Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libffi-platypus-perl-1.34/inc/probe/abi.c
Examining data/libffi-platypus-perl-1.34/inc/probe/alloca.c
Examining data/libffi-platypus-perl-1.34/inc/probe/complex.c
Examining data/libffi-platypus-perl-1.34/inc/probe/variadic.c
Examining data/libffi-platypus-perl-1.34/inc/probe/bigendian.c
Examining data/libffi-platypus-perl-1.34/inc/probe/longdouble.c
Examining data/libffi-platypus-perl-1.34/inc/probe/bigendian64.c
Examining data/libffi-platypus-perl-1.34/inc/probe/recordvalue.c
Examining data/libffi-platypus-perl-1.34/xs/cast.c
Examining data/libffi-platypus-perl-1.34/xs/meta.c
Examining data/libffi-platypus-perl-1.34/xs/windl.c
Examining data/libffi-platypus-perl-1.34/xs/names.c
Examining data/libffi-platypus-perl-1.34/xs/custom.c
Examining data/libffi-platypus-perl-1.34/xs/complex.c
Examining data/libffi-platypus-perl-1.34/xs/closure.c
Examining data/libffi-platypus-perl-1.34/xs/record_opaque.c
Examining data/libffi-platypus-perl-1.34/xs/record_simple.c
Examining data/libffi-platypus-perl-1.34/xs/record_string.c
Examining data/libffi-platypus-perl-1.34/xs/perl_math_int64.c
Examining data/libffi-platypus-perl-1.34/t/ffi/meta.c
Examining data/libffi-platypus-perl-1.34/t/ffi/sint8.c
Examining data/libffi-platypus-perl-1.34/t/ffi/gh174.c
Examining data/libffi-platypus-perl-1.34/t/ffi/color.c
Examining data/libffi-platypus-perl-1.34/t/ffi/uint8.c
Examining data/libffi-platypus-perl-1.34/t/ffi/align.c
Examining data/libffi-platypus-perl-1.34/t/ffi/basic.c
Examining data/libffi-platypus-perl-1.34/t/ffi/float.c
Examining data/libffi-platypus-perl-1.34/t/ffi/gh117.c
Examining data/libffi-platypus-perl-1.34/t/ffi/sint64.c
Examining data/libffi-platypus-perl-1.34/t/ffi/sint32.c
Examining data/libffi-platypus-perl-1.34/t/ffi/uint32.c
Examining data/libffi-platypus-perl-1.34/t/ffi/record.c
Examining data/libffi-platypus-perl-1.34/t/ffi/double.c
Examining data/libffi-platypus-perl-1.34/t/ffi/uint16.c
Examining data/libffi-platypus-perl-1.34/t/ffi/string.c
Examining data/libffi-platypus-perl-1.34/t/ffi/uint64.c
Examining data/libffi-platypus-perl-1.34/t/ffi/sint16.c
Examining data/libffi-platypus-perl-1.34/t/ffi/memcmp4.c
Examining data/libffi-platypus-perl-1.34/t/ffi/pointer.c
Examining data/libffi-platypus-perl-1.34/t/ffi/closure.c
Examining data/libffi-platypus-perl-1.34/t/ffi/variadic.c
Examining data/libffi-platypus-perl-1.34/t/ffi/longdouble.c
Examining data/libffi-platypus-perl-1.34/t/ffi/align_fixed.c
Examining data/libffi-platypus-perl-1.34/t/ffi/align_array.c
Examining data/libffi-platypus-perl-1.34/t/ffi/align_string.c
Examining data/libffi-platypus-perl-1.34/t/ffi/string_array.c
Examining data/libffi-platypus-perl-1.34/t/ffi/complex_float.c
Examining data/libffi-platypus-perl-1.34/t/ffi/complex_double.c
Examining data/libffi-platypus-perl-1.34/ffi/memory.c
Examining data/libffi-platypus-perl-1.34/ffi/constant.c
Examining data/libffi-platypus-perl-1.34/ffi/record_meta.c
Examining data/libffi-platypus-perl-1.34/examples/closure.c
Examining data/libffi-platypus-perl-1.34/examples/var_array.c
Examining data/libffi-platypus-perl-1.34/examples/bundle-foo/ffi/foo.c
Examining data/libffi-platypus-perl-1.34/examples/bundle-init/ffi/init.c
Examining data/libffi-platypus-perl-1.34/examples/bundle-const/ffi/const.c
Examining data/libffi-platypus-perl-1.34/examples/bundle-const/ffi/myheader.h
Examining data/libffi-platypus-perl-1.34/include/ppport.h
Examining data/libffi-platypus-perl-1.34/include/libtest.h
Examining data/libffi-platypus-perl-1.34/include/ffi_platypus.h
Examining data/libffi-platypus-perl-1.34/include/perl_math_int64.h
Examining data/libffi-platypus-perl-1.34/include/ffi_platypus_guts.h
Examining data/libffi-platypus-perl-1.34/include/ffi_platypus_call.h
Examining data/libffi-platypus-perl-1.34/include/ffi_platypus_bundle.h
Examining data/libffi-platypus-perl-1.34/corpus/ffi_probe_runner/foo.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_probe_runner/bar.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build/source/foo.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build/project2/bar.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build/project1/foo2.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build/project1/foo1.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build/project-cxx/foo2.cpp
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build/project-cxx/foo1.cxx
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_file_c/foo2.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_file_c/foo1.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_file_c/basic.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_file_c/include/myfoo.h
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/lb1/hello2.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/lb1/hello1.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/lb2/hello2.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/lb2/hello1.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/lb1bad/hello2.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/lb1bad/hello1.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/project1/ffi/z.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/project1/ffi/x.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/project1/ffi/y.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/project1/t/ffi/b.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/project1/t/ffi/a.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/project1/t/ffi/c.c
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_file_cxx/foo2.cpp
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_file_cxx/foo1.cxx
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_file_cxx/basic.cxx
Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_file_cxx/include/myfoo.h
FINAL RESULTS:
data/libffi-platypus-perl-1.34/include/ppport.h:9751:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
retval = vsnprintf(buffer, len, format, ap);
data/libffi-platypus-perl-1.34/include/ppport.h:9753:14: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
retval = vsprintf(buffer, format, ap);
data/libffi-platypus-perl-1.34/include/ppport.h:9788:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buffer, pat, args);
data/libffi-platypus-perl-1.34/t/ffi/align_string.c:20:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, value);
data/libffi-platypus-perl-1.34/t/ffi/meta.c:15:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(self->bar, bar);
data/libffi-platypus-perl-1.34/t/ffi/meta.c:30:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,
data/libffi-platypus-perl-1.34/t/ffi/record.c:31:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, self.name);
data/libffi-platypus-perl-1.34/t/ffi/record.c:58:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(self.name, name);
data/libffi-platypus-perl-1.34/t/ffi/record.c:73:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(self.name, name);
data/libffi-platypus-perl-1.34/t/ffi/string.c:50:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, value);
data/libffi-platypus-perl-1.34/t/ffi/string.c:78:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "*arg==%s", *arg);
data/libffi-platypus-perl-1.34/t/ffi/string.c:93:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%s", arg);
data/libffi-platypus-perl-1.34/t/ffi/string_array.c:10:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, array[index]);
data/libffi-platypus-perl-1.34/t/ffi/variadic.c:54:11: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bp, str);
data/libffi-platypus-perl-1.34/xs/windl.c:84:25: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
handle->os_handle = LoadLibrary(filename);
data/libffi-platypus-perl-1.34/xs/windl.c:146:28: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
HMODULE handle = LoadLibrary(mod_name);
data/libffi-platypus-perl-1.34/examples/bundle-init/ffi/init.c:3:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/libffi-platypus-perl-1.34/ffi/memory.c:28:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(news, olds, size);
data/libffi-platypus-perl-1.34/ffi/memory.c:46:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(news, olds, size);
data/libffi-platypus-perl-1.34/inc/probe/bigendian.c:15:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[4] = { 0x00, 0x00, 0x00, 0x00 };
data/libffi-platypus-perl-1.34/inc/probe/bigendian64.c:15:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bytes[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 };
data/libffi-platypus-perl-1.34/inc/probe/recordvalue.c:8:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[13];
data/libffi-platypus-perl-1.34/inc/probe/recordvalue.c:16:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(self.name, "hello");
data/libffi-platypus-perl-1.34/include/ffi_platypus_call.h:361:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, pv, len+1);
data/libffi-platypus-perl-1.34/include/ffi_platypus_call.h:532:27: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, pv, len+1);
data/libffi-platypus-perl-1.34/include/ppport.h:7525:42: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define CopyD(s,d,n,t) memcpy((char*)(d),(char*)(s), (n) * sizeof(t))
data/libffi-platypus-perl-1.34/include/ppport.h:9604:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
&& (xdigit = strchr((char *) PL_hexdigit, s[1])))
data/libffi-platypus-perl-1.34/include/ppport.h:9835:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst + used, src, copy);
data/libffi-platypus-perl-1.34/include/ppport.h:9865:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, copy);
data/libffi-platypus-perl-1.34/include/ppport.h:10535:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char octbuf[32] = "%123456789ABCDF";
data/libffi-platypus-perl-1.34/include/ppport.h:10605:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2];
data/libffi-platypus-perl-1.34/t/ffi/align_fixed.c:5:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char value[10];
data/libffi-platypus-perl-1.34/t/ffi/align_string.c:17:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[512];
data/libffi-platypus-perl-1.34/t/ffi/basic.c:12:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(string);
data/libffi-platypus-perl-1.34/t/ffi/closure.c:46:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fixedfive[5];
data/libffi-platypus-perl-1.34/t/ffi/complex_double.c:19:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[1024];
data/libffi-platypus-perl-1.34/t/ffi/complex_double.c:20:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%g + %g * i", creal(f), cimag(f));
data/libffi-platypus-perl-1.34/t/ffi/complex_float.c:19:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[1024];
data/libffi-platypus-perl-1.34/t/ffi/complex_float.c:20:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%g + %g * i", crealf(f), cimagf(f));
data/libffi-platypus-perl-1.34/t/ffi/meta.c:29:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[1024];
data/libffi-platypus-perl-1.34/t/ffi/pointer.c:42:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
pointer_arg_array_in(char *array[3])
data/libffi-platypus-perl-1.34/t/ffi/pointer.c:48:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
pointer_arg_array_null_in(char *array[3])
data/libffi-platypus-perl-1.34/t/ffi/pointer.c:54:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
pointer_arg_array_out(char *array[3])
data/libffi-platypus-perl-1.34/t/ffi/pointer.c:62:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
pointer_arg_array_null_out(char *array[3])
data/libffi-platypus-perl-1.34/t/ffi/pointer.c:72:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *array[3] = { "seven", "eight", "nine" };
data/libffi-platypus-perl-1.34/t/ffi/pointer.c:79:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *array[4] = { "seven", "eight", "nine", NULL };
data/libffi-platypus-perl-1.34/t/ffi/pointer.c:86:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *array[3] = { NULL, NULL, NULL };
data/libffi-platypus-perl-1.34/t/ffi/record.c:5:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/libffi-platypus-perl-1.34/t/ffi/record.c:12:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ret[16];
data/libffi-platypus-perl-1.34/t/ffi/record.c:23:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ret, self->name, 16);
data/libffi-platypus-perl-1.34/t/ffi/record.c:30:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char name[16];
data/libffi-platypus-perl-1.34/t/ffi/string.c:46:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[512];
data/libffi-platypus-perl-1.34/t/ffi/string.c:70:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[512];
data/libffi-platypus-perl-1.34/t/ffi/string.c:76:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "*arg==NULL");
data/libffi-platypus-perl-1.34/t/ffi/string.c:88:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[512];
data/libffi-platypus-perl-1.34/t/ffi/string_array.c:7:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[512];
data/libffi-platypus-perl-1.34/t/ffi/string_array.c:17:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *buffer[4] = {
data/libffi-platypus-perl-1.34/t/ffi/string_array.c:28:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *buffer[4] = {
data/libffi-platypus-perl-1.34/t/ffi/string_array.c:40:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *buffer[3] = {
data/libffi-platypus-perl-1.34/t/ffi/string_array.c:51:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *buffer[1] = {
data/libffi-platypus-perl-1.34/t/ffi/variadic.c:29:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[2046];
data/libffi-platypus-perl-1.34/t/ffi/variadic.c:40:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer2[64];
data/libffi-platypus-perl-1.34/t/ffi/variadic.c:45:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer2, "%d", va_arg(ap, int));
data/libffi-platypus-perl-1.34/xs/record_string.c:87:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*ptr2, arg_ptr, len);
data/libffi-platypus-perl-1.34/xs/record_string.c:148:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr2, arg_ptr, len);
data/libffi-platypus-perl-1.34/xs/windl.c:127:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR mod_name[MAX_PATH];
data/libffi-platypus-perl-1.34/ffi/memory.c:24:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(olds)+1;
data/libffi-platypus-perl-1.34/include/ppport.h:6748:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define vnewSVpvf(pat, args) ({ SV *_sv = newSV(0); sv_vsetpvfn(_sv, (pat), strlen((pat)), (args), Null(SV**), 0, Null(bool*)); _sv; })
data/libffi-platypus-perl-1.34/include/ppport.h:6750:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define vnewSVpvf(pat, args) ((PL_Sv = newSV(0)), sv_vsetpvfn(PL_Sv, (pat), strlen((pat)), (args), Null(SV**), 0, Null(bool*)), PL_Sv)
data/libffi-platypus-perl-1.34/include/ppport.h:6755:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define sv_vcatpvf(sv, pat, args) sv_vcatpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*))
data/libffi-platypus-perl-1.34/include/ppport.h:6759:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define sv_vsetpvf(sv, pat, args) sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*))
data/libffi-platypus-perl-1.34/include/ppport.h:6780:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vcatpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*));
data/libffi-platypus-perl-1.34/include/ppport.h:6809:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vcatpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*));
data/libffi-platypus-perl-1.34/include/ppport.h:6830:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vcatpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)); \
data/libffi-platypus-perl-1.34/include/ppport.h:6853:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vsetpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*));
data/libffi-platypus-perl-1.34/include/ppport.h:6882:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vsetpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*));
data/libffi-platypus-perl-1.34/include/ppport.h:6903:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)); \
data/libffi-platypus-perl-1.34/include/ppport.h:8561:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define HvNAMELEN_get(hv) (HvNAME_get(hv) ? (I32)strlen(HvNAME_get(hv)) : 0)
data/libffi-platypus-perl-1.34/include/ppport.h:9195:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
STRLEN len = strlen(radix);
data/libffi-platypus-perl-1.34/include/ppport.h:9790:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buffer);
data/libffi-platypus-perl-1.34/include/ppport.h:9831:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
used = strlen(dst);
data/libffi-platypus-perl-1.34/include/ppport.h:9832:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(src);
data/libffi-platypus-perl-1.34/include/ppport.h:9862:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(src);
data/libffi-platypus-perl-1.34/t/ffi/meta.c:14:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
self->bar = malloc(strlen(bar)+1);
data/libffi-platypus-perl-1.34/t/ffi/variadic.c:55:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp += strlen(str);
ANALYSIS SUMMARY:
Hits = 85
Lines analyzed = 18606 in approximately 0.56 seconds (33122 lines/second)
Physical Source Lines of Code (SLOC) = 11747
Hits@level = [0] 21 [1] 19 [2] 50 [3] 2 [4] 14 [5] 0
Hits@level+ = [0+] 106 [1+] 85 [2+] 66 [3+] 16 [4+] 14 [5+] 0
Hits/KSLOC@level+ = [0+] 9.02358 [1+] 7.23589 [2+] 5.61846 [3+] 1.36205 [4+] 1.19179 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.