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (archive_string_append_from_wcs(&as, datestr, wcslen(datestr)) < 0) {
data/libarchive-3.4.3/libarchive/archive_match.c:1285:48: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (archive_string_append_from_wcs(&as, path, wcslen(path)) < 0) {
data/libarchive-3.4.3/libarchive/archive_options.c:187:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (0 == strlen(opt)) {
data/libarchive-3.4.3/libarchive/archive_random.c:209:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, &rdat, KEYSIZE) == KEYSIZE)
data/libarchive-3.4.3/libarchive/archive_read.c:1128:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(p->passphrase, 0, strlen(p->passphrase));
data/libarchive-3.4.3/libarchive/archive_read.c:1385:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = (filter->read)(filter,
data/libarchive-3.4.3/libarchive/archive_read.c:1579:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = (filter->read)(filter, &filter->client_buff);
data/libarchive-3.4.3/libarchive/archive_read_disk_entry_from_file.c:395:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (copyfile_stat.st_size != read(tempfd, buff, copyfile_stat.st_size)) {
data/libarchive-3.4.3/libarchive/archive_read_disk_entry_from_file.c:618:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (p = list; (p - list) < list_size; p += strlen(p) + 1) {
data/libarchive-3.4.3/libarchive/archive_read_disk_entry_from_file.c:764:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = buff + strlen(buff);
data/libarchive-3.4.3/libarchive/archive_read_disk_posix.c:272:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define D_NAMELEN(dp) (strlen((dp)->d_name))
data/libarchive-3.4.3/libarchive/archive_read_disk_posix.c:801:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = read(t->entry_fd, t->entry_buff, buffbytes);
data/libarchive-3.4.3/libarchive/archive_read_disk_posix.c:1350:6: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcslen(pathname)) != 0) {
data/libarchive-3.4.3/libarchive/archive_read_disk_windows.c:1338:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pathname)) != 0) {
data/libarchive-3.4.3/libarchive/archive_read_disk_windows.c:1493:21: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cp != NULL && wcslen(cp) >= 2) {
data/libarchive-3.4.3/libarchive/archive_read_disk_windows.c:1730:26: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->full_path.length = wcslen(t->full_path.s);
data/libarchive-3.4.3/libarchive/archive_read_disk_windows.c:1914:16: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ 2 + wcslen(pattern));
data/libarchive-3.4.3/libarchive/archive_read_disk_windows.c:1937:13: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = wcslen(name);
data/libarchive-3.4.3/libarchive/archive_read_disk_windows.c:2013:20: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p != NULL && wcslen(p) == 4) {
data/libarchive-3.4.3/libarchive/archive_read_open_fd.c:120:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(mine->fd, mine->buffer, mine->block_size);
data/libarchive-3.4.3/libarchive/archive_read_open_filename.c:127:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(*mine) + strlen(filename));
data/libarchive-3.4.3/libarchive/archive_read_open_filename.c:163:19: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(*mine) + wcslen(wfilename) * sizeof(wchar_t));
data/libarchive-3.4.3/libarchive/archive_read_open_filename.c:188:7: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcslen(wfilename)) != 0) {
data/libarchive-3.4.3/libarchive/archive_read_open_filename.c:408:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(mine->fd, mine->buffer, mine->block_size);
data/libarchive-3.4.3/libarchive/archive_read_open_filename.c:558:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytesRead = read(mine->fd, mine->buffer,
data/libarchive-3.4.3/libarchive/archive_read_private.h:92:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t (*read)(struct archive_read_filter *, const void **);
data/libarchive-3.4.3/libarchive/archive_read_support_filter_program.c:341:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(state->child_stdout, buf, requested);
data/libarchive-3.4.3/libarchive/archive_read_support_filter_program.c:406:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(prefix) + strlen(cmd) + 1;
data/libarchive-3.4.3/libarchive/archive_read_support_filter_program.c:406:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(prefix) + strlen(cmd) + 1;
data/libarchive-3.4.3/libarchive/archive_read_support_format_ar.c:185:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(filename, h + AR_name_offset, AR_name_size);
data/libarchive-3.4.3/libarchive/archive_read_support_format_ar.c:378:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, b, bsd_name_length);
data/libarchive-3.4.3/libarchive/archive_read_support_format_lha.c:1703:12: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
symlen = wcslen(linkptr + 1);
data/libarchive-3.4.3/libarchive/archive_read_support_format_lha.c:1707:22: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathname->length = wcslen(pathname->s);
data/libarchive-3.4.3/libarchive/archive_read_support_format_mtree.c:655:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = __archive_read_ahead(a, strlen(signature), NULL);
data/libarchive-3.4.3/libarchive/archive_read_support_format_mtree.c:659:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (memcmp(p, signature, strlen(signature)) == 0)
data/libarchive-3.4.3/libarchive/archive_read_support_format_mtree.c:660:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (8 * (int)strlen(signature));
data/libarchive-3.4.3/libarchive/archive_read_support_format_mtree.c:986:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(iter->value));
data/libarchive-3.4.3/libarchive/archive_read_support_format_mtree.c:1779:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(mtree->fd, mtree->buff, bytes_to_read);
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:1429:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (filename_size != strlen(filename))
data/libarchive-3.4.3/libarchive/archive_read_support_format_rar.c:1437:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = (unsigned)strlen(filename) + 1;
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:573:8: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = wcslen(wp);
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:578:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(p);
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:1760:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) < 18 || (memcmp(name, "LIBARCHIVE.xattr.", 17)) != 0)
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:1771:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value_decoded = base64_decode(value, strlen(value), &value_len);
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:1789:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) < 14 || (memcmp(name, "SCHILY.xattr.", 13)) != 0)
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:1897:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tar->sparse_offset = tar_atol10(value, strlen(value));
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:1908:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tar->sparse_numbytes = tar_atol10(value, strlen(value));
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:1919:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tar->realsize = tar_atol10(value, strlen(value));
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:1934:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tar->sparse_gnu_major = (int)tar_atol10(value, strlen(value));
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:1938:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tar->sparse_gnu_minor = (int)tar_atol10(value, strlen(value));
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:1951:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tar->realsize = tar_atol10(value, strlen(value));
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:2006:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(dev_t)tar_atol10(value, strlen(value)));
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:2009:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(dev_t)tar_atol10(value, strlen(value)));
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:2014:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(dev_t)tar_atol10(value, strlen(value)));
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:2017:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tar_atol10(value, strlen(value)));
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:2020:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tar_atol10(value, strlen(value)));
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:2022:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tar->realsize = tar_atol10(value, strlen(value));
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:2060:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tar_atol10(value, strlen(value)));
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:2100:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
= tar_atol10(value, strlen(value));
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:2118:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tar_atol10(value, strlen(value)));
data/libarchive-3.4.3/libarchive/archive_read_support_format_tar.c:2888:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out = (char *)malloc(strlen(in) + 1);
data/libarchive-3.4.3/libarchive/archive_read_support_format_xar.c:1804:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file->id = atol10(attr->value, strlen(attr->value));
data/libarchive-3.4.3/libarchive/archive_read_support_format_xar.c:1848:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xattr->id = atol10(attr->value, strlen(attr->value));
data/libarchive-3.4.3/libarchive/archive_read_support_format_xar.c:2060:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(attr->value));
data/libarchive-3.4.3/libarchive/archive_read_support_format_xar.c:2662:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(known) != len)
data/libarchive-3.4.3/libarchive/archive_read_support_format_xar.c:2681:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buff, s, len);
data/libarchive-3.4.3/libarchive/archive_read_support_format_xar.c:3194:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xml_data(a, value, strlen(value));
data/libarchive-3.4.3/libarchive/archive_read_support_format_zip.c:799:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zip->crc32func(0, cp, strlen(cp));
data/libarchive-3.4.3/libarchive/archive_read_support_format_zip.c:1062:10: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = wcslen(wp);
data/libarchive-3.4.3/libarchive/archive_read_support_format_zip.c:1066:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (cp != NULL)?strlen(cp):0;
data/libarchive-3.4.3/libarchive/archive_read_support_format_zip.c:1083:10: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = wcslen(wp);
data/libarchive-3.4.3/libarchive/archive_read_support_format_zip.c:1094:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (cp != NULL)?strlen(cp):0;
data/libarchive-3.4.3/libarchive/archive_read_support_format_zip.c:2625:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = trad_enc_init(&zip->tctx, passphrase, strlen(passphrase),
data/libarchive-3.4.3/libarchive/archive_read_support_format_zip.c:2686:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
r = archive_pbkdf2_sha1(passphrase, strlen(passphrase),
data/libarchive-3.4.3/libarchive/archive_string.c:1095:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| strlen(charset) > 15)
data/libarchive-3.4.3/libarchive/archive_string.c:1453:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (charset == NULL || strlen(charset) > 15)
data/libarchive-3.4.3/libarchive/archive_string.c:4037:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (archive_mstring_copy_mbs_len(aes, mbs, strlen(mbs)));
data/libarchive-3.4.3/libarchive/archive_string.c:4059:23: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcs == NULL ? 0 : wcslen(wcs));
data/libarchive-3.4.3/libarchive/archive_string.c:4072:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archive_strncpy(&(aes->aes_utf8), utf8, strlen(utf8));
data/libarchive-3.4.3/libarchive/archive_string.c:4073:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return (int)strlen(utf8);
data/libarchive-3.4.3/libarchive/archive_string.h:168:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archive_strncpy((as), (p), ((p) == NULL ? 0 : strlen(p)))
data/libarchive-3.4.3/libarchive/archive_string.h:170:49: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archive_wstrncpy((as), (p), ((p) == NULL ? 0 : wcslen(p)))
data/libarchive-3.4.3/libarchive/archive_string.h:172:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archive_strncpy_l((as), (p), ((p) == NULL ? 0 : strlen(p)), (lo))
data/libarchive-3.4.3/libarchive/archive_string_sprintf.c:152:9: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcslen(pw)) != 0 && errno == ENOMEM)
data/libarchive-3.4.3/libarchive/archive_string_sprintf.c:168:8: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcslen(pw)) != 0 && errno == ENOMEM)
data/libarchive-3.4.3/libarchive/archive_util.c:199:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = write(2, msg1, strlen(msg1));
data/libarchive-3.4.3/libarchive/archive_util.c:201:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = write(2, msg, strlen(msg));
data/libarchive-3.4.3/libarchive/archive_util.c:270:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tmpdir)) < 0)
data/libarchive-3.4.3/libarchive/archive_util.c:305:13: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xp = ep - wcslen(suffix);
data/libarchive-3.4.3/libarchive/archive_version_details.c:83:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sep = p + strlen(p);
data/libarchive-3.4.3/libarchive/archive_windows.c:129:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ll = strlen(name);
data/libarchive-3.4.3/libarchive/archive_windows.c:211:2: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
wcsncpy(wsp, L"\\\\?\\", 4);
data/libarchive-3.4.3/libarchive/archive_windows.c:216:3: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
wcsncpy(wsp, L"UNC\\", 4);
data/libarchive-3.4.3/libarchive/archive_windows.c:220:2: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(wsp, wnp, slen);
data/libarchive-3.4.3/libarchive/archive_windows.c:617:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p != NULL && strlen(p) == 4) {
data/libarchive-3.4.3/libarchive/archive_windows.c:695:16: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_length = wcslen(wp);
data/libarchive-3.4.3/libarchive/archive_windows.h:111:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read __la_read
data/libarchive-3.4.3/libarchive/archive_windows.h:122:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
#define umask _umask
data/libarchive-3.4.3/libarchive/archive_write.c:499:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(a->passphrase, 0, strlen(a->passphrase));
data/libarchive-3.4.3/libarchive/archive_write.c:656:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(a->passphrase, 0, strlen(a->passphrase));
data/libarchive-3.4.3/libarchive/archive_write_add_filter_b64encode.c:126:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
state->mode = (int)atol8(value, strlen(value)) & 0777;
data/libarchive-3.4.3/libarchive/archive_write_add_filter_program.c:115:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(prefix) + strlen(cmd) + 1) == NULL)
data/libarchive-3.4.3/libarchive/archive_write_add_filter_program.c:115:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(prefix) + strlen(cmd) + 1) == NULL)
data/libarchive-3.4.3/libarchive/archive_write_add_filter_program.c:270:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(data->child_stdout,
data/libarchive-3.4.3/libarchive/archive_write_add_filter_program.c:346:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read(data->child_stdout,
data/libarchive-3.4.3/libarchive/archive_write_add_filter_uuencode.c:115:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
state->mode = (int)atol8(value, strlen(value)) & 0777;
data/libarchive-3.4.3/libarchive/archive_write_add_filter_zstd.c:150:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(value);
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:611:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(a->user_umask = umask(0));
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:611:24: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(a->user_umask = umask(0));
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:1962:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(a->user_umask = umask(0));
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:1962:24: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(a->user_umask = umask(0));
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:1993:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tail) < PATH_MAX)
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:2003:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(tail) >= PATH_MAX) {
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:4039:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xattr_i += strlen(xattr_names + xattr_i) + 1) {
data/libarchive-3.4.3/libarchive/archive_write_disk_posix.c:4280:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(fd, buff, 8) == -1) {
data/libarchive-3.4.3/libarchive/archive_write_disk_windows.c:332:20: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p != NULL && wcslen(p) == 4) {
data/libarchive-3.4.3/libarchive/archive_write_disk_windows.c:397:48: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archive_wstring_ensure(&(a->_name_data), 4 + wcslen(wn) + 1);
data/libarchive-3.4.3/libarchive/archive_write_disk_windows.c:428:10: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
8 + wcslen(wn) + 1);
data/libarchive-3.4.3/libarchive/archive_write_disk_windows.c:463:12: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
4 + 2 + wcslen(wn) + 1);
data/libarchive-3.4.3/libarchive/archive_write_disk_windows.c:477:55: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archive_wstring_ensure(&(a->_name_data), 4 + l + 1 + wcslen(wn) + 1);
data/libarchive-3.4.3/libarchive/archive_write_disk_windows.c:644:8: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = wcslen(target);
data/libarchive-3.4.3/libarchive/archive_write_disk_windows.c:875:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(a->user_umask = umask(0));
data/libarchive-3.4.3/libarchive/archive_write_disk_windows.c:875:24: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(a->user_umask = umask(0));
data/libarchive-3.4.3/libarchive/archive_write_disk_windows.c:1379:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(a->user_umask = umask(0));
data/libarchive-3.4.3/libarchive/archive_write_disk_windows.c:1379:24: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(a->user_umask = umask(0));
data/libarchive-3.4.3/libarchive/archive_write_set_format_7zip.c:688:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rs = read(zip->temp_fd, wb, rsize);
data/libarchive-3.4.3/libarchive/archive_write_set_format_7zip.c:1538:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
file->size = strlen(archive_entry_symlink(entry));
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:233:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) <= 15) {
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:235:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename, strlen(filename));
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:236:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buff[AR_name_offset + strlen(filename)] = '/';
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:250:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
se = (char *)malloc(strlen(filename) + 3);
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:257:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(se, filename, strlen(filename));
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:258:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(se + strlen(filename), "/\n");
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:293:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) <= 16 && strchr(filename, ' ') == NULL) {
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:294:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(&buff[AR_name_offset], filename, strlen(filename));
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:295:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buff[AR_name_offset + strlen(filename)] = ' ';
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:299:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (format_decimal(strlen(filename),
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:307:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(filename);
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:357:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = __archive_write_output(a, filename, strlen(filename));
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:360:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ar->entry_bytes_remaining -= strlen(filename);
data/libarchive-3.4.3/libarchive/archive_write_set_format_ar.c:556:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
endp = path + strlen(path) - 1;
data/libarchive-3.4.3/libarchive/archive_write_set_format_cpio.c:377:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = format_octal(strlen(p), h + c_filesize_offset,
data/libarchive-3.4.3/libarchive/archive_write_set_format_cpio.c:405:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = __archive_write_output(a, p, strlen(p));
data/libarchive-3.4.3/libarchive/archive_write_set_format_cpio_newc.c:319:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = format_hex(strlen(p), h + c_filesize_offset,
data/libarchive-3.4.3/libarchive/archive_write_set_format_cpio_newc.c:357:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = __archive_write_output(a, p, strlen(p));
data/libarchive-3.4.3/libarchive/archive_write_set_format_cpio_newc.c:362:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pad = PAD4(strlen(p));
data/libarchive-3.4.3/libarchive/archive_write_set_format_filter_by_ext.c:76:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length_str = strlen(str);
data/libarchive-3.4.3/libarchive/archive_write_set_format_filter_by_ext.c:77:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length_suffix = strlen(suffix);
data/libarchive-3.4.3/libarchive/archive_write_set_format_gnutar.c:315:24: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wp != NULL && wp[wcslen(wp) -1] != L'/') {
data/libarchive-3.4.3/libarchive/archive_write_set_format_gnutar.c:319:18: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_length = wcslen(wp);
data/libarchive-3.4.3/libarchive/archive_write_set_format_gnutar.c:343:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') {
data/libarchive-3.4.3/libarchive/archive_write_set_format_gnutar.c:347:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_length = strlen(p);
data/libarchive-3.4.3/libarchive/archive_write_set_format_gnutar.c:360:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p[strlen(p) -1] == '\\')
data/libarchive-3.4.3/libarchive/archive_write_set_format_gnutar.c:593:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copy_length = strlen(p);
data/libarchive-3.4.3/libarchive/archive_write_set_format_gnutar.c:612:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copy_length = strlen(p);
data/libarchive-3.4.3/libarchive/archive_write_set_format_gnutar.c:626:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copy_length = strlen(p);
data/libarchive-3.4.3/libarchive/archive_write_set_format_gnutar.c:632:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) > GNUTAR_gname_size)
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:1194:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(value) > maxsize) {
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:1400:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p == NULL || strlen(p) < 14)
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:2175:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(system_id, u.sysname, size-1);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:2178:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(system_id, "Windows", size-1);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:2247:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (archive_strncpy_l(&iso9660->utf16be, s, strlen(s),
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:4084:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, ctime(&(iso9660->birth_time)), sizeof(buf)-1);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:4496:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rs = read(iso9660->temp_fd, wb, rsize);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:4902:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p+1, strlen(p+1) + 1);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:4905:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p+2, strlen(p+2) + 1);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:4929:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:5532:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((l = strlen(fn)) == 0)
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:6101:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(dot) > 4) {
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:6124:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int extlen = (int)strlen(dot);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:6165:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
np->ext_len = (int)strlen(&p[ext_off]);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:7265:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy((char *)p+4, iso9660->el_torito.id.s, 23);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:7338:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rs = read(iso9660->temp_fd, buff, rsize);
data/libarchive-3.4.3/libarchive/archive_write_set_format_iso9660.c:8071:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rs = read(iso9660->temp_fd, rbuff, rsize);
data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c:433:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c:435:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (x != NULL && pd + strlen(s) > MAXLINELEN - 3 - INDENTNAMELEN) {
data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c:1813:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p+1, strlen(p+1) + 1);
data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c:1816:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p+2, strlen(p+2) + 1);
data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c:1840:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/libarchive-3.4.3/libarchive/archive_write_set_format_mtree.c:1982:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((l = strlen(fn)) == 0)
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:310:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
add_pax_attr_binary(as, key, value, strlen(value));
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:328:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 1 + (int)strlen(key) + 1 + (int)value_len + 1;
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:659:25: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wp != NULL && wp[wcslen(wp) -1] != L'/') {
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:663:19: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_length = wcslen(wp);
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:688:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') {
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:692:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_length = strlen(p);
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:705:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p[strlen(p) -1] == '\\')
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:746:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_length = strlen(oname);
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:766:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(bname + 2, bname, strlen(bname) + 1);
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:1553:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
insert_length = strlen(insert) + 2;
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:1557:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, src_length);
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:1623:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, prefix, prefix_end - prefix);
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:1627:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, suffix, suffix_end - suffix);
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:1633:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(insert);
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:1636:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p, filename, filename_end - filename);
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:1681:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = src + strlen(src);
data/libarchive-3.4.3/libarchive/archive_write_set_format_pax.c:1749:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = src + strlen(src);
data/libarchive-3.4.3/libarchive/archive_write_set_format_shar.c:231:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(p) < strlen(shar->last_dir) &&
data/libarchive-3.4.3/libarchive/archive_write_set_format_shar.c:231:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(p) < strlen(shar->last_dir) &&
data/libarchive-3.4.3/libarchive/archive_write_set_format_shar.c:232:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncmp(p, shar->last_dir, strlen(p)) == 0) {
data/libarchive-3.4.3/libarchive/archive_write_set_format_ustar.c:282:24: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wp != NULL && wp[wcslen(wp) -1] != L'/') {
data/libarchive-3.4.3/libarchive/archive_write_set_format_ustar.c:286:18: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_length = wcslen(wp);
data/libarchive-3.4.3/libarchive/archive_write_set_format_ustar.c:310:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') {
data/libarchive-3.4.3/libarchive/archive_write_set_format_ustar.c:314:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_length = strlen(p);
data/libarchive-3.4.3/libarchive/archive_write_set_format_ustar.c:327:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p[strlen(p) -1] == '\\')
data/libarchive-3.4.3/libarchive/archive_write_set_format_ustar.c:540:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) > USTAR_gname_size) {
data/libarchive-3.4.3/libarchive/archive_write_set_format_v7tar.c:260:24: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wp != NULL && wp[wcslen(wp) -1] != L'/') {
data/libarchive-3.4.3/libarchive/archive_write_set_format_v7tar.c:264:18: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_length = wcslen(wp);
data/libarchive-3.4.3/libarchive/archive_write_set_format_v7tar.c:288:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p != NULL && p[0] != '\0' && p[strlen(p) - 1] != '/') {
data/libarchive-3.4.3/libarchive/archive_write_set_format_v7tar.c:292:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_length = strlen(p);
data/libarchive-3.4.3/libarchive/archive_write_set_format_v7tar.c:305:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p[strlen(p) -1] == '\\')
data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c:925:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(timestr, "Z");
data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c:1109:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = p + strlen(p);
data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c:1730:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen((const char *)bp->content), bp->content);
data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c:1820:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rs = read(xar->temp_fd, wb, rsize);
data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c:2158:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p+1, strlen(p+1) + 1);
data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c:2161:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p, p+2, strlen(p+2) + 1);
data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c:2185:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/libarchive-3.4.3/libarchive/archive_write_set_format_xar.c:2239:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((l = strlen(fn)) == 0)
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:665:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slink_size = strlen(slink);
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:1431:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:1452:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ret = __archive_write_output(archive, path, strlen(path));
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:1455:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
written_bytes += strlen(path);
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:1458:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((type == AE_IFDIR) & (path[strlen(path) - 1] != '/')) {
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:1476:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathlen = strlen(path);
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:1584:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
trad_enc_init(&zip->tctx, passphrase, strlen(passphrase));
data/libarchive-3.4.3/libarchive/archive_write_set_format_zip.c:1628:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archive_pbkdf2_sha1(passphrase, strlen(passphrase),
data/libarchive-3.4.3/libarchive/filter_fork_windows.c:69:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ext == NULL || strlen(ext) > 4)
data/libarchive-3.4.3/libarchive/filter_fork_windows.c:93:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l += (int)strlen(acmd->argv[i]) + 1;
data/libarchive-3.4.3/libarchive/test/test_acl_text.c:241:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s) + 1;
data/libarchive-3.4.3/libarchive/test/test_acl_text.c:262:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualInt(strlen(text), slen);
data/libarchive-3.4.3/libarchive/test/test_acl_text.c:266:18: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualInt(wcslen(wtext), slen);
data/libarchive-3.4.3/libarchive/test/test_archive_api_feature.c:41:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualMem(buff, archive_version_string(), strlen(buff));
data/libarchive-3.4.3/libarchive/test/test_archive_api_feature.c:42:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buff) < strlen(archive_version_string())) {
data/libarchive-3.4.3/libarchive/test/test_archive_api_feature.c:42:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buff) < strlen(archive_version_string())) {
data/libarchive-3.4.3/libarchive/test/test_archive_api_feature.c:43:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = archive_version_string() + strlen(buff);
data/libarchive-3.4.3/libarchive/test/test_archive_read_multiple_data_objects.c:33:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read _read
data/libarchive-3.4.3/libarchive/test/test_archive_read_multiple_data_objects.c:200:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read(mydata->fd, mydata->buffer, BLOCK_SIZE);
data/libarchive-3.4.3/libarchive/test/test_archive_read_multiple_data_objects.c:290:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(char *)calloc(1, strlen(filename) + 1)) != NULL);
data/libarchive-3.4.3/libarchive/test/test_archive_string.c:33:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define assertStringSizes(strlen, buflen, as) \
data/libarchive-3.4.3/libarchive/test/test_archive_string.c:34:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualInt(strlen, (as).length); \
data/libarchive-3.4.3/libarchive/test/test_archive_string.c:37:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define assertExactString(strlen, buflen, data, as) \
data/libarchive-3.4.3/libarchive/test/test_archive_string.c:39:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertStringSizes(strlen, buflen, as); \
data/libarchive-3.4.3/libarchive/test/test_archive_string.c:43:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define assertNonNULLString(strlen, buflen, as) \
data/libarchive-3.4.3/libarchive/test/test_archive_string.c:45:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertStringSizes(strlen, buflen, as); \
data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c:331:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nfc, buff, sizeof(nfc)-1);
data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c:339:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nfd, e, sizeof(nfd)-1);
data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c:543:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nfc, buff, sizeof(nfc)-1);
data/libarchive-3.4.3/libarchive/test/test_archive_string_conversion.c:551:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nfd, e, sizeof(nfd)-1);
data/libarchive-3.4.3/libarchive/test/test_entry.c:879:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < (int)strlen(name); ++i)
data/libarchive-3.4.3/libarchive/test/test_read_disk_directory_traversals.c:437:39: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fullpath = malloc(sizeof(wchar_t) * (wcslen(wcwd) + 32));
data/libarchive-3.4.3/libarchive/test/test_read_disk_directory_traversals.c:469:39: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fullpath = malloc(sizeof(wchar_t) * (wcslen(wcwd) + 32));
data/libarchive-3.4.3/libarchive/test/test_read_format_mtree.c:711:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(archive_error_string(a)) > 0);
data/libarchive-3.4.3/libarchive/test/test_read_pax_xattr_rht_security_selinux.c:57:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualInt((int)xsize, strlen(string));
data/libarchive-3.4.3/libarchive/test/test_read_pax_xattr_schily.c:58:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualInt((int)xsize, strlen(string) + 1);
data/libarchive-3.4.3/libarchive/test/test_sparse_basic.c:101:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(root, path, sizeof(root)-1);
data/libarchive-3.4.3/libarchive/test/test_tar_filenames.c:49:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(p);
data/libarchive-3.4.3/libarchive/test/test_tar_filenames.c:90:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dirname, "/");
data/libarchive-3.4.3/libarchive/test/test_ustar_filenames.c:46:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = (int)strlen(prefix);
data/libarchive-3.4.3/libarchive/test/test_ustar_filenames.c:96:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dirname, "/");
data/libarchive-3.4.3/libarchive/test/test_write_disk.c:214:6: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = wcslen(archive_entry_pathname_w(ae));
data/libarchive-3.4.3/libarchive/test/test_write_disk_appledouble.c:49:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(acl) >= sizeof(_acl_temp))
data/libarchive-3.4.3/libarchive/test/test_write_disk_appledouble.c:56:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p + 1, p + 6, strlen(p + 6) + 1);
data/libarchive-3.4.3/libarchive/test/test_write_disk_appledouble.c:59:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p + 2, q, strlen(q) + 1);
data/libarchive-3.4.3/libarchive/test/test_write_disk_appledouble.c:89:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (nlp = nl; nlp < nl + r; nlp += strlen(nlp) + 1) {
data/libarchive-3.4.3/libarchive/test/test_write_disk_hfs_compression.c:59:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (nlp = nl; nlp < nl + r; nlp += strlen(nlp) + 1) {
data/libarchive-3.4.3/libarchive/test/test_write_disk_mac_metadata.c:49:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(acl) >= sizeof(_acl_temp))
data/libarchive-3.4.3/libarchive/test/test_write_disk_mac_metadata.c:56:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p + 1, p + 6, strlen(p + 6) + 1);
data/libarchive-3.4.3/libarchive/test/test_write_disk_mac_metadata.c:59:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(p + 2, q, strlen(q) + 1);
data/libarchive-3.4.3/libarchive/test/test_write_disk_mac_metadata.c:89:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (nlp = nl; nlp < nl + r; nlp += strlen(nlp) + 1) {
data/libarchive-3.4.3/libarchive/test/test_write_disk_no_hfs_compression.c:59:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (nlp = nl; nlp < nl + r; nlp += strlen(nlp) + 1) {
data/libarchive-3.4.3/libarchive/test/test_write_disk_secure744.c:87:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
failure("Attempt to create target%d via %d-character symlink should have failed", n, (int)strlen(buff));
data/libarchive-3.4.3/libarchive/test/test_write_format_ar.c:51:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archive_entry_set_size(ae, strlen(strtab));
data/libarchive-3.4.3/libarchive/test/test_write_format_ar.c:53:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertA(strlen(strtab) == (size_t)archive_write_data(a, strtab, strlen(strtab)));
data/libarchive-3.4.3/libarchive/test/test_write_format_ar.c:53:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertA(strlen(strtab) == (size_t)archive_write_data(a, strtab, strlen(strtab)));
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_filename.c:105:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(symlinkname);
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_filename.c:111:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert((length = strlen(pathname)) <= fns->maxlen);
data/libarchive-3.4.3/libarchive/test/test_write_format_iso9660_filename.c:119:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(p+1) <= fns->maxelen);
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_compression_store.c:176:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualInt(i2(p + 28), strlen(file_name)); /* Pathname length */
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_compression_store.c:183:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualMem(p + 46, file_name, strlen(file_name)); /* Pathname */
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_compression_store.c:184:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = p + 46 + strlen(file_name);
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_compression_store.c:207:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualInt(i2(q + 26), strlen(file_name)); /* Pathname length */
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_compression_store.c:209:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualMem(q + 30, file_name, strlen(file_name)); /* Pathname */
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_compression_store.c:210:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extra_start = q = q + 30 + strlen(file_name);
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_compression_store.c:262:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualInt(i2(p + 28), strlen(folder_name)); /* Pathname length */
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_compression_store.c:269:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualMem(p + 46, folder_name, strlen(folder_name)); /* Pathname */
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_compression_store.c:270:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = p + 46 + strlen(folder_name);
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_compression_store.c:297:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualInt(i2(q + 26), strlen(folder_name)); /* Pathname length */
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_compression_store.c:299:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualMem(q + 30, folder_name, strlen(folder_name)); /* Pathname */
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_compression_store.c:300:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
extra_start = q = q + 30 + strlen(folder_name);
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_file.c:152:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualInt(i2(p + 28), strlen(file_name)); /* Pathname length */
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_file.c:159:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualMem(p + 46, file_name, strlen(file_name)); /* Pathname */
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_file.c:160:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = extension_start = central_header + 46 + strlen(file_name);
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_file.c:200:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualInt(i2(p + 26), strlen(file_name)); /* Pathname length */
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_file.c:202:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualMem(p + 30, file_name, strlen(file_name)); /* Pathname */
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_file.c:203:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = extension_start = local_header + 30 + strlen(file_name);
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_file_zip64.c:155:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualInt(i2(p + 28), strlen(file_name)); /* Pathname length */
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_file_zip64.c:162:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualMem(p + 46, file_name, strlen(file_name)); /* Pathname */
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_file_zip64.c:163:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = extension_start = central_header + 46 + strlen(file_name);
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_file_zip64.c:228:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualInt(i2(p + 26), strlen(file_name)); /* Pathname length */
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_file_zip64.c:230:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualMem(p + 30, file_name, strlen(file_name)); /* Pathname */
data/libarchive-3.4.3/libarchive/test/test_write_format_zip_file_zip64.c:231:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = extension_start = local_header + 30 + strlen(file_name);
data/libarchive-3.4.3/libarchive/test/test_xattr_platform.c:47:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!setXattr("readtest", attrname, readval, strlen(readval) + 1)) {
data/libarchive-3.4.3/libarchive/test/test_xattr_platform.c:93:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(writeval) + 1);
data/libarchive-3.4.3/libarchive/test/test_xattr_platform.c:100:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (assertEqualInt(insize, strlen(writeval) + 1) != 0)
data/libarchive-3.4.3/libarchive_fe/passphrase.c:108:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
success = WriteFile(hStdout, prompt, (DWORD)strlen(prompt),
data/libarchive-3.4.3/libarchive_fe/passphrase.c:244:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int r = write(output, prompt, strlen(prompt));
data/libarchive-3.4.3/libarchive_fe/passphrase.c:249:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((nr = read(input, &ch, 1)) == 1 && ch != '\n' && ch != '\r') {
data/libarchive-3.4.3/tar/bsdtar.c:318:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(bsdtar->argument) == 0)
data/libarchive-3.4.3/tar/bsdtar_platform.h:86:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define DIRENT_NAMLEN(dirent) strlen((dirent)->d_name)
data/libarchive-3.4.3/tar/bsdtar_windows.c:68:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (DWORD)strlen(name);
data/libarchive-3.4.3/tar/bsdtar_windows.c:138:2: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
wcsncpy(wsp, L"\\\\?\\", 4);
data/libarchive-3.4.3/tar/bsdtar_windows.c:143:3: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
wcsncpy(wsp, L"UNC\\", 4);
data/libarchive-3.4.3/tar/bsdtar_windows.c:147:2: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(wsp, wnp, slen);
data/libarchive-3.4.3/tar/cmdline.c:356:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
optlength = strlen(bsdtar->getopt_word);
data/libarchive-3.4.3/tar/cmdline.c:369:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(popt->name) == optlength) {
data/libarchive-3.4.3/tar/creation_set.c:290:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = realloc(name, strlen(name) + strlen(code) + 1);
data/libarchive-3.4.3/tar/creation_set.c:290:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = realloc(name, strlen(name) + strlen(code) + 1);
data/libarchive-3.4.3/tar/read.c:192:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t opt_len = strlen(reader_options) + 1;
data/libarchive-3.4.3/tar/subst.c:175:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
old_len = strlen(*str);
data/libarchive-3.4.3/tar/subst.c:197:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
old_len = strlen(*str);
data/libarchive-3.4.3/tar/subst.c:199:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_str = malloc(old_len + strlen(append) + 1);
data/libarchive-3.4.3/tar/test/test_copy.c:68:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cwdlen = strlen(buf);
data/libarchive-3.4.3/tar/test/test_copy.c:84:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pcwdlen = strlen(pbuf);
data/libarchive-3.4.3/tar/test/test_copy.c:86:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wcwdlen = strlen(wbuf);
data/libarchive-3.4.3/tar/test/test_copy.c:129:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertEqualInt(strlen(buff), i);
data/libarchive-3.4.3/tar/test/test_copy.c:208:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertFileContents(name1, (int)strlen(name1), name1);
data/libarchive-3.4.3/tar/test/test_copy.c:224:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name2) <= limit)
data/libarchive-3.4.3/tar/test/test_copy.c:259:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
failure("strlen(p)=%zu", strlen(p));
data/libarchive-3.4.3/tar/test/test_copy.c:260:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(p) < limit);
data/libarchive-3.4.3/tar/test/test_copy.c:262:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filenames[strlen(p)]);
data/libarchive-3.4.3/tar/test/test_copy.c:265:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
failure("strlen(p)=%zu", strlen(p));
data/libarchive-3.4.3/tar/test/test_copy.c:266:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(p) < limit + 1);
data/libarchive-3.4.3/tar/test/test_copy.c:268:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filenames[strlen(p)]);
data/libarchive-3.4.3/tar/test/test_help.c:36:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(substring);
data/libarchive-3.4.3/tar/test/test_option_C_mtree.c:45:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *absolute_path = malloc(strlen(testworkdir) + strlen(mtree_file) + 1);
data/libarchive-3.4.3/tar/test/test_option_C_mtree.c:45:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *absolute_path = malloc(strlen(testworkdir) + strlen(mtree_file) + 1);
data/libarchive-3.4.3/tar/test/test_option_b.c:39:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testprog_ustar = malloc(strlen(testprog) + sizeof(USTAR_OPT) + 1);
data/libarchive-3.4.3/tar/test/test_option_r.c:129:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertFileContents(buff, (int)strlen(buff), "f1");
data/libarchive-3.4.3/tar/test/test_option_xattrs.c:44:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(testval) + 1)) {
data/libarchive-3.4.3/tar/test/test_option_xattrs.c:63:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(assertEqualInt(size, strlen(testval) + 1) != 0)
data/libarchive-3.4.3/tar/test/test_print_longpath.c:42:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(buff, "0123456789",
data/libarchive-3.4.3/tar/test/test_print_longpath.c:43:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(buff) - strlen(buff) -1);
data/libarchive-3.4.3/tar/test/test_print_longpath.c:44:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(buff, "/", sizeof(buff) - strlen(buff) -1);
data/libarchive-3.4.3/tar/test/test_print_longpath.c:44:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buff, "/", sizeof(buff) - strlen(buff) -1);
data/libarchive-3.4.3/tar/test/test_print_longpath.c:46:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(buff, "\n", sizeof(buff) - strlen(buff) -1);
data/libarchive-3.4.3/tar/test/test_print_longpath.c:46:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buff, "\n", sizeof(buff) - strlen(buff) -1);
data/libarchive-3.4.3/tar/test/test_windows.c:232:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertFileContents(fp2, (int)strlen(fp2), "../list10");
data/libarchive-3.4.3/tar/test/test_windows.c:244:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertFileContents(fp2, (int)strlen(fp2), "../list11");
data/libarchive-3.4.3/tar/test/test_windows.c:256:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertFileContents(fp2, (int)strlen(fp2), "../list12");
data/libarchive-3.4.3/tar/test/test_windows.c:268:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertFileContents(fp2, (int)strlen(fp2), "../list13");
data/libarchive-3.4.3/tar/test/test_windows.c:280:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertFileContents(fp2, (int)strlen(fp2), "../list14");
data/libarchive-3.4.3/tar/test/test_windows.c:292:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertFileContents(fp2, (int)strlen(fp2), "../list15");
data/libarchive-3.4.3/tar/test/test_windows.c:305:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertFileContents(fp2, (int)strlen(fp2), "../list16");
data/libarchive-3.4.3/tar/test/test_windows.c:318:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assertFileContents(fp2, (int)strlen(fp2), "../list17");
data/libarchive-3.4.3/tar/util.c:70:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read _read
data/libarchive-3.4.3/tar/util.c:246:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
l = read(2, buff, sizeof(buff) - 1);
data/libarchive-3.4.3/tar/util.c:311:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t old_len = strlen(old_pending);
data/libarchive-3.4.3/tar/util.c:312:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsdtar->pending_chdir = malloc(old_len + strlen(newdir) + 2);
data/libarchive-3.4.3/tar/util.c:702:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w = strlen(p);
data/libarchive-3.4.3/tar/util.c:711:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w = strlen(p);
data/libarchive-3.4.3/tar/util.c:715:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w = strlen(tmp);
data/libarchive-3.4.3/tar/util.c:732:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (w + strlen(tmp) >= bsdtar->gs_width)
data/libarchive-3.4.3/tar/util.c:733:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bsdtar->gs_width = w+strlen(tmp)+1;
data/libarchive-3.4.3/tar/write.c:133:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read _read
data/libarchive-3.4.3/tar/write.c:149:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t opt_len = strlen(writer_options) + 1;
data/libarchive-3.4.3/tar/write.c:181:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t opt_len = strlen(reader_options) + 1;
data/libarchive-3.4.3/test_utils/test_main.c:138:9: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
#define umask _umask
data/libarchive-3.4.3/test_utils/test_main.c:149:16: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
mode_t mode = umask(0);
data/libarchive-3.4.3/test_utils/test_main.c:150:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(mode);
data/libarchive-3.4.3/test_utils/test_main.c:230:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tlen = strlen(target);
data/libarchive-3.4.3/test_utils/test_main.c:231:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
llen = strlen(linkname);
data/libarchive-3.4.3/test_utils/test_main.c:729:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
logprintf(" (length %d)", q == NULL ? -1 : (int)strlen(q));
data/libarchive-3.4.3/test_utils/test_main.c:741:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(p);
data/libarchive-3.4.3/test_utils/test_main.c:775:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l1 = (int)strlen(e1);
data/libarchive-3.4.3/test_utils/test_main.c:776:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l2 = (int)strlen(e2);
data/libarchive-3.4.3/test_utils/test_main.c:1139:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = (int)strlen(buff);
data/libarchive-3.4.3/test_utils/test_main.c:1244:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += 1 + strlen(p)) {
data/libarchive-3.4.3/test_utils/test_main.c:1741:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pn = malloc((strlen(pathname) + 1) * sizeof(char));
data/libarchive-3.4.3/test_utils/test_main.c:1938:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsize = strlen(contents);
data/libarchive-3.4.3/test_utils/test_main.c:1970:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wsize = (ssize_t)strlen(contents);
data/libarchive-3.4.3/test_utils/test_main.c:2047:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(mask);
data/libarchive-3.4.3/test_utils/test_main.c:2356:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t prog_len = strlen(base);
data/libarchive-3.4.3/test_utils/test_main.c:3544:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(oldumask = umask(0));
data/libarchive-3.4.3/test_utils/test_main.c:3544:19: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(oldumask = umask(0));
data/libarchive-3.4.3/test_utils/test_main.c:3554:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(oldumask);
data/libarchive-3.4.3/test_utils/test_main.c:3664:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tried, buff, tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3664:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(tried, buff, tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3665:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(tried, "\n", tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3665:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(tried, "\n", tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3675:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (pwd[strlen(pwd) - 1] == '\n')
data/libarchive-3.4.3/test_utils/test_main.c:3676:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pwd[strlen(pwd) - 1] = '\0';
data/libarchive-3.4.3/test_utils/test_main.c:3682:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tried, buff, tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3682:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(tried, buff, tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3683:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(tried, "\n", tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3683:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(tried, "\n", tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3688:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tried, buff, tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3688:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(tried, buff, tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3689:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(tried, "\n", tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3689:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(tried, "\n", tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3698:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tried, buff, tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3698:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(tried, buff, tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3699:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(tried, "\n", tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3699:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(tried, "\n", tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3705:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tried, buff, tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3705:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(tried, buff, tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3706:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(tried, "\n", tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3706:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(tried, "\n", tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3713:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tried, buff, tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3713:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(tried, buff, tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3714:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(tried, "\n", tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3714:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(tried, "\n", tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3719:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tried, buff, tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3719:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(tried, buff, tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3720:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(tried, "\n", tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3720:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(tried, "\n", tried_size - strlen(tried) - 1);
data/libarchive-3.4.3/test_utils/test_main.c:3770:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (pwd[strlen(pwd) - 1] == '\n')
data/libarchive-3.4.3/test_utils/test_main.c:3771:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pwd[strlen(pwd) - 1] = '\0';
data/libarchive-3.4.3/test_utils/test_main.c:3785:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((testprogdir = (char *)malloc(strlen(progname) + 1)) == NULL)
data/libarchive-3.4.3/test_utils/test_main.c:3814:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pwd) + 1 + strlen(testprogdir) + 1)) == NULL)
data/libarchive-3.4.3/test_utils/test_main.c:3814:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(pwd) + 1 + strlen(testprogdir) + 1)) == NULL)
data/libarchive-3.4.3/test_utils/test_main.c:3819:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(testprogdir + strlen(pwd) + 1, testprogdir,
data/libarchive-3.4.3/test_utils/test_main.c:3820:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(testprogdir) + 1);
data/libarchive-3.4.3/test_utils/test_main.c:3821:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(testprogdir, pwd, strlen(pwd));
data/libarchive-3.4.3/test_utils/test_main.c:3822:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testprogdir[strlen(pwd)] = '/';
data/libarchive-3.4.3/test_utils/test_main.c:3932:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((tmp2 = (char *)malloc(strlen(testprogdir) + 1 +
data/libarchive-3.4.3/test_utils/test_main.c:3933:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(PROGRAM) + 1)) == NULL)
data/libarchive-3.4.3/test_utils/test_main.c:3939:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp2, "/");
data/libarchive-3.4.3/test_utils/test_main.c:3956:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
testprg = malloc(strlen(testprogfile) + 3);
data/libarchive-3.4.3/test_utils/test_main.c:3957:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(testprg, "\"");
data/libarchive-3.4.3/test_utils/test_main.c:3959:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(testprg, "\"");
data/libarchive-3.4.3/test_utils/test_main.c:3984:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(tmp) + 1 + strlen(progname) + 1 +
data/libarchive-3.4.3/test_utils/test_main.c:3984:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(tmp) + 1 + strlen(progname) + 1 +
data/libarchive-3.4.3/test_utils/test_main.c:3985:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tmpdir_timestamp) + 1 + 3) >
ANALYSIS SUMMARY:
Hits = 1747
Lines analyzed = 219660 in approximately 7.57 seconds (29007 lines/second)
Physical Source Lines of Code (SLOC) = 155720
Hits@level = [0] 302 [1] 550 [2] 1055 [3] 33 [4] 95 [5] 14
Hits@level+ = [0+] 2049 [1+] 1747 [2+] 1197 [3+] 142 [4+] 109 [5+] 14
Hits/KSLOC@level+ = [0+] 13.1582 [1+] 11.2189 [2+] 7.68687 [3+] 0.911893 [4+] 0.699974 [5+] 0.089905
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.