Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libsecp256k1-0.1~20190331/contrib/lax_der_parsing.c
Examining data/libsecp256k1-0.1~20190331/contrib/lax_der_parsing.h
Examining data/libsecp256k1-0.1~20190331/contrib/lax_der_privatekey_parsing.c
Examining data/libsecp256k1-0.1~20190331/contrib/lax_der_privatekey_parsing.h
Examining data/libsecp256k1-0.1~20190331/include/secp256k1.h
Examining data/libsecp256k1-0.1~20190331/include/secp256k1_ecdh.h
Examining data/libsecp256k1-0.1~20190331/include/secp256k1_recovery.h
Examining data/libsecp256k1-0.1~20190331/src/basic-config.h
Examining data/libsecp256k1-0.1~20190331/src/bench.h
Examining data/libsecp256k1-0.1~20190331/src/bench_ecdh.c
Examining data/libsecp256k1-0.1~20190331/src/bench_ecmult.c
Examining data/libsecp256k1-0.1~20190331/src/bench_internal.c
Examining data/libsecp256k1-0.1~20190331/src/bench_recover.c
Examining data/libsecp256k1-0.1~20190331/src/bench_sign.c
Examining data/libsecp256k1-0.1~20190331/src/bench_verify.c
Examining data/libsecp256k1-0.1~20190331/src/ecdsa.h
Examining data/libsecp256k1-0.1~20190331/src/ecdsa_impl.h
Examining data/libsecp256k1-0.1~20190331/src/eckey.h
Examining data/libsecp256k1-0.1~20190331/src/eckey_impl.h
Examining data/libsecp256k1-0.1~20190331/src/ecmult.h
Examining data/libsecp256k1-0.1~20190331/src/ecmult_const.h
Examining data/libsecp256k1-0.1~20190331/src/ecmult_const_impl.h
Examining data/libsecp256k1-0.1~20190331/src/ecmult_gen.h
Examining data/libsecp256k1-0.1~20190331/src/ecmult_gen_impl.h
Examining data/libsecp256k1-0.1~20190331/src/ecmult_impl.h
Examining data/libsecp256k1-0.1~20190331/src/field.h
Examining data/libsecp256k1-0.1~20190331/src/field_10x26.h
Examining data/libsecp256k1-0.1~20190331/src/field_10x26_impl.h
Examining data/libsecp256k1-0.1~20190331/src/field_5x52.h
Examining data/libsecp256k1-0.1~20190331/src/field_5x52_asm_impl.h
Examining data/libsecp256k1-0.1~20190331/src/field_5x52_impl.h
Examining data/libsecp256k1-0.1~20190331/src/field_5x52_int128_impl.h
Examining data/libsecp256k1-0.1~20190331/src/field_impl.h
Examining data/libsecp256k1-0.1~20190331/src/gen_context.c
Examining data/libsecp256k1-0.1~20190331/src/group.h
Examining data/libsecp256k1-0.1~20190331/src/group_impl.h
Examining data/libsecp256k1-0.1~20190331/src/hash.h
Examining data/libsecp256k1-0.1~20190331/src/hash_impl.h
Examining data/libsecp256k1-0.1~20190331/src/java/org_bitcoin_NativeSecp256k1.c
Examining data/libsecp256k1-0.1~20190331/src/java/org_bitcoin_NativeSecp256k1.h
Examining data/libsecp256k1-0.1~20190331/src/java/org_bitcoin_Secp256k1Context.c
Examining data/libsecp256k1-0.1~20190331/src/java/org_bitcoin_Secp256k1Context.h
Examining data/libsecp256k1-0.1~20190331/src/modules/ecdh/main_impl.h
Examining data/libsecp256k1-0.1~20190331/src/modules/ecdh/tests_impl.h
Examining data/libsecp256k1-0.1~20190331/src/modules/recovery/main_impl.h
Examining data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h
Examining data/libsecp256k1-0.1~20190331/src/num.h
Examining data/libsecp256k1-0.1~20190331/src/num_gmp.h
Examining data/libsecp256k1-0.1~20190331/src/num_gmp_impl.h
Examining data/libsecp256k1-0.1~20190331/src/num_impl.h
Examining data/libsecp256k1-0.1~20190331/src/scalar.h
Examining data/libsecp256k1-0.1~20190331/src/scalar_4x64.h
Examining data/libsecp256k1-0.1~20190331/src/scalar_4x64_impl.h
Examining data/libsecp256k1-0.1~20190331/src/scalar_8x32.h
Examining data/libsecp256k1-0.1~20190331/src/scalar_8x32_impl.h
Examining data/libsecp256k1-0.1~20190331/src/scalar_impl.h
Examining data/libsecp256k1-0.1~20190331/src/scalar_low.h
Examining data/libsecp256k1-0.1~20190331/src/scalar_low_impl.h
Examining data/libsecp256k1-0.1~20190331/src/scratch.h
Examining data/libsecp256k1-0.1~20190331/src/scratch_impl.h
Examining data/libsecp256k1-0.1~20190331/src/secp256k1.c
Examining data/libsecp256k1-0.1~20190331/src/testrand.h
Examining data/libsecp256k1-0.1~20190331/src/testrand_impl.h
Examining data/libsecp256k1-0.1~20190331/src/tests.c
Examining data/libsecp256k1-0.1~20190331/src/tests_exhaustive.c
Examining data/libsecp256k1-0.1~20190331/src/util.h
FINAL RESULTS:
data/libsecp256k1-0.1~20190331/src/bench_ecmult.c:132:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(str, includes_g ? "ecmult_%ig" : "ecmult_%i", (int)count);
data/libsecp256k1-0.1~20190331/contrib/lax_der_parsing.c:16:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmpsig[64] = {0};
data/libsecp256k1-0.1~20190331/contrib/lax_der_parsing.c:126:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpsig + 32 - rlen, input + rpos, rlen);
data/libsecp256k1-0.1~20190331/contrib/lax_der_parsing.c:138:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmpsig + 64 - slen, input + spos, slen);
data/libsecp256k1-0.1~20190331/contrib/lax_der_privatekey_parsing.c:48:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out32 + 32 - privkey[1], privkey + 2, privkey[1]);
data/libsecp256k1-0.1~20190331/contrib/lax_der_privatekey_parsing.c:79:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin);
data/libsecp256k1-0.1~20190331/contrib/lax_der_privatekey_parsing.c:80:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, key32, 32); ptr += 32;
data/libsecp256k1-0.1~20190331/contrib/lax_der_privatekey_parsing.c:81:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle);
data/libsecp256k1-0.1~20190331/contrib/lax_der_privatekey_parsing.c:104:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, begin, sizeof(begin)); ptr += sizeof(begin);
data/libsecp256k1-0.1~20190331/contrib/lax_der_privatekey_parsing.c:105:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, key32, 32); ptr += 32;
data/libsecp256k1-0.1~20190331/contrib/lax_der_privatekey_parsing.c:106:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, middle, sizeof(middle)); ptr += sizeof(middle);
data/libsecp256k1-0.1~20190331/include/secp256k1.h:67:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[64];
data/libsecp256k1-0.1~20190331/include/secp256k1.h:80:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[64];
data/libsecp256k1-0.1~20190331/include/secp256k1_recovery.h:25:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[65];
data/libsecp256k1-0.1~20190331/src/bench_ecdh.c:17:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char scalar[32];
data/libsecp256k1-0.1~20190331/src/bench_ecdh.c:41:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[32];
data/libsecp256k1-0.1~20190331/src/bench_ecmult.c:93:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[11] = {'e', 'c', 'm', 'u', 'l', 't', 0, 0, 0, 0};
data/libsecp256k1-0.1~20190331/src/bench_ecmult.c:94:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[32];
data/libsecp256k1-0.1~20190331/src/bench_ecmult.c:108:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/libsecp256k1-0.1~20190331/src/bench_internal.c:26:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[64];
data/libsecp256k1-0.1~20190331/src/bench_internal.c:33:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char init_x[32] = {
data/libsecp256k1-0.1~20190331/src/bench_internal.c:40:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char init_y[32] = {
data/libsecp256k1-0.1~20190331/src/bench_internal.c:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->data, init_x, 32);
data/libsecp256k1-0.1~20190331/src/bench_internal.c:56:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->data + 32, init_y, 32);
data/libsecp256k1-0.1~20190331/src/bench_recover.c:14:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg[32];
data/libsecp256k1-0.1~20190331/src/bench_recover.c:15:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[64];
data/libsecp256k1-0.1~20190331/src/bench_recover.c:22:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pubkeyc[33];
data/libsecp256k1-0.1~20190331/src/bench_sign.c:13:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg[32];
data/libsecp256k1-0.1~20190331/src/bench_sign.c:14:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[32];
data/libsecp256k1-0.1~20190331/src/bench_sign.c:33:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[74];
data/libsecp256k1-0.1~20190331/src/bench_verify.c:22:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg[32];
data/libsecp256k1-0.1~20190331/src/bench_verify.c:23:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[32];
data/libsecp256k1-0.1~20190331/src/bench_verify.c:24:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[72];
data/libsecp256k1-0.1~20190331/src/bench_verify.c:26:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pubkey[33];
data/libsecp256k1-0.1~20190331/src/ecdsa_impl.h:101:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ra[32] = {0};
data/libsecp256k1-0.1~20190331/src/ecdsa_impl.h:135:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ra + 32 - rlen, *sig, rlen);
data/libsecp256k1-0.1~20190331/src/ecdsa_impl.h:178:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char r[33] = {0}, s[33] = {0};
data/libsecp256k1-0.1~20190331/src/ecdsa_impl.h:194:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sig+4, rp, lenR);
data/libsecp256k1-0.1~20190331/src/ecdsa_impl.h:197:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sig+lenR+6, sp, lenS);
data/libsecp256k1-0.1~20190331/src/ecdsa_impl.h:202:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[32];
data/libsecp256k1-0.1~20190331/src/ecdsa_impl.h:272:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[32];
data/libsecp256k1-0.1~20190331/src/ecmult_gen_impl.h:40:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char nums_b32[33] = "The scalar for this x is unknown";
data/libsecp256k1-0.1~20190331/src/ecmult_gen_impl.h:105:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->prec, src->prec, sizeof(*dst->prec));
data/libsecp256k1-0.1~20190331/src/ecmult_gen_impl.h:163:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce32[32];
data/libsecp256k1-0.1~20190331/src/ecmult_gen_impl.h:166:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keydata[64] = {0};
data/libsecp256k1-0.1~20190331/src/ecmult_gen_impl.h:179:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keydata, nonce32, 32);
data/libsecp256k1-0.1~20190331/src/ecmult_gen_impl.h:181:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keydata + 32, seed32, 32);
data/libsecp256k1-0.1~20190331/src/ecmult_impl.h:343:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->pre_g, src->pre_g, size);
data/libsecp256k1-0.1~20190331/src/ecmult_impl.h:351:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->pre_g_128, src->pre_g_128, size);
data/libsecp256k1-0.1~20190331/src/field_impl.h:239:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char prime[32] = {
data/libsecp256k1-0.1~20190331/src/field_impl.h:245:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[32];
data/libsecp256k1-0.1~20190331/src/field_impl.h:295:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[32];
data/libsecp256k1-0.1~20190331/src/field_impl.h:299:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char prime[32] = {
data/libsecp256k1-0.1~20190331/src/gen_context.c:36:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("src/ecmult_static_context.h","w");
data/libsecp256k1-0.1~20190331/src/hash.h:32:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char v[32];
data/libsecp256k1-0.1~20190331/src/hash.h:33:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char k[32];
data/libsecp256k1-0.1~20190331/src/hash_impl.h:137:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((unsigned char*)hash->buf) + bufsize, data, chunk_len);
data/libsecp256k1-0.1~20190331/src/hash_impl.h:145:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((unsigned char*)hash->buf) + bufsize, data, len);
data/libsecp256k1-0.1~20190331/src/hash_impl.h:150:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char pad[64] = {0x80, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
data/libsecp256k1-0.1~20190331/src/hash_impl.h:162:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out32, (const unsigned char*)out, 32);
data/libsecp256k1-0.1~20190331/src/hash_impl.h:167:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rkey[64];
data/libsecp256k1-0.1~20190331/src/hash_impl.h:169:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rkey, key, keylen);
data/libsecp256k1-0.1~20190331/src/hash_impl.h:198:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temp[32];
data/libsecp256k1-0.1~20190331/src/hash_impl.h:208:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char zero[1] = {0x00};
data/libsecp256k1-0.1~20190331/src/hash_impl.h:209:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char one[1] = {0x01};
data/libsecp256k1-0.1~20190331/src/hash_impl.h:238:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char zero[1] = {0x00};
data/libsecp256k1-0.1~20190331/src/hash_impl.h:259:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, rng->v, now);
data/libsecp256k1-0.1~20190331/src/java/org_bitcoin_NativeSecp256k1.c:82:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char intsarray[2];
data/libsecp256k1-0.1~20190331/src/java/org_bitcoin_NativeSecp256k1.c:88:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char outputSer[72];
data/libsecp256k1-0.1~20190331/src/java/org_bitcoin_NativeSecp256k1.c:136:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char intsarray[2];
data/libsecp256k1-0.1~20190331/src/java/org_bitcoin_NativeSecp256k1.c:140:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char outputSer[65];
data/libsecp256k1-0.1~20190331/src/java/org_bitcoin_NativeSecp256k1.c:177:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char intsarray[2];
data/libsecp256k1-0.1~20190331/src/java/org_bitcoin_NativeSecp256k1.c:212:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char intsarray[2];
data/libsecp256k1-0.1~20190331/src/java/org_bitcoin_NativeSecp256k1.c:248:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char intsarray[2];
data/libsecp256k1-0.1~20190331/src/java/org_bitcoin_NativeSecp256k1.c:249:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char outputSer[65];
data/libsecp256k1-0.1~20190331/src/java/org_bitcoin_NativeSecp256k1.c:292:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char intsarray[2];
data/libsecp256k1-0.1~20190331/src/java/org_bitcoin_NativeSecp256k1.c:293:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char outputSer[65];
data/libsecp256k1-0.1~20190331/src/java/org_bitcoin_NativeSecp256k1.c:344:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char intsarray[1];
data/libsecp256k1-0.1~20190331/src/java/org_bitcoin_NativeSecp256k1.c:346:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce_res[32];
data/libsecp256k1-0.1~20190331/src/modules/ecdh/main_impl.h:48:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x[32];
data/libsecp256k1-0.1~20190331/src/modules/ecdh/main_impl.h:49:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char y[32];
data/libsecp256k1-0.1~20190331/src/modules/ecdh/tests_impl.h:22:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output + 1, x, 32);
data/libsecp256k1-0.1~20190331/src/modules/ecdh/tests_impl.h:23:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output + 33, y, 32);
data/libsecp256k1-0.1~20190331/src/modules/ecdh/tests_impl.h:31:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[32];
data/libsecp256k1-0.1~20190331/src/modules/ecdh/tests_impl.h:32:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s_one[32] = { 0 };
data/libsecp256k1-0.1~20190331/src/modules/ecdh/tests_impl.h:57:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s_one[32] = { 0 };
data/libsecp256k1-0.1~20190331/src/modules/ecdh/tests_impl.h:65:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s_b32[32];
data/libsecp256k1-0.1~20190331/src/modules/ecdh/tests_impl.h:66:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_ecdh[65];
data/libsecp256k1-0.1~20190331/src/modules/ecdh/tests_impl.h:67:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output_ser[32];
data/libsecp256k1-0.1~20190331/src/modules/ecdh/tests_impl.h:68:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char point_ser[65];
data/libsecp256k1-0.1~20190331/src/modules/ecdh/tests_impl.h:98:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s_zero[32] = { 0 };
data/libsecp256k1-0.1~20190331/src/modules/ecdh/tests_impl.h:99:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s_overflow[32] = {
data/libsecp256k1-0.1~20190331/src/modules/ecdh/tests_impl.h:105:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char s_rand[32] = { 0 };
data/libsecp256k1-0.1~20190331/src/modules/ecdh/tests_impl.h:106:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char output[32];
data/libsecp256k1-0.1~20190331/src/modules/recovery/main_impl.h:18:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, &sig->data[0], 32);
data/libsecp256k1-0.1~20190331/src/modules/recovery/main_impl.h:19:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, &sig->data[32], 32);
data/libsecp256k1-0.1~20190331/src/modules/recovery/main_impl.h:29:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sig->data[0], r, 32);
data/libsecp256k1-0.1~20190331/src/modules/recovery/main_impl.h:30:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sig->data[32], s, 32);
data/libsecp256k1-0.1~20190331/src/modules/recovery/main_impl.h:88:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char brx[32];
data/libsecp256k1-0.1~20190331/src/modules/recovery/main_impl.h:141:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce32[32];
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:41:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char privkey[32] = { 1 };
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:42:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char message[32] = { 2 };
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:45:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[74];
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:46:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char zero_privkey[32] = { 0 };
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:47:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char over_privkey[32] = { 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:139:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sig, over_privkey, 32);
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:151:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char extra[32] = {0x00};
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:152:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char privkey[32];
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:153:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char message[32];
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:156:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[74];
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:210:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char msg32[32] = {
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:216:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char sig64[64] = {
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:230:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char sigb64[64] = {
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:258:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sigbder[8] = {0x30, 0x06, 0x02, 0x01, 0x04, 0x02, 0x01, 0x04};
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:259:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sigcder_zr[7] = {0x30, 0x05, 0x02, 0x00, 0x02, 0x01, 0x01};
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:260:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sigcder_zs[7] = {0x30, 0x05, 0x02, 0x01, 0x01, 0x02, 0x00};
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:261:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sigbderalt1[39] = {
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:268:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sigbderalt2[39] = {
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:275:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sigbderalt3[40] = {
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:282:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sigbderalt4[40] = {
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:290:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sigbderlong[40] = {
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:349:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sigcder[8] = {0x30, 0x06, 0x02, 0x01, 0x01, 0x02, 0x01, 0x01};
data/libsecp256k1-0.1~20190331/src/modules/recovery/tests_impl.h:350:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sigc64[64] = {
data/libsecp256k1-0.1~20190331/src/num_gmp_impl.h:30:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[65];
data/libsecp256k1-0.1~20190331/src/num_gmp_impl.h:40:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r + rlen - len + shift, tmp + shift, len - shift);
data/libsecp256k1-0.1~20190331/src/scalar_impl.h:29:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[32];
data/libsecp256k1-0.1~20190331/src/scalar_impl.h:37:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char order[32] = {
data/libsecp256k1-0.1~20190331/src/scalar_impl.h:44:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char order[32] = {
data/libsecp256k1-0.1~20190331/src/scalar_impl.h:229:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[32];
data/libsecp256k1-0.1~20190331/src/secp256k1.c:161:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pubkey->data[0], &s, sizeof(s));
data/libsecp256k1-0.1~20190331/src/secp256k1.c:215:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(r, &sig->data[0], 32);
data/libsecp256k1-0.1~20190331/src/secp256k1.c:216:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, &sig->data[32], 32);
data/libsecp256k1-0.1~20190331/src/secp256k1.c:225:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sig->data[0], r, 32);
data/libsecp256k1-0.1~20190331/src/secp256k1.c:226:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sig->data[32], s, 32);
data/libsecp256k1-0.1~20190331/src/secp256k1.c:332:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + *offset, data, len);
data/libsecp256k1-0.1~20190331/src/secp256k1.c:337:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char keydata[112];
data/libsecp256k1-0.1~20190331/src/secp256k1.c:386:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce32[32];
data/libsecp256k1-0.1~20190331/src/tests.c:66:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b32[32];
data/libsecp256k1-0.1~20190331/src/tests.c:116:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b32[32];
data/libsecp256k1-0.1~20190331/src/tests.c:129:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b32[32];
data/libsecp256k1-0.1~20190331/src/tests.c:144:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ctmp[32];
data/libsecp256k1-0.1~20190331/src/tests.c:299:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *inputs[8] = {
data/libsecp256k1-0.1~20190331/src/tests.c:305:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char outputs[8][32] = {
data/libsecp256k1-0.1~20190331/src/tests.c:317:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[32];
data/libsecp256k1-0.1~20190331/src/tests.c:335:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *keys[6] = {
data/libsecp256k1-0.1~20190331/src/tests.c:343:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *inputs[6] = {
data/libsecp256k1-0.1~20190331/src/tests.c:351:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char outputs[6][32] = {
data/libsecp256k1-0.1~20190331/src/tests.c:362:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[32];
data/libsecp256k1-0.1~20190331/src/tests.c:379:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char key1[65] = {0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f, 0x10, 0x11, 0x12, 0x13, 0x14, 0x15, 0x16, 0x17, 0x18, 0x19, 0x1a, 0x1b, 0x1c, 0x1d, 0x1e, 0x1f, 0x00, 0x4b, 0xf5, 0x12, 0x2f, 0x34, 0x45, 0x54, 0xc5, 0x3b, 0xde, 0x2e, 0xbb, 0x8c, 0xd2, 0xb7, 0xe3, 0xd1, 0x60, 0x0a, 0xd6, 0x31, 0xc3, 0x85, 0xa5, 0xd7, 0xcc, 0xe2, 0x3c, 0x77, 0x85, 0x45, 0x9a, 0};
data/libsecp256k1-0.1~20190331/src/tests.c:380:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char out1[3][32] = {
data/libsecp256k1-0.1~20190331/src/tests.c:386:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char key2[64] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xe3, 0xb0, 0xc4, 0x42, 0x98, 0xfc, 0x1c, 0x14, 0x9a, 0xfb, 0xf4, 0xc8, 0x99, 0x6f, 0xb9, 0x24, 0x27, 0xae, 0x41, 0xe4, 0x64, 0x9b, 0x93, 0x4c, 0xa4, 0x95, 0x99, 0x1b, 0x78, 0x52, 0xb8, 0x55};
data/libsecp256k1-0.1~20190331/src/tests.c:387:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char out2[3][32] = {
data/libsecp256k1-0.1~20190331/src/tests.c:394:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[32];
data/libsecp256k1-0.1~20190331/src/tests.c:687:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[32];
data/libsecp256k1-0.1~20190331/src/tests.c:810:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cone[1] = {0x01};
data/libsecp256k1-0.1~20190331/src/tests.c:991:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bin[32];
data/libsecp256k1-0.1~20190331/src/tests.c:1027:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char chal[33][2][32] = {
data/libsecp256k1-0.1~20190331/src/tests.c:1293:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char res[33][2][32] = {
data/libsecp256k1-0.1~20190331/src/tests.c:1599:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bin[32];
data/libsecp256k1-0.1~20190331/src/tests.c:1609:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bin[32];
data/libsecp256k1-0.1~20190331/src/tests.c:1655:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char b32[32] = {
data/libsecp256k1-0.1~20190331/src/tests.c:1670:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b322[32];
data/libsecp256k1-0.1~20190331/src/tests.c:2395:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pub[65];
data/libsecp256k1-0.1~20190331/src/tests.c:3249:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char seed32[32];
data/libsecp256k1-0.1~20190331/src/tests.c:3293:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char zero[32] = {0};
data/libsecp256k1-0.1~20190331/src/tests.c:3294:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[32];
data/libsecp256k1-0.1~20190331/src/tests.c:3319:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pubkeyc[65];
data/libsecp256k1-0.1~20190331/src/tests.c:3329:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pubkeyc[1], input, 64);
data/libsecp256k1-0.1~20190331/src/tests.c:3346:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pubkeyo[65];
data/libsecp256k1-0.1~20190331/src/tests.c:3395:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char valid[SECP256K1_EC_PARSE_TEST_NVALID][64] = {
data/libsecp256k1-0.1~20190331/src/tests.c:3482:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char onlyxvalid[SECP256K1_EC_PARSE_TEST_NXVALID][64] = {
data/libsecp256k1-0.1~20190331/src/tests.c:3513:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char invalid[SECP256K1_EC_PARSE_TEST_NINVALID][64] = {
data/libsecp256k1-0.1~20190331/src/tests.c:3564:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char pubkeyc[66] = {
data/libsecp256k1-0.1~20190331/src/tests.c:3572:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sout[65];
data/libsecp256k1-0.1~20190331/src/tests.c:3573:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char shortkey[2];
data/libsecp256k1-0.1~20190331/src/tests.c:3722:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char orderc[32] = {
data/libsecp256k1-0.1~20190331/src/tests.c:3728:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char zeros[sizeof(secp256k1_pubkey)] = {0x00};
data/libsecp256k1-0.1~20190331/src/tests.c:3729:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ctmp[33];
data/libsecp256k1-0.1~20190331/src/tests.c:3730:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ctmp2[33];
data/libsecp256k1-0.1~20190331/src/tests.c:3770:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctmp, orderc, 32);
data/libsecp256k1-0.1~20190331/src/tests.c:3791:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pubkey2, &pubkey, sizeof(pubkey));
data/libsecp256k1-0.1~20190331/src/tests.c:3801:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctmp, orderc, 32);
data/libsecp256k1-0.1~20190331/src/tests.c:3805:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctmp, orderc, 32);
data/libsecp256k1-0.1~20190331/src/tests.c:3809:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctmp, orderc, 32);
data/libsecp256k1-0.1~20190331/src/tests.c:3999:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nonce32, data, 32);
data/libsecp256k1-0.1~20190331/src/tests.c:4027:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nonce32, order, 32);
data/libsecp256k1-0.1~20190331/src/tests.c:4042:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char res[sizeof(secp256k1_ecdsa_signature)] = {0};
data/libsecp256k1-0.1~20190331/src/tests.c:4047:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char extra[32] = {0x00};
data/libsecp256k1-0.1~20190331/src/tests.c:4048:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char privkey[32];
data/libsecp256k1-0.1~20190331/src/tests.c:4049:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char message[32];
data/libsecp256k1-0.1~20190331/src/tests.c:4050:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char privkey2[32];
data/libsecp256k1-0.1~20190331/src/tests.c:4053:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[74];
data/libsecp256k1-0.1~20190331/src/tests.c:4055:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pubkeyc[65];
data/libsecp256k1-0.1~20190331/src/tests.c:4059:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char seckey[300];
data/libsecp256k1-0.1~20190331/src/tests.c:4081:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pubkey_tmp, &pubkey, sizeof(pubkey));
data/libsecp256k1-0.1~20190331/src/tests.c:4096:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rnd[32];
data/libsecp256k1-0.1~20190331/src/tests.c:4113:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rnd[32];
data/libsecp256k1-0.1~20190331/src/tests.c:4180:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[65];
data/libsecp256k1-0.1~20190331/src/tests.c:4201:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[65];
data/libsecp256k1-0.1~20190331/src/tests.c:4252:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char zeroes[32] = {0};
data/libsecp256k1-0.1~20190331/src/tests.c:4254:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char max_scalar[32] = {
data/libsecp256k1-0.1~20190331/src/tests.c:4265:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char roundtrip_der[2048];
data/libsecp256k1-0.1~20190331/src/tests.c:4266:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char compact_der[64];
data/libsecp256k1-0.1~20190331/src/tests.c:4271:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char roundtrip_der_lax[2048];
data/libsecp256k1-0.1~20190331/src/tests.c:4272:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char compact_der_lax[64];
data/libsecp256k1-0.1~20190331/src/tests.c:4280:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char roundtrip_openssl[2048];
data/libsecp256k1-0.1~20190331/src/tests.c:4333:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[32] = {0};
data/libsecp256k1-0.1~20190331/src/tests.c:4338:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[32] = {0};
data/libsecp256k1-0.1~20190331/src/tests.c:4553:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[2048];
data/libsecp256k1-0.1~20190331/src/tests.c:4604:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char pubkey_mods_zero[33] = {
data/libsecp256k1-0.1~20190331/src/tests.c:4623:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char pubkey[33] = {
data/libsecp256k1-0.1~20190331/src/tests.c:4642:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char pubkey[33] = {
data/libsecp256k1-0.1~20190331/src/tests.c:4649:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char pubkey2[33] = {
data/libsecp256k1-0.1~20190331/src/tests.c:4677:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char pubkey[33] = {
data/libsecp256k1-0.1~20190331/src/tests.c:4684:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char pubkey2[33] = {
data/libsecp256k1-0.1~20190331/src/tests.c:4691:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char csr[32] = {
data/libsecp256k1-0.1~20190331/src/tests.c:4719:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char pubkey[33] = {
data/libsecp256k1-0.1~20190331/src/tests.c:4726:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char csr[32] = {
data/libsecp256k1-0.1~20190331/src/tests.c:4753:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char signature[72];
data/libsecp256k1-0.1~20190331/src/tests.c:4754:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char nonce[32] = {
data/libsecp256k1-0.1~20190331/src/tests.c:4760:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char nonce2[32] = {
data/libsecp256k1-0.1~20190331/src/tests.c:4766:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char key[32] = {
data/libsecp256k1-0.1~20190331/src/tests.c:4772:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg[32] = {
data/libsecp256k1-0.1~20190331/src/tests.c:4848:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char zero[32] = {0x00};
data/libsecp256k1-0.1~20190331/src/tests.c:4850:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[32];
data/libsecp256k1-0.1~20190331/src/tests.c:4851:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg[32];
data/libsecp256k1-0.1~20190331/src/tests.c:4909:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char zeros[32] = {0};
data/libsecp256k1-0.1~20190331/src/tests.c:4910:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce[32];
data/libsecp256k1-0.1~20190331/src/tests.c:4911:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce2[32];
data/libsecp256k1-0.1~20190331/src/tests.c:4912:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce3[32];
data/libsecp256k1-0.1~20190331/src/tests.c:4913:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nonce4[32];
data/libsecp256k1-0.1~20190331/src/tests.c:4937:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char privkey[300];
data/libsecp256k1-0.1~20190331/src/tests.c:4938:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char seckey[32] = {
data/libsecp256k1-0.1~20190331/src/tests.c:4957:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char privkey[300];
data/libsecp256k1-0.1~20190331/src/tests.c:4978:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char message[32];
data/libsecp256k1-0.1~20190331/src/tests.c:4979:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char signature[80];
data/libsecp256k1-0.1~20190331/src/tests.c:4980:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key32[32];
data/libsecp256k1-0.1~20190331/src/tests.c:5020:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char seed16[16] = {0};
data/libsecp256k1-0.1~20190331/src/tests.c:5021:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char run32[32] = {0};
data/libsecp256k1-0.1~20190331/src/tests.c:5042:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *frand = fopen("/dev/urandom", "r");
data/libsecp256k1-0.1~20190331/src/tests_exhaustive.c:62:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bin[32];
data/libsecp256k1-0.1~20190331/src/tests_exhaustive.c:227:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char x_bin[32];
data/libsecp256k1-0.1~20190331/src/tests_exhaustive.c:247:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg32[32];
data/libsecp256k1-0.1~20190331/src/tests_exhaustive.c:295:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sk32[32], msg32[32];
data/libsecp256k1-0.1~20190331/src/tests_exhaustive.c:343:26: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sk32[32], msg32[32];
data/libsecp256k1-0.1~20190331/src/tests_exhaustive.c:409:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg32[32];
data/libsecp256k1-0.1~20190331/src/tests.c:320:76: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i]));
data/libsecp256k1-0.1~20190331/src/tests.c:323:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(inputs[i]) > 0) {
data/libsecp256k1-0.1~20190331/src/tests.c:324:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int split = secp256k1_rand_int(strlen(inputs[i]));
data/libsecp256k1-0.1~20190331/src/tests.c:327:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
secp256k1_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split);
data/libsecp256k1-0.1~20190331/src/tests.c:363:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i]));
data/libsecp256k1-0.1~20190331/src/tests.c:364:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i]), strlen(inputs[i]));
data/libsecp256k1-0.1~20190331/src/tests.c:367:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(inputs[i]) > 0) {
data/libsecp256k1-0.1~20190331/src/tests.c:368:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int split = secp256k1_rand_int(strlen(inputs[i]));
data/libsecp256k1-0.1~20190331/src/tests.c:369:88: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
secp256k1_hmac_sha256_initialize(&hasher, (const unsigned char*)(keys[i]), strlen(keys[i]));
data/libsecp256k1-0.1~20190331/src/tests.c:371:93: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
secp256k1_hmac_sha256_write(&hasher, (const unsigned char*)(inputs[i] + split), strlen(inputs[i]) - split);
ANALYSIS SUMMARY:
Hits = 256
Lines analyzed = 19361 in approximately 0.65 seconds (29695 lines/second)
Physical Source Lines of Code (SLOC) = 14562
Hits@level = [0] 40 [1] 10 [2] 245 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 296 [1+] 256 [2+] 246 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 20.3269 [1+] 17.58 [2+] 16.8933 [3+] 0.0686719 [4+] 0.0686719 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.