Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libffi-platypus-perl-1.34/inc/probe/abi.c Examining data/libffi-platypus-perl-1.34/inc/probe/alloca.c Examining data/libffi-platypus-perl-1.34/inc/probe/complex.c Examining data/libffi-platypus-perl-1.34/inc/probe/variadic.c Examining data/libffi-platypus-perl-1.34/inc/probe/bigendian.c Examining data/libffi-platypus-perl-1.34/inc/probe/longdouble.c Examining data/libffi-platypus-perl-1.34/inc/probe/bigendian64.c Examining data/libffi-platypus-perl-1.34/inc/probe/recordvalue.c Examining data/libffi-platypus-perl-1.34/xs/cast.c Examining data/libffi-platypus-perl-1.34/xs/meta.c Examining data/libffi-platypus-perl-1.34/xs/windl.c Examining data/libffi-platypus-perl-1.34/xs/names.c Examining data/libffi-platypus-perl-1.34/xs/custom.c Examining data/libffi-platypus-perl-1.34/xs/complex.c Examining data/libffi-platypus-perl-1.34/xs/closure.c Examining data/libffi-platypus-perl-1.34/xs/record_opaque.c Examining data/libffi-platypus-perl-1.34/xs/record_simple.c Examining data/libffi-platypus-perl-1.34/xs/record_string.c Examining data/libffi-platypus-perl-1.34/xs/perl_math_int64.c Examining data/libffi-platypus-perl-1.34/t/ffi/meta.c Examining data/libffi-platypus-perl-1.34/t/ffi/sint8.c Examining data/libffi-platypus-perl-1.34/t/ffi/gh174.c Examining data/libffi-platypus-perl-1.34/t/ffi/color.c Examining data/libffi-platypus-perl-1.34/t/ffi/uint8.c Examining data/libffi-platypus-perl-1.34/t/ffi/align.c Examining data/libffi-platypus-perl-1.34/t/ffi/basic.c Examining data/libffi-platypus-perl-1.34/t/ffi/float.c Examining data/libffi-platypus-perl-1.34/t/ffi/gh117.c Examining data/libffi-platypus-perl-1.34/t/ffi/sint64.c Examining data/libffi-platypus-perl-1.34/t/ffi/sint32.c Examining data/libffi-platypus-perl-1.34/t/ffi/uint32.c Examining data/libffi-platypus-perl-1.34/t/ffi/record.c Examining data/libffi-platypus-perl-1.34/t/ffi/double.c Examining data/libffi-platypus-perl-1.34/t/ffi/uint16.c Examining data/libffi-platypus-perl-1.34/t/ffi/string.c Examining data/libffi-platypus-perl-1.34/t/ffi/uint64.c Examining data/libffi-platypus-perl-1.34/t/ffi/sint16.c Examining data/libffi-platypus-perl-1.34/t/ffi/memcmp4.c Examining data/libffi-platypus-perl-1.34/t/ffi/pointer.c Examining data/libffi-platypus-perl-1.34/t/ffi/closure.c Examining data/libffi-platypus-perl-1.34/t/ffi/variadic.c Examining data/libffi-platypus-perl-1.34/t/ffi/longdouble.c Examining data/libffi-platypus-perl-1.34/t/ffi/align_fixed.c Examining data/libffi-platypus-perl-1.34/t/ffi/align_array.c Examining data/libffi-platypus-perl-1.34/t/ffi/align_string.c Examining data/libffi-platypus-perl-1.34/t/ffi/string_array.c Examining data/libffi-platypus-perl-1.34/t/ffi/complex_float.c Examining data/libffi-platypus-perl-1.34/t/ffi/complex_double.c Examining data/libffi-platypus-perl-1.34/ffi/memory.c Examining data/libffi-platypus-perl-1.34/ffi/constant.c Examining data/libffi-platypus-perl-1.34/ffi/record_meta.c Examining data/libffi-platypus-perl-1.34/examples/closure.c Examining data/libffi-platypus-perl-1.34/examples/var_array.c Examining data/libffi-platypus-perl-1.34/examples/bundle-foo/ffi/foo.c Examining data/libffi-platypus-perl-1.34/examples/bundle-init/ffi/init.c Examining data/libffi-platypus-perl-1.34/examples/bundle-const/ffi/const.c Examining data/libffi-platypus-perl-1.34/examples/bundle-const/ffi/myheader.h Examining data/libffi-platypus-perl-1.34/include/ppport.h Examining data/libffi-platypus-perl-1.34/include/libtest.h Examining data/libffi-platypus-perl-1.34/include/ffi_platypus.h Examining data/libffi-platypus-perl-1.34/include/perl_math_int64.h Examining data/libffi-platypus-perl-1.34/include/ffi_platypus_guts.h Examining data/libffi-platypus-perl-1.34/include/ffi_platypus_call.h Examining data/libffi-platypus-perl-1.34/include/ffi_platypus_bundle.h Examining data/libffi-platypus-perl-1.34/corpus/ffi_probe_runner/foo.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_probe_runner/bar.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_build/source/foo.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_build/project2/bar.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_build/project1/foo2.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_build/project1/foo1.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_build/project-cxx/foo2.cpp Examining data/libffi-platypus-perl-1.34/corpus/ffi_build/project-cxx/foo1.cxx Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_file_c/foo2.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_file_c/foo1.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_file_c/basic.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_file_c/include/myfoo.h Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/lb1/hello2.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/lb1/hello1.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/lb2/hello2.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/lb2/hello1.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/lb1bad/hello2.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/lb1bad/hello1.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/project1/ffi/z.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/project1/ffi/x.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/project1/ffi/y.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/project1/t/ffi/b.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/project1/t/ffi/a.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_mm/project1/t/ffi/c.c Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_file_cxx/foo2.cpp Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_file_cxx/foo1.cxx Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_file_cxx/basic.cxx Examining data/libffi-platypus-perl-1.34/corpus/ffi_build_file_cxx/include/myfoo.h FINAL RESULTS: data/libffi-platypus-perl-1.34/include/ppport.h:9751:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. retval = vsnprintf(buffer, len, format, ap); data/libffi-platypus-perl-1.34/include/ppport.h:9753:14: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. retval = vsprintf(buffer, format, ap); data/libffi-platypus-perl-1.34/include/ppport.h:9788:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buffer, pat, args); data/libffi-platypus-perl-1.34/t/ffi/align_string.c:20:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer, value); data/libffi-platypus-perl-1.34/t/ffi/meta.c:15:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(self->bar, bar); data/libffi-platypus-perl-1.34/t/ffi/meta.c:30:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, data/libffi-platypus-perl-1.34/t/ffi/record.c:31:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, self.name); data/libffi-platypus-perl-1.34/t/ffi/record.c:58:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(self.name, name); data/libffi-platypus-perl-1.34/t/ffi/record.c:73:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(self.name, name); data/libffi-platypus-perl-1.34/t/ffi/string.c:50:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer, value); data/libffi-platypus-perl-1.34/t/ffi/string.c:78:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "*arg==%s", *arg); data/libffi-platypus-perl-1.34/t/ffi/string.c:93:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "%s", arg); data/libffi-platypus-perl-1.34/t/ffi/string_array.c:10:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer, array[index]); data/libffi-platypus-perl-1.34/t/ffi/variadic.c:54:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bp, str); data/libffi-platypus-perl-1.34/xs/windl.c:84:25: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. handle->os_handle = LoadLibrary(filename); data/libffi-platypus-perl-1.34/xs/windl.c:146:28: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. HMODULE handle = LoadLibrary(mod_name); data/libffi-platypus-perl-1.34/examples/bundle-init/ffi/init.c:3:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/libffi-platypus-perl-1.34/ffi/memory.c:28:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(news, olds, size); data/libffi-platypus-perl-1.34/ffi/memory.c:46:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(news, olds, size); data/libffi-platypus-perl-1.34/inc/probe/bigendian.c:15:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[4] = { 0x00, 0x00, 0x00, 0x00 }; data/libffi-platypus-perl-1.34/inc/probe/bigendian64.c:15:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bytes[8] = { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 }; data/libffi-platypus-perl-1.34/inc/probe/recordvalue.c:8:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[13]; data/libffi-platypus-perl-1.34/inc/probe/recordvalue.c:16:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(self.name, "hello"); data/libffi-platypus-perl-1.34/include/ffi_platypus_call.h:361:27: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, pv, len+1); data/libffi-platypus-perl-1.34/include/ffi_platypus_call.h:532:27: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, pv, len+1); data/libffi-platypus-perl-1.34/include/ppport.h:7525:42: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define CopyD(s,d,n,t) memcpy((char*)(d),(char*)(s), (n) * sizeof(t)) data/libffi-platypus-perl-1.34/include/ppport.h:9604:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. && (xdigit = strchr((char *) PL_hexdigit, s[1]))) data/libffi-platypus-perl-1.34/include/ppport.h:9835:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst + used, src, copy); data/libffi-platypus-perl-1.34/include/ppport.h:9865:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, copy); data/libffi-platypus-perl-1.34/include/ppport.h:10535:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char octbuf[32] = "%123456789ABCDF"; data/libffi-platypus-perl-1.34/include/ppport.h:10605:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[2]; data/libffi-platypus-perl-1.34/t/ffi/align_fixed.c:5:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char value[10]; data/libffi-platypus-perl-1.34/t/ffi/align_string.c:17:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[512]; data/libffi-platypus-perl-1.34/t/ffi/basic.c:12:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(string); data/libffi-platypus-perl-1.34/t/ffi/closure.c:46:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fixedfive[5]; data/libffi-platypus-perl-1.34/t/ffi/complex_double.c:19:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[1024]; data/libffi-platypus-perl-1.34/t/ffi/complex_double.c:20:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%g + %g * i", creal(f), cimag(f)); data/libffi-platypus-perl-1.34/t/ffi/complex_float.c:19:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[1024]; data/libffi-platypus-perl-1.34/t/ffi/complex_float.c:20:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%g + %g * i", crealf(f), cimagf(f)); data/libffi-platypus-perl-1.34/t/ffi/meta.c:29:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[1024]; data/libffi-platypus-perl-1.34/t/ffi/pointer.c:42:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. pointer_arg_array_in(char *array[3]) data/libffi-platypus-perl-1.34/t/ffi/pointer.c:48:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. pointer_arg_array_null_in(char *array[3]) data/libffi-platypus-perl-1.34/t/ffi/pointer.c:54:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. pointer_arg_array_out(char *array[3]) data/libffi-platypus-perl-1.34/t/ffi/pointer.c:62:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. pointer_arg_array_null_out(char *array[3]) data/libffi-platypus-perl-1.34/t/ffi/pointer.c:72:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *array[3] = { "seven", "eight", "nine" }; data/libffi-platypus-perl-1.34/t/ffi/pointer.c:79:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *array[4] = { "seven", "eight", "nine", NULL }; data/libffi-platypus-perl-1.34/t/ffi/pointer.c:86:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *array[3] = { NULL, NULL, NULL }; data/libffi-platypus-perl-1.34/t/ffi/record.c:5:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[16]; data/libffi-platypus-perl-1.34/t/ffi/record.c:12:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ret[16]; data/libffi-platypus-perl-1.34/t/ffi/record.c:23:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, self->name, 16); data/libffi-platypus-perl-1.34/t/ffi/record.c:30:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char name[16]; data/libffi-platypus-perl-1.34/t/ffi/string.c:46:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[512]; data/libffi-platypus-perl-1.34/t/ffi/string.c:70:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[512]; data/libffi-platypus-perl-1.34/t/ffi/string.c:76:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "*arg==NULL"); data/libffi-platypus-perl-1.34/t/ffi/string.c:88:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[512]; data/libffi-platypus-perl-1.34/t/ffi/string_array.c:7:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[512]; data/libffi-platypus-perl-1.34/t/ffi/string_array.c:17:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *buffer[4] = { data/libffi-platypus-perl-1.34/t/ffi/string_array.c:28:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *buffer[4] = { data/libffi-platypus-perl-1.34/t/ffi/string_array.c:40:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *buffer[3] = { data/libffi-platypus-perl-1.34/t/ffi/string_array.c:51:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *buffer[1] = { data/libffi-platypus-perl-1.34/t/ffi/variadic.c:29:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[2046]; data/libffi-platypus-perl-1.34/t/ffi/variadic.c:40:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer2[64]; data/libffi-platypus-perl-1.34/t/ffi/variadic.c:45:15: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer2, "%d", va_arg(ap, int)); data/libffi-platypus-perl-1.34/xs/record_string.c:87:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*ptr2, arg_ptr, len); data/libffi-platypus-perl-1.34/xs/record_string.c:148:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ptr2, arg_ptr, len); data/libffi-platypus-perl-1.34/xs/windl.c:127:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR mod_name[MAX_PATH]; data/libffi-platypus-perl-1.34/ffi/memory.c:24:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(olds)+1; data/libffi-platypus-perl-1.34/include/ppport.h:6748:79: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define vnewSVpvf(pat, args) ({ SV *_sv = newSV(0); sv_vsetpvfn(_sv, (pat), strlen((pat)), (args), Null(SV**), 0, Null(bool*)); _sv; }) data/libffi-platypus-perl-1.34/include/ppport.h:6750:79: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define vnewSVpvf(pat, args) ((PL_Sv = newSV(0)), sv_vsetpvfn(PL_Sv, (pat), strlen((pat)), (args), Null(SV**), 0, Null(bool*)), PL_Sv) data/libffi-platypus-perl-1.34/include/ppport.h:6755:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define sv_vcatpvf(sv, pat, args) sv_vcatpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)) data/libffi-platypus-perl-1.34/include/ppport.h:6759:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define sv_vsetpvf(sv, pat, args) sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)) data/libffi-platypus-perl-1.34/include/ppport.h:6780:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vcatpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*)); data/libffi-platypus-perl-1.34/include/ppport.h:6809:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vcatpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*)); data/libffi-platypus-perl-1.34/include/ppport.h:6830:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vcatpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)); \ data/libffi-platypus-perl-1.34/include/ppport.h:6853:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vsetpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*)); data/libffi-platypus-perl-1.34/include/ppport.h:6882:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vsetpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*)); data/libffi-platypus-perl-1.34/include/ppport.h:6903:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)); \ data/libffi-platypus-perl-1.34/include/ppport.h:8561:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define HvNAMELEN_get(hv) (HvNAME_get(hv) ? (I32)strlen(HvNAME_get(hv)) : 0) data/libffi-platypus-perl-1.34/include/ppport.h:9195:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). STRLEN len = strlen(radix); data/libffi-platypus-perl-1.34/include/ppport.h:9790:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(buffer); data/libffi-platypus-perl-1.34/include/ppport.h:9831:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). used = strlen(dst); data/libffi-platypus-perl-1.34/include/ppport.h:9832:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(src); data/libffi-platypus-perl-1.34/include/ppport.h:9862:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(src); data/libffi-platypus-perl-1.34/t/ffi/meta.c:14:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). self->bar = malloc(strlen(bar)+1); data/libffi-platypus-perl-1.34/t/ffi/variadic.c:55:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bp += strlen(str); ANALYSIS SUMMARY: Hits = 85 Lines analyzed = 18606 in approximately 0.56 seconds (33122 lines/second) Physical Source Lines of Code (SLOC) = 11747 Hits@level = [0] 21 [1] 19 [2] 50 [3] 2 [4] 14 [5] 0 Hits@level+ = [0+] 106 [1+] 85 [2+] 66 [3+] 16 [4+] 14 [5+] 0 Hits/KSLOC@level+ = [0+] 9.02358 [1+] 7.23589 [2+] 5.61846 [3+] 1.36205 [4+] 1.19179 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.