Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libpst-0.6.75/src/pst2dii.cpp
Examining data/libpst-0.6.75/src/lzfu.c
Examining data/libpst-0.6.75/src/getidblock.c
Examining data/libpst-0.6.75/src/nick2ldif.cpp
Examining data/libpst-0.6.75/src/msg.h
Examining data/libpst-0.6.75/src/debug.c
Examining data/libpst-0.6.75/src/pst2ldif.cpp
Examining data/libpst-0.6.75/src/readpst.c
Examining data/libpst-0.6.75/src/msg.cpp
Examining data/libpst-0.6.75/src/libpst.h
Examining data/libpst-0.6.75/src/vbuf.c
Examining data/libpst-0.6.75/src/libstrfunc.h
Examining data/libpst-0.6.75/src/common.h
Examining data/libpst-0.6.75/src/timeconv.h
Examining data/libpst-0.6.75/src/vbuf.h
Examining data/libpst-0.6.75/src/deltasearch.cpp
Examining data/libpst-0.6.75/src/XGetopt.h
Examining data/libpst-0.6.75/src/libstrfunc.c
Examining data/libpst-0.6.75/src/lzfu.h
Examining data/libpst-0.6.75/src/define.h
Examining data/libpst-0.6.75/src/lspst.c
Examining data/libpst-0.6.75/src/dumpblocks.c
Examining data/libpst-0.6.75/src/XGetopt.c
Examining data/libpst-0.6.75/src/timeconv.c
Examining data/libpst-0.6.75/src/libpst.c
Examining data/libpst-0.6.75/python/python-libpst.cpp

FINAL RESULTS:

data/libpst-0.6.75/src/debug.c:101:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        vfprintf(debug_fp, fmt, ap);
data/libpst-0.6.75/src/define.h:66:13:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    #define vsnprintf  _vsnprintf
data/libpst-0.6.75/src/define.h:67:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    #define snprintf   _snprintf
data/libpst-0.6.75/src/define.h:67:24:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    #define snprintf   _snprintf
data/libpst-0.6.75/src/define.h:94:41:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    #define ctime_r(tp,tmp) (ctime(tp)?(strcpy((tmp),ctime((tp))),(tmp)):0)
data/libpst-0.6.75/src/define.h:98:45:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        #define ctime_r(tp,tmp) (ctime(tp)?(strcpy((tmp),ctime((tp))),(tmp)):0)
data/libpst-0.6.75/src/define.h:155:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf x;           \
data/libpst-0.6.75/src/dumpblocks.c:59:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf(outname, OUT_BUF, "%#"PRIx64, ptr->i_id);
data/libpst-0.6.75/src/nick2ldif.cpp:73:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(givenName, cn);
data/libpst-0.6.75/src/nick2ldif.cpp:74:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(sn, cn);
data/libpst-0.6.75/src/pst2dii.cpp:185:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(temp, "%s/%s_attach%i", output_directory, f_name, attach_num);
data/libpst-0.6.75/src/pst2dii.cpp:192:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(temp, "%s/%s_%s", output_directory, f_name, attach_filename);
data/libpst-0.6.75/src/pst2dii.cpp:194:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(temp, "%s/%s_%s-%i", output_directory, f_name, attach_filename, x);
data/libpst-0.6.75/src/pst2dii.cpp:385:11:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
    (void)system(conversion.c_str());
data/libpst-0.6.75/src/readpst.c:436:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(acceptable_extensions, optarg);
data/libpst-0.6.75/src/readpst.c:650:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(item->file_as.str, temp);
data/libpst-0.6.75/src/readpst.c:771:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(dir, OUTPUT_KMAIL_DIR_TEMPLATE, fname);
data/libpst-0.6.75/src/readpst.c:787:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(index, KMAIL_INDEX, fname);
data/libpst-0.6.75/src/readpst.c:894:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf(dir_name, dirsize, "%s" SEP_MAIL_FILE_TEMPLATE, dir, y, ""); // enough for 9 digits allocated above
data/libpst-0.6.75/src/readpst.c:959:5:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
    sprintf(f->name[t], SEP_MAIL_FILE_TEMPLATE, f->item_count, extension);
data/libpst-0.6.75/src/readpst.c:1087:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(temp, "%s-attach%i", f_name, attach_num);
data/libpst-0.6.75/src/readpst.c:1094:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(temp, "%s-%s", f_name, attach_filename);
data/libpst-0.6.75/src/readpst.c:1096:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(temp, "%s-%s-%i", f_name, attach_filename, x);
data/libpst-0.6.75/src/readpst.c:2041:13:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            fprintf(f_output, fmt, pst_rfc2426_escape(ef->value, &result, &resultlen));
data/libpst-0.6.75/src/readpst.c:2143:25:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                        strcpy(byday, temp);
data/libpst-0.6.75/src/readpst.c:2207:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(f->dname, item->file_as.str);
data/libpst-0.6.75/src/readpst.c:2216:17:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                sprintf(f->name[t], OUTPUT_TEMPLATE, item->file_as.str, item_type_to_name(t));
data/libpst-0.6.75/src/readpst.c:2248:17:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
                sprintf(f->name[t], OUTPUT_TEMPLATE, item->file_as.str, item_type_to_name(t));
data/libpst-0.6.75/src/readpst.c:2261:21:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                    sprintf(temp, "%s", f->name[t]);
data/libpst-0.6.75/src/readpst.c:2266:25:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                        sprintf(temp, "%s%08d", f->name[t], x);
data/libpst-0.6.75/src/XGetopt.c:139:5:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
int getopt(int argc, char* const* argv, char *optstring)
data/libpst-0.6.75/src/XGetopt.h:21:5:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
int getopt(int argc, char* const* argv, char *optstring);
data/libpst-0.6.75/src/dumpblocks.c:14:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "o:")) != -1) {
data/libpst-0.6.75/src/getidblock.c:93:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "bp")) != -1) {
data/libpst-0.6.75/src/lspst.c:221:14:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt(argc, argv, "d:f:lhV"))!= -1) {
data/libpst-0.6.75/src/nick2ldif.cpp:24:14:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
	while ((c = getopt(argc, argv, "b:c:"))!= -1) {
data/libpst-0.6.75/src/pst2dii.cpp:646:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "B:b:c:d:f:o:O:Vh"))!= -1) {
data/libpst-0.6.75/src/pst2ldif.cpp:589:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "b:c:d:l:oVh"))!= -1) {
data/libpst-0.6.75/src/readpst.c:422:5:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    srand((unsigned)now);
data/libpst-0.6.75/src/readpst.c:430:17:  [3] (buffer) getopt:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
    while ((c = getopt(argc, argv, "a:bC:c:Dd:emhj:kMo:qrSt:uVwL:8"))!= -1) {
data/libpst-0.6.75/python/python-libpst.cpp:131:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[30];
data/libpst-0.6.75/python/python-libpst.cpp:137:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[30];
data/libpst-0.6.75/python/python-libpst.cpp:143:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[30];
data/libpst-0.6.75/python/python-libpst.cpp:166:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    return ::fopen(filename.c_str(), mode.c_str());
data/libpst-0.6.75/src/debug.c:16:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char indent[MAX_DEPTH*4+1];
data/libpst-0.6.75/src/debug.c:52:21:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((debug_fp = fopen(fname, "wb")) == NULL) {
data/libpst-0.6.75/src/deltasearch.cpp:49:12:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	int  fd = open(argv[1], O_RDONLY);
data/libpst-0.6.75/src/deltasearch.cpp:50:12:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	int   d = atoi(argv[2]);
data/libpst-0.6.75/src/dumpblocks.c:60:23:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if ((fp = fopen(outname, "wb")) == NULL) {
data/libpst-0.6.75/src/libpst.c:74:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    base64_extra_chars[2];  // up to two pending unencoded bytes
data/libpst-0.6.75/src/libpst.c:330:19:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((pf->fp = fopen(name, "rb")) == NULL) {
data/libpst-0.6.75/src/libpst.c:782:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(wt, &(headerbuffer[xattrib.extended+sizeof(tint)]), (size_t)tint);
data/libpst-0.6.75/src/libpst.c:863:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(desc, buf, sizeof(pst_desc));
data/libpst-0.6.75/src/libpst.c:875:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&d32, buf, sizeof(pst_desc32));
data/libpst-0.6.75/src/libpst.c:897:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(table, buf, sizeof(struct pst_table_ptr_struct));
data/libpst-0.6.75/src/libpst.c:907:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&t32, buf, sizeof(struct pst_table_ptr_struct32));
data/libpst-0.6.75/src/libpst.c:926:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(index, buf, sizeof(pst_index));
data/libpst-0.6.75/src/libpst.c:938:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&index64, buf, sizeof(pst_index64));
data/libpst-0.6.75/src/libpst.c:955:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&index32, buf, sizeof(pst_index32));
data/libpst-0.6.75/src/libpst.c:978:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(assoc, buf, sizeof(pst_id2_assoc));
data/libpst-0.6.75/src/libpst.c:987:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&assoc32, buf, sizeof(pst_id2_assoc32));
data/libpst-0.6.75/src/libpst.c:1007:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(table3_rec, buf, sizeof(pst_table3_rec));
data/libpst-0.6.75/src/libpst.c:1014:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&table3_rec32, buf, sizeof(pst_table3_rec32));
data/libpst-0.6.75/src/libpst.c:1722:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(&table_rec.value, ind2_ptr + table2_rec.ind2_off, n);
data/libpst-0.6.75/src/libpst.c:1799:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(mo_ptr->elements[x]->data, &(table_rec.value), sizeof(int32_t));
data/libpst-0.6.75/src/libpst.c:1824:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(mo_ptr->elements[x]->data, value_pointer, value_size);
data/libpst-0.6.75/src/libpst.c:1846:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(mo_ptr->elements[x]->data, block_offset7.from, value_size);
data/libpst-0.6.75/src/libpst.c:1882:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(mo_ptr->elements[x]->data, utf8buf->b, utf8buf->dlen);
data/libpst-0.6.75/src/libpst.c:1924:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(targ, list->elements[x]->data, list->elements[x]->size);\
data/libpst-0.6.75/src/libpst.c:1976:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(targ), list->elements[x]->data, sizeof(targ));                 \
data/libpst-0.6.75/src/libpst.c:1990:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(targ), list->elements[x]->data, sizeof(targ));                 \
data/libpst-0.6.75/src/libpst.c:2109:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(targ, list->elements[x]->data, sizeof(FILETIME));            \
data/libpst-0.6.75/src/libpst.c:2141:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(targ.data, list->elements[x]->data, targ.size);      \
data/libpst-0.6.75/src/libpst.c:2190:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char time_buffer[30];
data/libpst-0.6.75/src/libpst.c:2211:33:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                                memcpy(ef->value, list->elements[x]->data + offset, string_length);
data/libpst-0.6.75/src/libpst.c:3658:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(p->from), &(buf[(i_offset+2)+of1]), sizeof(p->from));
data/libpst-0.6.75/src/libpst.c:3659:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(p->to), &(buf[(i_offset+2)+of1+sizeof(p->from)]), sizeof(p->to));
data/libpst-0.6.75/src/libpst.c:4163:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(*(h->buf)+size, *buf, z);
data/libpst-0.6.75/src/libpst.c:4172:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(*buf, h->base64_extra_chars, h->base64_extra);
data/libpst-0.6.75/src/libpst.c:4180:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(h->base64_extra_chars, *buf+z, h->base64_extra);
data/libpst-0.6.75/src/libpst.c:4473:5:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
    strcpy(buffer, "utf-8''");
data/libpst-0.6.75/src/libpst.c:4548:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[30];
data/libpst-0.6.75/src/libpst.h:104:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char entryid[16];
data/libpst-0.6.75/src/lspst.c:103:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                            char time_buffer[MAXDATEFMTLEN];
data/libpst-0.6.75/src/lspst.c:146:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char time_buffer[30];
data/libpst-0.6.75/src/lzfu.c:39:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char dict[4096];       // the dictionary buffer
data/libpst-0.6.75/src/lzfu.c:51:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(dict, LZFU_INITDICT, LZFU_INITLENGTH);
data/libpst-0.6.75/src/lzfu.c:80:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(&blkhdr, rtfcomp+in_ptr, 2);
data/libpst-0.6.75/src/msg.cpp:106:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[bsize];
data/libpst-0.6.75/src/msg.cpp:206:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char charset[30];
data/libpst-0.6.75/src/msg.cpp:369:28:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                FILE *fp = fopen("temp_file_attachment", "w+b");
data/libpst-0.6.75/src/nick2ldif.cpp:44:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char line[LINE_SIZE];
data/libpst-0.6.75/src/nick2ldif.cpp:64:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
			char cn[1000], givenName[1000], sn[1000];
data/libpst-0.6.75/src/pst2dii.cpp:195:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        } while ((fp = fopen(temp, "r")) && ++x < 99999999);
data/libpst-0.6.75/src/pst2dii.cpp:201:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!(fp = fopen(temp, "wb"))) {
data/libpst-0.6.75/src/pst2dii.cpp:228:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char xline[len+1];
data/libpst-0.6.75/src/pst2dii.cpp:229:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(xline, line, len);
data/libpst-0.6.75/src/pst2dii.cpp:264:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char blanks[5];
data/libpst-0.6.75/src/pst2dii.cpp:325:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char line[LINE_SIZE];
data/libpst-0.6.75/src/pst2dii.cpp:350:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        FILE *pngout = fopen(fn, "wb");
data/libpst-0.6.75/src/pst2dii.cpp:423:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char f[len];
data/libpst-0.6.75/src/pst2dii.cpp:460:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char folder_line[LINE_SIZE];
data/libpst-0.6.75/src/pst2dii.cpp:461:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[LINE_SIZE];
data/libpst-0.6.75/src/pst2dii.cpp:483:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char c_time[C_TIME_SIZE];
data/libpst-0.6.75/src/pst2dii.cpp:491:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char c_time[C_TIME_SIZE];
data/libpst-0.6.75/src/pst2dii.cpp:543:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char c_time[C_TIME_SIZE];
data/libpst-0.6.75/src/pst2dii.cpp:562:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char ln[LINE_SIZE];
data/libpst-0.6.75/src/pst2dii.cpp:652:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            bates_index = atoi(optarg);
data/libpst-0.6.75/src/pst2dii.cpp:721:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    dii_file = fopen(output_file, "wb");
data/libpst-0.6.75/src/pst2ldif.cpp:126:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    char cn[1000];
data/libpst-0.6.75/src/pst2ldif.cpp:522:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&value[0], value1.str, len1);
data/libpst-0.6.75/src/pst2ldif.cpp:524:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&value[0] + len1 + 1, value2.str, len2 + 1);
data/libpst-0.6.75/src/readpst.c:21:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *name[PST_TYPE_MAX];
data/libpst-0.6.75/src/readpst.c:482:28:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            max_children = atoi(optarg);
data/libpst-0.6.75/src/readpst.c:502:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            pst_debug_setlevel(atoi(optarg));
data/libpst-0.6.75/src/readpst.c:886:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dir_name[dirsize];
data/libpst-0.6.75/src/readpst.c:962:30:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if (!(f->output[t] = fopen(f->name[t], "w"))) {
data/libpst-0.6.75/src/readpst.c:1097:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        } while ((fp = fopen(temp, "r")) && ++x < 99999999);
data/libpst-0.6.75/src/readpst.c:1103:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (!(fp = fopen(temp, "w"))) {
data/libpst-0.6.75/src/readpst.c:1291:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char search[60];
data/libpst-0.6.75/src/readpst.c:1519:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fname[30];
data/libpst-0.6.75/src/readpst.c:1540:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char boundary[60];
data/libpst-0.6.75/src/readpst.c:1541:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char altboundary[66];
data/libpst-0.6.75/src/readpst.c:1543:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char body_charset[30];
data/libpst-0.6.75/src/readpst.c:1544:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer_charset[30];
data/libpst-0.6.75/src/readpst.c:1545:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char body_report[60];
data/libpst-0.6.75/src/readpst.c:1546:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sender[60];
data/libpst-0.6.75/src/readpst.c:1725:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char c_time[C_TIME_SIZE];
data/libpst-0.6.75/src/readpst.c:1871:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   time_buffer[30];
data/libpst-0.6.75/src/readpst.c:2057:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   time_buffer[30];
data/libpst-0.6.75/src/readpst.c:2085:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   time_buffer[30];
data/libpst-0.6.75/src/readpst.c:2134:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char byday[40];
data/libpst-0.6.75/src/readpst.c:2141:25:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        char temp[40];
data/libpst-0.6.75/src/readpst.c:2228:31:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            FILE *type_file = fopen(".type", "w");
data/libpst-0.6.75/src/readpst.c:2263:44:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                    while ((f->output[t] = fopen(temp, "r"))) {
data/libpst-0.6.75/src/readpst.c:2281:38:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                if (!(f->output[t] = fopen(f->name[t], "w"))) {
data/libpst-0.6.75/src/readpst.c:2326:31:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            FILE *type_file = fopen(".size", "w");
data/libpst-0.6.75/src/vbuf.c:162:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(nb, vb->b, vb->dlen);
data/libpst-0.6.75/src/vbuf.c:169:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(vb->buf, vb->b, vb->dlen);
data/libpst-0.6.75/src/vbuf.c:183:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(vb->b, b, len);
data/libpst-0.6.75/src/vbuf.c:197:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(vb->b + vb->dlen, b, len);
data/libpst-0.6.75/src/deltasearch.cpp:58:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
		size_t s = read(fd, &buf[0], size);
data/libpst-0.6.75/src/libpst.c:642:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                (void)pst_fwrite(c, (size_t)1, strlen(c), fp);
data/libpst-0.6.75/src/libpst.c:4186:87:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            DEBUG_INFO(("writing %i bytes to file as base64 [%i]. Currently %i\n", z, strlen(t), size));
data/libpst-0.6.75/src/libpst.c:4187:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            (void)pst_fwrite(t, (size_t)1, strlen(t), h->fp);
data/libpst-0.6.75/src/libpst.c:4218:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            (void)pst_fwrite(t, (size_t)1, strlen(t), h->fp);
data/libpst-0.6.75/src/libpst.c:4311:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        x = strlen(str) + y - z + 1; // don't forget room for the NUL
data/libpst-0.6.75/src/libpst.c:4471:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(str->str) + 2*needs + 15;
data/libpst-0.6.75/src/libpst.c:4477:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    z += strlen(buffer);    // skip the utf8 prefix
data/libpst-0.6.75/src/libpst.c:4513:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char *enc = pst_base64_encode_single(str->str, strlen(str->str));
data/libpst-0.6.75/src/libpst.c:4515:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int n = strlen(enc) + 20;
data/libpst-0.6.75/src/libpst.c:4521:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int n = strlen(str->str) + 10;
data/libpst-0.6.75/src/libpst.c:4567:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t rc = pst_vb_8bit2utf8(newer, str->str, strlen(str->str) + 1, charset);
data/libpst-0.6.75/src/msg.cpp:42:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t strsize = strlen(str.str);
data/libpst-0.6.75/src/msg.cpp:130:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        string_property(out, prop, tag, contents.str, strlen(contents.str));
data/libpst-0.6.75/src/msg.cpp:139:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        string_property(out, prop, tag, contents.str, strlen(contents.str)+1);
data/libpst-0.6.75/src/msg.cpp:395:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        string_property(out, prop_list, 0x3704001E, n, strlen(n));
data/libpst-0.6.75/src/nick2ldif.cpp:47:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		int n = strlen(line);
data/libpst-0.6.75/src/nick2ldif.cpp:68:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(givenName, ff+1, sizeof(givenName)-1);
data/libpst-0.6.75/src/nick2ldif.cpp:70:17:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
                strncpy(sn, f, sizeof(sn)-1);
data/libpst-0.6.75/src/pst2dii.cpp:136:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strncmp(headers, bad, strlen(bad)) == 0) {
data/libpst-0.6.75/src/pst2dii.cpp:181:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(output_directory) + 1 + strlen(f_name) + 15;
data/libpst-0.6.75/src/pst2dii.cpp:181:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(output_directory) + 1 + strlen(f_name) + 15;
data/libpst-0.6.75/src/pst2dii.cpp:188:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        temp = (char*)pst_malloc(len+strlen(attach_filename));
data/libpst-0.6.75/src/pst2dii.cpp:270:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(line);
data/libpst-0.6.75/src/pst2dii.cpp:300:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pst_fwrite(line, 1, strlen(line), dii_file);
data/libpst-0.6.75/src/pst2dii.cpp:372:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(output_directory) + 4 + 6 + 4 + 1;
data/libpst-0.6.75/src/pst2dii.cpp:422:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(field) + 4;
data/libpst-0.6.75/src/pst2dii.cpp:427:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        p += strlen(f);
data/libpst-0.6.75/src/pst2dii.cpp:513:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int len = strlen(soh);
data/libpst-0.6.75/src/pst2ldif.cpp:102:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        vector<char> n(strlen(name)+10);
data/libpst-0.6.75/src/pst2ldif.cpp:375:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(value) + 1;
data/libpst-0.6.75/src/pst2ldif.cpp:508:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len1 = strlen(value1.str);
data/libpst-0.6.75/src/pst2ldif.cpp:515:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len2 = strlen(value2.str);
data/libpst-0.6.75/src/pst2ldif.cpp:654:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (old_schema && (strlen(ldap_base) > 2)) {
data/libpst-0.6.75/src/readpst.c:434:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                int n = strlen(optarg);
data/libpst-0.6.75/src/readpst.c:649:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        item->file_as.str = (char*)pst_malloc(strlen(temp)+1);
data/libpst-0.6.75/src/readpst.c:697:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    pst_fwrite(body, strlen(body), 1, f);
data/libpst-0.6.75/src/readpst.c:770:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dir = pst_malloc(strlen(fname)+strlen(OUTPUT_KMAIL_DIR_TEMPLATE)+1);
data/libpst-0.6.75/src/readpst.c:770:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    dir = pst_malloc(strlen(fname)+strlen(OUTPUT_KMAIL_DIR_TEMPLATE)+1);
data/libpst-0.6.75/src/readpst.c:786:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    index = pst_malloc(strlen(fname)+strlen(KMAIL_INDEX)+1);
data/libpst-0.6.75/src/readpst.c:786:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    index = pst_malloc(strlen(fname)+strlen(KMAIL_INDEX)+1);
data/libpst-0.6.75/src/readpst.c:885:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t dirsize = strlen(dir) + 10;
data/libpst-0.6.75/src/readpst.c:1052:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        a += strlen(a) + 1;
data/libpst-0.6.75/src/readpst.c:1086:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        temp = pst_malloc(strlen(f_name)+15);
data/libpst-0.6.75/src/readpst.c:1090:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        temp = pst_malloc(strlen(f_name)+strlen(attach_filename)+15);
data/libpst-0.6.75/src/readpst.c:1090:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        temp = pst_malloc(strlen(f_name)+strlen(attach_filename)+15);
data/libpst-0.6.75/src/readpst.c:1237:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int n = strlen(field);
data/libpst-0.6.75/src/readpst.c:1267:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (strlen(header) > 2) {
data/libpst-0.6.75/src/readpst.c:1279:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (my_stristr(header, field) || (strncasecmp(header, field+1, strlen(field)-1) == 0)) {
data/libpst-0.6.75/src/readpst.c:1298:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        s += strlen(search);    // skip over subfield=
data/libpst-0.6.75/src/readpst.c:1321:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!t && (strncasecmp(header, field+1, strlen(field)-1) == 0)) t = header;
data/libpst-0.6.75/src/readpst.c:1368:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            DEBUG_HEXDUMPC(body, strlen(body), 0x10);
data/libpst-0.6.75/src/readpst.c:1398:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            DEBUG_HEXDUMPC(html, strlen(html), 0x10);
data/libpst-0.6.75/src/readpst.c:1446:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t body_len = strlen(body->str);
data/libpst-0.6.75/src/readpst.c:1562:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(body_charset, pst_default_charset(item, sizeof(buffer_charset), buffer_charset), sizeof(body_charset));
data/libpst-0.6.75/src/readpst.c:1564:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
    strncpy(body_report, "delivery-status", sizeof(body_report));
data/libpst-0.6.75/src/readpst.c:1576:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(sender, temp, sizeof(sender));
data/libpst-0.6.75/src/readpst.c:1584:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            c_time[strlen(c_time)-1] = '\0'; //remove end \n
data/libpst-0.6.75/src/readpst.c:1669:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int len = strlen(headers);
data/libpst-0.6.75/src/readpst.c:1742:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        && (strlen(item->email->sender_address.str) > 0)) {
data/libpst-0.6.75/src/readpst.c:2206:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    f->dname = (char*) pst_malloc(strlen(item->file_as.str)+1);
data/libpst-0.6.75/src/readpst.c:2215:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                f->name[t] = (char*) pst_malloc(strlen(item->file_as.str)+strlen(OUTPUT_TEMPLATE)+30);
data/libpst-0.6.75/src/readpst.c:2215:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                f->name[t] = (char*) pst_malloc(strlen(item->file_as.str)+strlen(OUTPUT_TEMPLATE)+30);
data/libpst-0.6.75/src/readpst.c:2247:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                f->name[t] = (char*) pst_malloc(strlen(item->file_as.str)+strlen(OUTPUT_TEMPLATE)+30);
data/libpst-0.6.75/src/readpst.c:2247:75:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                f->name[t] = (char*) pst_malloc(strlen(item->file_as.str)+strlen(OUTPUT_TEMPLATE)+30);
data/libpst-0.6.75/src/readpst.c:2259:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    char *temp = (char*) pst_malloc (strlen(f->name[t])+10); //enough room for 10 digits

ANALYSIS SUMMARY:

Hits = 207
Lines analyzed = 12715 in approximately 0.44 seconds (28926 lines/second)
Physical Source Lines of Code (SLOC) = 9906
Hits@level = [0] 378 [1]  66 [2] 101 [3]  10 [4]  30 [5]   0
Hits@level+ = [0+] 585 [1+] 207 [2+] 141 [3+]  40 [4+]  30 [5+]   0
Hits/KSLOC@level+ = [0+] 59.0551 [1+] 20.8964 [2+] 14.2338 [3+] 4.03796 [4+] 3.02847 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.