Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libmaa-1.4.7/maa/alloca.c
Examining data/libmaa-1.4.7/maa/arg.c
Examining data/libmaa-1.4.7/maa/base26.c
Examining data/libmaa-1.4.7/maa/base64.c
Examining data/libmaa-1.4.7/maa/bit.c
Examining data/libmaa-1.4.7/maa/debug.c
Examining data/libmaa-1.4.7/maa/error.c
Examining data/libmaa-1.4.7/maa/flags.c
Examining data/libmaa-1.4.7/maa/hash.c
Examining data/libmaa-1.4.7/maa/list.c
Examining data/libmaa-1.4.7/maa/log.c
Examining data/libmaa-1.4.7/maa/maa.c
Examining data/libmaa-1.4.7/maa/maa.h
Examining data/libmaa-1.4.7/maa/maaP.h
Examining data/libmaa-1.4.7/maa/memory.c
Examining data/libmaa-1.4.7/maa/mkrnd.c
Examining data/libmaa-1.4.7/maa/parse-concrete.c
Examining data/libmaa-1.4.7/maa/pr.c
Examining data/libmaa-1.4.7/maa/prime.c
Examining data/libmaa-1.4.7/maa/rnd.c
Examining data/libmaa-1.4.7/maa/set.c
Examining data/libmaa-1.4.7/maa/sl.c
Examining data/libmaa-1.4.7/maa/source.c
Examining data/libmaa-1.4.7/maa/stack.c
Examining data/libmaa-1.4.7/maa/string.c
Examining data/libmaa-1.4.7/maa/text.c
Examining data/libmaa-1.4.7/maa/timer.c
Examining data/libmaa-1.4.7/maa/xmalloc.c
Examining data/libmaa-1.4.7/tests/arg/argtest.c
Examining data/libmaa-1.4.7/tests/base/basetest.c
Examining data/libmaa-1.4.7/tests/basics/basicstest.c
Examining data/libmaa-1.4.7/tests/bit/bittest.c
Examining data/libmaa-1.4.7/tests/debug/debugtest.c
Examining data/libmaa-1.4.7/tests/err/errtest.c
Examining data/libmaa-1.4.7/tests/hash/hashtest.c
Examining data/libmaa-1.4.7/tests/list/listtest.c
Examining data/libmaa-1.4.7/tests/log/logtest.c
Examining data/libmaa-1.4.7/tests/memobj/memobjtest.c
Examining data/libmaa-1.4.7/tests/memstr/memstrtest.c
Examining data/libmaa-1.4.7/tests/pr/prtest.c
Examining data/libmaa-1.4.7/tests/prime/primetest.c
Examining data/libmaa-1.4.7/tests/prm/prmtest.c
Examining data/libmaa-1.4.7/tests/set/settest.c
Examining data/libmaa-1.4.7/tests/sl/sltest.c
Examining data/libmaa-1.4.7/tests/stack/stacktest.c
Examining data/libmaa-1.4.7/tests/string/stringtest.c

FINAL RESULTS:

data/libmaa-1.4.7/maa/error.c:89:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(stderr, format, ap);
data/libmaa-1.4.7/maa/error.c:124:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(stderr, format, ap);
data/libmaa-1.4.7/maa/error.c:160:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(stderr, format, ap);
data/libmaa-1.4.7/maa/error.c:191:2:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	vfprintf(stderr, format, ap);
data/libmaa-1.4.7/maa/log.c:213:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(logFilename, logFilenameTmp);
data/libmaa-1.4.7/maa/log.c:325:3:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
		vsnprintf (buf_main, sizeof (buf_main), format, ap);
data/libmaa-1.4.7/maa/maa.h:313:33:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((noreturn,format(printf, 2, 3)));
data/libmaa-1.4.7/maa/maa.h:316:33:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((noreturn,format(printf, 2, 3)));
data/libmaa-1.4.7/maa/maa.h:319:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((format(printf, 2, 3)));
data/libmaa-1.4.7/maa/maa.h:322:33:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	__attribute__((noreturn,format(printf, 2, 3)));
data/libmaa-1.4.7/maa/pr.c:188:3:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		execvp(argv[0], argv);
data/libmaa-1.4.7/maa/pr.c:406:3:  [4] (shell) execvp:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
		execvp(argv[0], argv);
data/libmaa-1.4.7/maa/source.c:418:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		vfprintf(str, format, ap);
data/libmaa-1.4.7/maa/source.c:440:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
		vfprintf(str, format, ap);
data/libmaa-1.4.7/maa/string.c:374:3:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
		sprintf( buf, "%s%d", prefix, i++ );
data/libmaa-1.4.7/maa/mkrnd.c:41:27:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		printf( "%f, ", (double)random()/(double)INT_MAX);
data/libmaa-1.4.7/maa/sl.c:257:10:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	while ((random() & 0x80) &&  level < _sl_MaxLevel) ++level;
data/libmaa-1.4.7/tests/debug/debugtest.c:42:14:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt(argc, argv, "d:")) != -1) {
data/libmaa-1.4.7/tests/pr/prtest.c:40:14:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt(argc, argv, "D")) != EOF)
data/libmaa-1.4.7/maa/alloca.c:144:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char align[ALIGN_SIZE];	/* To force sizeof(header).  */
data/libmaa-1.4.7/maa/base26.c:64:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char          result[8] = { 'a', 'a', 'a', 'a', 'a', 'a', 'a', '\0'};
data/libmaa-1.4.7/maa/base64.c:84:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char   result[7];
data/libmaa-1.4.7/maa/log.c:53:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char       logHostname[MAXHOSTNAMELEN];
data/libmaa-1.4.7/maa/log.c:216:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		if ((logFd = open(logFilename, O_WRONLY|O_CREAT|O_APPEND, 0644)) < 0)
data/libmaa-1.4.7/maa/log.c:301:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char   buf [8192] = "";
data/libmaa-1.4.7/maa/log.c:302:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char   buf_main [4096] = "";
data/libmaa-1.4.7/maa/log.c:303:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char   buf_preamble [256] = "";
data/libmaa-1.4.7/maa/maa.c:89:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buffer[80];
data/libmaa-1.4.7/maa/maa.c:91:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buffer, "Libmaa %d.%d.%d", MAA_MAJOR, MAA_MINOR, MAA_TEENY);
data/libmaa-1.4.7/maa/memory.c:154:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(str, string, len + 1);
data/libmaa-1.4.7/maa/memory.c:181:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy((char *)p + i->growing_size, string, len);
data/libmaa-1.4.7/maa/mkrnd.c:39:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	count = atoi( argv[1] );
data/libmaa-1.4.7/maa/pr.c:166:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
				if ((null = open("/dev/null", flag)) >= 0) {	\
data/libmaa-1.4.7/maa/sl.c:263:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf[1024];
data/libmaa-1.4.7/maa/sl.c:265:2:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
	sprintf(buf, "%p", datum);
data/libmaa-1.4.7/maa/source.c:142:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	if ((lineno = atoi(arg_get(args, 1))) > 0) --lineno;
data/libmaa-1.4.7/maa/source.c:313:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char       buf[1024];
data/libmaa-1.4.7/maa/text.c:52:2:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
	strcpy(result, "Z000");
data/libmaa-1.4.7/maa/text.c:74:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char buf [5];
data/libmaa-1.4.7/maa/xmalloc.c:76:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy (pt, s, len + 1);
data/libmaa-1.4.7/tests/arg/argtest.c:36:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buffer [2000];
data/libmaa-1.4.7/tests/arg/argtest.c:44:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		f = fopen(argv [0], "r");
data/libmaa-1.4.7/tests/arg/argtest.c:46:7:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
		f = fopen("argtest.in", "r");
data/libmaa-1.4.7/tests/err/errtest.c:13:8:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	num = atoi(argv[1]);
data/libmaa-1.4.7/tests/hash/hashtest.c:40:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char ret[20];
data/libmaa-1.4.7/tests/hash/hashtest.c:47:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	static char ret[20];
data/libmaa-1.4.7/tests/hash/hashtest.c:54:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ret[20];
data/libmaa-1.4.7/tests/hash/hashtest.c:61:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char ret[20];
data/libmaa-1.4.7/tests/hash/hashtest.c:275:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		count = atoi(argv[1]);
data/libmaa-1.4.7/tests/pr/prtest.c:33:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf[BUFSIZ];
data/libmaa-1.4.7/tests/set/settest.c:66:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		count = atoi(argv[1]);
data/libmaa-1.4.7/tests/set/settest.c:77:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(key, "key%d", i);
data/libmaa-1.4.7/tests/set/settest.c:82:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		char        key[100];
data/libmaa-1.4.7/tests/set/settest.c:84:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(key, "key%d", i);
data/libmaa-1.4.7/tests/sl/sltest.c:67:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		count = atoi(argv[1]);
data/libmaa-1.4.7/tests/string/stringtest.c:35:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char          buf[100];
data/libmaa-1.4.7/tests/string/stringtest.c:45:11:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		count = atoi(argv[1]);
data/libmaa-1.4.7/tests/string/stringtest.c:53:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf, "key%d", i);
data/libmaa-1.4.7/tests/string/stringtest.c:60:3:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
		sprintf(buf, "key%d", i);
data/libmaa-1.4.7/maa/base26.c:86:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int           len = strlen(val);
data/libmaa-1.4.7/maa/base64.c:121:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	return b64_decode_buf(val, strlen(val));
data/libmaa-1.4.7/maa/hash.c:402:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	if ((i += strlen(s)+2) >= 60) { i=0; printf("\n"); }
data/libmaa-1.4.7/maa/log.c:232:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		logFilenameLen  = strlen(filename)*3+1024;
data/libmaa-1.4.7/maa/log.c:339:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			while (-1 == write (logFd, buf, strlen (buf)) && errno == EINTR);
data/libmaa-1.4.7/maa/memory.c:122:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	int        len = strlen(string);
data/libmaa-1.4.7/maa/pr.c:352:18:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
				if ((count = read(out, outPt, outMaxLen)) <= 0) {
data/libmaa-1.4.7/maa/source.c:137:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(tmp, line, length);
data/libmaa-1.4.7/maa/string.c:314:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy( tmp, s, length);
data/libmaa-1.4.7/maa/string.c:371:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char       *buf    = alloca( strlen( prefix ) + 100 );
data/libmaa-1.4.7/maa/xmalloc.c:70:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len = strlen (s);
data/libmaa-1.4.7/tests/err/errtest.c:32:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			n = read(100, NULL, 0);
data/libmaa-1.4.7/tests/err/errtest.c:59:8:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
			n = read(100, NULL, 0);
data/libmaa-1.4.7/tests/memstr/memstrtest.c:56:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mem_grow(strings, names[2], strlen(names[2]));
data/libmaa-1.4.7/tests/memstr/memstrtest.c:57:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mem_grow(strings, names[3], strlen(names[3]));
data/libmaa-1.4.7/tests/memstr/memstrtest.c:58:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mem_grow(strings, names[4], strlen(names[4]));
data/libmaa-1.4.7/tests/memstr/memstrtest.c:59:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	mem_grow(strings, names[5], strlen(names[5]));
data/libmaa-1.4.7/tests/memstr/memstrtest.c:62:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	printf("str4=%s\n", mem_strncpy(strings, names[6], strlen(names[6])));
data/libmaa-1.4.7/tests/pr/prtest.c:57:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
	while (cnt = read(fdout, buf, BUFSIZ-1), cnt > 0){

ANALYSIS SUMMARY:

Hits = 78
Lines analyzed = 10056 in approximately 0.39 seconds (25740 lines/second)
Physical Source Lines of Code (SLOC) = 6364
Hits@level = [0] 257 [1]  19 [2]  40 [3]   4 [4]  15 [5]   0
Hits@level+ = [0+] 335 [1+]  78 [2+]  59 [3+]  19 [4+]  15 [5+]   0
Hits/KSLOC@level+ = [0+] 52.6398 [1+] 12.2564 [2+] 9.2709 [3+] 2.98554 [4+] 2.35701 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.