Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libsigrok-0.5.2/bindings/cxx/classes.cpp Examining data/libsigrok-0.5.2/bindings/cxx/ConfigKey_methods.hpp Examining data/libsigrok-0.5.2/bindings/cxx/ConfigKey_methods.cpp Examining data/libsigrok-0.5.2/bindings/cxx/QuantityFlag_methods.cpp Examining data/libsigrok-0.5.2/bindings/cxx/include/libsigrokcxx/libsigrokcxx.hpp Examining data/libsigrok-0.5.2/bindings/cxx/QuantityFlag_methods.hpp Examining data/libsigrok-0.5.2/include/libsigrok/libsigrok.h Examining data/libsigrok-0.5.2/include/libsigrok/proto.h Examining data/libsigrok-0.5.2/src/std.c Examining data/libsigrok-0.5.2/src/serial_libsp.c Examining data/libsigrok-0.5.2/src/output/output.c Examining data/libsigrok-0.5.2/src/output/csv.c Examining data/libsigrok-0.5.2/src/output/vcd.c Examining data/libsigrok-0.5.2/src/output/wavedrom.c Examining data/libsigrok-0.5.2/src/output/srzip.c Examining data/libsigrok-0.5.2/src/output/wav.c Examining data/libsigrok-0.5.2/src/output/hex.c Examining data/libsigrok-0.5.2/src/output/ols.c Examining data/libsigrok-0.5.2/src/output/ascii.c Examining data/libsigrok-0.5.2/src/output/binary.c Examining data/libsigrok-0.5.2/src/output/chronovu_la8.c Examining data/libsigrok-0.5.2/src/output/null.c Examining data/libsigrok-0.5.2/src/output/analog.c Examining data/libsigrok-0.5.2/src/output/bits.c Examining data/libsigrok-0.5.2/src/error.c Examining data/libsigrok-0.5.2/src/scale/kern.c Examining data/libsigrok-0.5.2/src/driver_list_start.c Examining data/libsigrok-0.5.2/src/scpi/vxi.h Examining data/libsigrok-0.5.2/src/scpi/scpi_usbtmc_libusb.c Examining data/libsigrok-0.5.2/src/scpi/scpi_tcp.c Examining data/libsigrok-0.5.2/src/scpi/vxi_xdr.c Examining data/libsigrok-0.5.2/src/scpi/scpi_visa.c Examining data/libsigrok-0.5.2/src/scpi/scpi.c Examining data/libsigrok-0.5.2/src/scpi/scpi_vxi.c Examining data/libsigrok-0.5.2/src/scpi/scpi_libgpib.c Examining data/libsigrok-0.5.2/src/scpi/scpi_serial.c Examining data/libsigrok-0.5.2/src/scpi/vxi_clnt.c Examining data/libsigrok-0.5.2/src/serial_hid.c Examining data/libsigrok-0.5.2/src/driver_list_stop.c Examining data/libsigrok-0.5.2/src/trigger.c Examining data/libsigrok-0.5.2/src/serial.c Examining data/libsigrok-0.5.2/src/strutil.c Examining data/libsigrok-0.5.2/src/bt/bt_bluez.c Examining data/libsigrok-0.5.2/src/session.c Examining data/libsigrok-0.5.2/src/libsigrok-internal.h Examining data/libsigrok-0.5.2/src/resource.c Examining data/libsigrok-0.5.2/src/serial_hid_victor.c Examining data/libsigrok-0.5.2/src/conversion.c Examining data/libsigrok-0.5.2/src/scpi.h Examining data/libsigrok-0.5.2/src/hardware/sysclk-sla5032/api.c Examining data/libsigrok-0.5.2/src/hardware/sysclk-sla5032/protocol.c Examining data/libsigrok-0.5.2/src/hardware/sysclk-sla5032/protocol.h Examining data/libsigrok-0.5.2/src/hardware/hameg-hmo/api.c Examining data/libsigrok-0.5.2/src/hardware/hameg-hmo/protocol.c Examining data/libsigrok-0.5.2/src/hardware/hameg-hmo/protocol.h Examining data/libsigrok-0.5.2/src/hardware/dreamsourcelab-dslogic/api.c Examining data/libsigrok-0.5.2/src/hardware/dreamsourcelab-dslogic/protocol.c Examining data/libsigrok-0.5.2/src/hardware/dreamsourcelab-dslogic/protocol.h Examining data/libsigrok-0.5.2/src/hardware/lecroy-logicstudio/api.c Examining data/libsigrok-0.5.2/src/hardware/lecroy-logicstudio/protocol.c Examining data/libsigrok-0.5.2/src/hardware/lecroy-logicstudio/protocol.h Examining data/libsigrok-0.5.2/src/hardware/pipistrello-ols/api.c Examining data/libsigrok-0.5.2/src/hardware/pipistrello-ols/protocol.c Examining data/libsigrok-0.5.2/src/hardware/pipistrello-ols/protocol.h Examining data/libsigrok-0.5.2/src/hardware/saleae-logic-pro/api.c Examining data/libsigrok-0.5.2/src/hardware/saleae-logic-pro/protocol.c Examining data/libsigrok-0.5.2/src/hardware/saleae-logic-pro/protocol.h Examining data/libsigrok-0.5.2/src/hardware/baylibre-acme/api.c Examining data/libsigrok-0.5.2/src/hardware/baylibre-acme/gpio.c Examining data/libsigrok-0.5.2/src/hardware/baylibre-acme/protocol.c Examining data/libsigrok-0.5.2/src/hardware/baylibre-acme/protocol.h Examining data/libsigrok-0.5.2/src/hardware/baylibre-acme/gpio.h Examining data/libsigrok-0.5.2/src/hardware/hp-3478a/api.c Examining data/libsigrok-0.5.2/src/hardware/hp-3478a/protocol.c Examining data/libsigrok-0.5.2/src/hardware/hp-3478a/protocol.h Examining data/libsigrok-0.5.2/src/hardware/manson-hcs-3xxx/api.c Examining data/libsigrok-0.5.2/src/hardware/manson-hcs-3xxx/protocol.c Examining data/libsigrok-0.5.2/src/hardware/manson-hcs-3xxx/protocol.h Examining data/libsigrok-0.5.2/src/hardware/kern-scale/api.c Examining data/libsigrok-0.5.2/src/hardware/kern-scale/protocol.c Examining data/libsigrok-0.5.2/src/hardware/kern-scale/protocol.h Examining data/libsigrok-0.5.2/src/hardware/asix-sigma/api.c Examining data/libsigrok-0.5.2/src/hardware/asix-sigma/protocol.c Examining data/libsigrok-0.5.2/src/hardware/asix-sigma/protocol.h Examining data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/api.c Examining data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/protocol.c Examining data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/protocol.h Examining data/libsigrok-0.5.2/src/hardware/testo/api.c Examining data/libsigrok-0.5.2/src/hardware/testo/protocol.c Examining data/libsigrok-0.5.2/src/hardware/testo/protocol.h Examining data/libsigrok-0.5.2/src/hardware/rohde-schwarz-sme-0x/api.c Examining data/libsigrok-0.5.2/src/hardware/rohde-schwarz-sme-0x/protocol.c Examining data/libsigrok-0.5.2/src/hardware/rohde-schwarz-sme-0x/protocol.h Examining data/libsigrok-0.5.2/src/hardware/rigol-ds/api.c Examining data/libsigrok-0.5.2/src/hardware/rigol-ds/protocol.c Examining data/libsigrok-0.5.2/src/hardware/rigol-ds/protocol.h Examining data/libsigrok-0.5.2/src/hardware/gwinstek-gds-800/api.c Examining data/libsigrok-0.5.2/src/hardware/gwinstek-gds-800/protocol.c Examining data/libsigrok-0.5.2/src/hardware/gwinstek-gds-800/protocol.h Examining data/libsigrok-0.5.2/src/hardware/rdtech-dps/api.c Examining data/libsigrok-0.5.2/src/hardware/rdtech-dps/protocol.c Examining data/libsigrok-0.5.2/src/hardware/rdtech-dps/protocol.h Examining data/libsigrok-0.5.2/src/hardware/yokogawa-dlm/api.c Examining data/libsigrok-0.5.2/src/hardware/yokogawa-dlm/protocol_wrappers.c Examining data/libsigrok-0.5.2/src/hardware/yokogawa-dlm/protocol.c Examining data/libsigrok-0.5.2/src/hardware/yokogawa-dlm/protocol_wrappers.h Examining data/libsigrok-0.5.2/src/hardware/yokogawa-dlm/protocol.h Examining data/libsigrok-0.5.2/src/hardware/fluke-dmm/api.c Examining data/libsigrok-0.5.2/src/hardware/fluke-dmm/protocol.c Examining data/libsigrok-0.5.2/src/hardware/fluke-dmm/protocol.h Examining data/libsigrok-0.5.2/src/hardware/fx2lafw/api.c Examining data/libsigrok-0.5.2/src/hardware/fx2lafw/protocol.c Examining data/libsigrok-0.5.2/src/hardware/fx2lafw/protocol.h Examining data/libsigrok-0.5.2/src/hardware/mic-985xx/api.c Examining data/libsigrok-0.5.2/src/hardware/mic-985xx/protocol.c Examining data/libsigrok-0.5.2/src/hardware/mic-985xx/protocol.h Examining data/libsigrok-0.5.2/src/hardware/serial-dmm/api.c Examining data/libsigrok-0.5.2/src/hardware/serial-dmm/protocol.c Examining data/libsigrok-0.5.2/src/hardware/serial-dmm/protocol.h Examining data/libsigrok-0.5.2/src/hardware/conrad-digi-35-cpu/api.c Examining data/libsigrok-0.5.2/src/hardware/conrad-digi-35-cpu/protocol.c Examining data/libsigrok-0.5.2/src/hardware/conrad-digi-35-cpu/protocol.h Examining data/libsigrok-0.5.2/src/hardware/uni-t-ut32x/api.c Examining data/libsigrok-0.5.2/src/hardware/uni-t-ut32x/protocol.c Examining data/libsigrok-0.5.2/src/hardware/uni-t-ut32x/protocol.h Examining data/libsigrok-0.5.2/src/hardware/teleinfo/api.c Examining data/libsigrok-0.5.2/src/hardware/teleinfo/protocol.c Examining data/libsigrok-0.5.2/src/hardware/teleinfo/protocol.h Examining data/libsigrok-0.5.2/src/hardware/zketech-ebd-usb/api.c Examining data/libsigrok-0.5.2/src/hardware/zketech-ebd-usb/protocol.c Examining data/libsigrok-0.5.2/src/hardware/zketech-ebd-usb/protocol.h Examining data/libsigrok-0.5.2/src/hardware/pce-322a/api.c Examining data/libsigrok-0.5.2/src/hardware/pce-322a/protocol.c Examining data/libsigrok-0.5.2/src/hardware/pce-322a/protocol.h Examining data/libsigrok-0.5.2/src/hardware/lascar-el-usb/api.c Examining data/libsigrok-0.5.2/src/hardware/lascar-el-usb/protocol.c Examining data/libsigrok-0.5.2/src/hardware/lascar-el-usb/protocol.h Examining data/libsigrok-0.5.2/src/hardware/agilent-dmm/api.c Examining data/libsigrok-0.5.2/src/hardware/agilent-dmm/protocol.c Examining data/libsigrok-0.5.2/src/hardware/agilent-dmm/protocol.h Examining data/libsigrok-0.5.2/src/hardware/scpi-pps/profiles.c Examining data/libsigrok-0.5.2/src/hardware/scpi-pps/api.c Examining data/libsigrok-0.5.2/src/hardware/scpi-pps/protocol.c Examining data/libsigrok-0.5.2/src/hardware/scpi-pps/protocol.h Examining data/libsigrok-0.5.2/src/hardware/hung-chang-dso-2100/api.c Examining data/libsigrok-0.5.2/src/hardware/hung-chang-dso-2100/protocol.c Examining data/libsigrok-0.5.2/src/hardware/hung-chang-dso-2100/protocol.h Examining data/libsigrok-0.5.2/src/hardware/colead-slm/api.c Examining data/libsigrok-0.5.2/src/hardware/colead-slm/protocol.c Examining data/libsigrok-0.5.2/src/hardware/colead-slm/protocol.h Examining data/libsigrok-0.5.2/src/hardware/hantek-4032l/api.c Examining data/libsigrok-0.5.2/src/hardware/hantek-4032l/protocol.c Examining data/libsigrok-0.5.2/src/hardware/hantek-4032l/protocol.h Examining data/libsigrok-0.5.2/src/hardware/fluke-45/api.c Examining data/libsigrok-0.5.2/src/hardware/fluke-45/protocol.c Examining data/libsigrok-0.5.2/src/hardware/fluke-45/protocol.h Examining data/libsigrok-0.5.2/src/hardware/beaglelogic/api.c Examining data/libsigrok-0.5.2/src/hardware/beaglelogic/protocol.c Examining data/libsigrok-0.5.2/src/hardware/beaglelogic/protocol.h Examining data/libsigrok-0.5.2/src/hardware/beaglelogic/beaglelogic.h Examining data/libsigrok-0.5.2/src/hardware/beaglelogic/beaglelogic_native.c Examining data/libsigrok-0.5.2/src/hardware/beaglelogic/beaglelogic_tcp.c Examining data/libsigrok-0.5.2/src/hardware/norma-dmm/api.c Examining data/libsigrok-0.5.2/src/hardware/norma-dmm/protocol.c Examining data/libsigrok-0.5.2/src/hardware/norma-dmm/protocol.h Examining data/libsigrok-0.5.2/src/hardware/demo/api.c Examining data/libsigrok-0.5.2/src/hardware/demo/protocol.c Examining data/libsigrok-0.5.2/src/hardware/demo/protocol.h Examining data/libsigrok-0.5.2/src/hardware/hp-3457a/api.c Examining data/libsigrok-0.5.2/src/hardware/hp-3457a/protocol.c Examining data/libsigrok-0.5.2/src/hardware/hp-3457a/protocol.h Examining data/libsigrok-0.5.2/src/hardware/ftdi-la/api.c Examining data/libsigrok-0.5.2/src/hardware/ftdi-la/protocol.c Examining data/libsigrok-0.5.2/src/hardware/ftdi-la/protocol.h Examining data/libsigrok-0.5.2/src/hardware/lecroy-xstream/api.c Examining data/libsigrok-0.5.2/src/hardware/lecroy-xstream/protocol.c Examining data/libsigrok-0.5.2/src/hardware/lecroy-xstream/protocol.h Examining data/libsigrok-0.5.2/src/hardware/ikalogic-scanaplus/api.c Examining data/libsigrok-0.5.2/src/hardware/ikalogic-scanaplus/protocol.c Examining data/libsigrok-0.5.2/src/hardware/ikalogic-scanaplus/protocol.h Examining data/libsigrok-0.5.2/src/hardware/brymen-dmm/api.c Examining data/libsigrok-0.5.2/src/hardware/brymen-dmm/protocol.c Examining data/libsigrok-0.5.2/src/hardware/brymen-dmm/protocol.h Examining data/libsigrok-0.5.2/src/hardware/brymen-dmm/parser.c Examining data/libsigrok-0.5.2/src/hardware/appa-55ii/api.c Examining data/libsigrok-0.5.2/src/hardware/appa-55ii/protocol.c Examining data/libsigrok-0.5.2/src/hardware/appa-55ii/protocol.h Examining data/libsigrok-0.5.2/src/hardware/gwinstek-gpd/api.c Examining data/libsigrok-0.5.2/src/hardware/gwinstek-gpd/protocol.c Examining data/libsigrok-0.5.2/src/hardware/gwinstek-gpd/protocol.h Examining data/libsigrok-0.5.2/src/hardware/mooshimeter-dmm/api.c Examining data/libsigrok-0.5.2/src/hardware/mooshimeter-dmm/protocol.c Examining data/libsigrok-0.5.2/src/hardware/mooshimeter-dmm/protocol.h Examining data/libsigrok-0.5.2/src/hardware/chronovu-la/api.c Examining data/libsigrok-0.5.2/src/hardware/chronovu-la/protocol.c Examining data/libsigrok-0.5.2/src/hardware/chronovu-la/protocol.h Examining data/libsigrok-0.5.2/src/hardware/hantek-6xxx/api.c Examining data/libsigrok-0.5.2/src/hardware/hantek-6xxx/protocol.c Examining data/libsigrok-0.5.2/src/hardware/hantek-6xxx/protocol.h Examining data/libsigrok-0.5.2/src/hardware/scpi-dmm/api.c Examining data/libsigrok-0.5.2/src/hardware/scpi-dmm/protocol.c Examining data/libsigrok-0.5.2/src/hardware/scpi-dmm/protocol.h Examining data/libsigrok-0.5.2/src/hardware/kecheng-kc-330b/api.c Examining data/libsigrok-0.5.2/src/hardware/kecheng-kc-330b/protocol.c Examining data/libsigrok-0.5.2/src/hardware/kecheng-kc-330b/protocol.h Examining data/libsigrok-0.5.2/src/hardware/sysclk-lwla/lwla.c Examining data/libsigrok-0.5.2/src/hardware/sysclk-lwla/api.c Examining data/libsigrok-0.5.2/src/hardware/sysclk-lwla/lwla1034.c Examining data/libsigrok-0.5.2/src/hardware/sysclk-lwla/protocol.c Examining data/libsigrok-0.5.2/src/hardware/sysclk-lwla/protocol.h Examining data/libsigrok-0.5.2/src/hardware/sysclk-lwla/lwla.h Examining data/libsigrok-0.5.2/src/hardware/sysclk-lwla/lwla1016.c Examining data/libsigrok-0.5.2/src/hardware/saleae-logic16/api.c Examining data/libsigrok-0.5.2/src/hardware/saleae-logic16/protocol.c Examining data/libsigrok-0.5.2/src/hardware/saleae-logic16/protocol.h Examining data/libsigrok-0.5.2/src/hardware/cem-dt-885x/api.c Examining data/libsigrok-0.5.2/src/hardware/cem-dt-885x/protocol.c Examining data/libsigrok-0.5.2/src/hardware/cem-dt-885x/protocol.h Examining data/libsigrok-0.5.2/src/hardware/serial-lcr/api.c Examining data/libsigrok-0.5.2/src/hardware/serial-lcr/protocol.c Examining data/libsigrok-0.5.2/src/hardware/serial-lcr/protocol.h Examining data/libsigrok-0.5.2/src/hardware/atten-pps3xxx/api.c Examining data/libsigrok-0.5.2/src/hardware/atten-pps3xxx/protocol.c Examining data/libsigrok-0.5.2/src/hardware/atten-pps3xxx/protocol.h Examining data/libsigrok-0.5.2/src/hardware/korad-kaxxxxp/api.c Examining data/libsigrok-0.5.2/src/hardware/korad-kaxxxxp/protocol.c Examining data/libsigrok-0.5.2/src/hardware/korad-kaxxxxp/protocol.h Examining data/libsigrok-0.5.2/src/hardware/tondaj-sl-814/api.c Examining data/libsigrok-0.5.2/src/hardware/tondaj-sl-814/protocol.c Examining data/libsigrok-0.5.2/src/hardware/tondaj-sl-814/protocol.h Examining data/libsigrok-0.5.2/src/hardware/zeroplus-logic-cube/gl_usb.h Examining data/libsigrok-0.5.2/src/hardware/zeroplus-logic-cube/api.c Examining data/libsigrok-0.5.2/src/hardware/zeroplus-logic-cube/analyzer.c Examining data/libsigrok-0.5.2/src/hardware/zeroplus-logic-cube/protocol.c Examining data/libsigrok-0.5.2/src/hardware/zeroplus-logic-cube/protocol.h Examining data/libsigrok-0.5.2/src/hardware/zeroplus-logic-cube/analyzer.h Examining data/libsigrok-0.5.2/src/hardware/zeroplus-logic-cube/gl_usb.c Examining data/libsigrok-0.5.2/src/hardware/maynuo-m97/api.c Examining data/libsigrok-0.5.2/src/hardware/maynuo-m97/protocol.c Examining data/libsigrok-0.5.2/src/hardware/maynuo-m97/protocol.h Examining data/libsigrok-0.5.2/src/hardware/siglent-sds/api.c Examining data/libsigrok-0.5.2/src/hardware/siglent-sds/protocol.c Examining data/libsigrok-0.5.2/src/hardware/siglent-sds/protocol.h Examining data/libsigrok-0.5.2/src/hardware/ipdbg-la/api.c Examining data/libsigrok-0.5.2/src/hardware/ipdbg-la/protocol.c Examining data/libsigrok-0.5.2/src/hardware/ipdbg-la/protocol.h Examining data/libsigrok-0.5.2/src/hardware/gmc-mh-1x-2x/api.c Examining data/libsigrok-0.5.2/src/hardware/gmc-mh-1x-2x/protocol.c Examining data/libsigrok-0.5.2/src/hardware/gmc-mh-1x-2x/protocol.h Examining data/libsigrok-0.5.2/src/hardware/uni-t-dmm/api.c Examining data/libsigrok-0.5.2/src/hardware/uni-t-dmm/protocol.c Examining data/libsigrok-0.5.2/src/hardware/uni-t-dmm/protocol.h Examining data/libsigrok-0.5.2/src/hardware/hantek-dso/api.c Examining data/libsigrok-0.5.2/src/hardware/hantek-dso/protocol.c Examining data/libsigrok-0.5.2/src/hardware/hantek-dso/protocol.h Examining data/libsigrok-0.5.2/src/hardware/ikalogic-scanalogic2/api.c Examining data/libsigrok-0.5.2/src/hardware/ikalogic-scanalogic2/protocol.c Examining data/libsigrok-0.5.2/src/hardware/ikalogic-scanalogic2/protocol.h Examining data/libsigrok-0.5.2/src/hardware/mastech-ms6514/api.c Examining data/libsigrok-0.5.2/src/hardware/mastech-ms6514/protocol.c Examining data/libsigrok-0.5.2/src/hardware/mastech-ms6514/protocol.h Examining data/libsigrok-0.5.2/src/hardware/motech-lps-30x/api.c Examining data/libsigrok-0.5.2/src/hardware/motech-lps-30x/protocol.c Examining data/libsigrok-0.5.2/src/hardware/motech-lps-30x/protocol.h Examining data/libsigrok-0.5.2/src/hardware/openbench-logic-sniffer/api.c Examining data/libsigrok-0.5.2/src/hardware/openbench-logic-sniffer/protocol.c Examining data/libsigrok-0.5.2/src/hardware/openbench-logic-sniffer/protocol.h Examining data/libsigrok-0.5.2/src/hardware/microchip-pickit2/api.c Examining data/libsigrok-0.5.2/src/hardware/microchip-pickit2/protocol.c Examining data/libsigrok-0.5.2/src/hardware/microchip-pickit2/protocol.h Examining data/libsigrok-0.5.2/src/hardware/center-3xx/api.c Examining data/libsigrok-0.5.2/src/hardware/center-3xx/protocol.c Examining data/libsigrok-0.5.2/src/hardware/center-3xx/protocol.h Examining data/libsigrok-0.5.2/src/transform/transform.c Examining data/libsigrok-0.5.2/src/transform/invert.c Examining data/libsigrok-0.5.2/src/transform/scale.c Examining data/libsigrok-0.5.2/src/transform/nop.c Examining data/libsigrok-0.5.2/src/serial_hid.h Examining data/libsigrok-0.5.2/src/dmm/ut372.c Examining data/libsigrok-0.5.2/src/dmm/metex14.c Examining data/libsigrok-0.5.2/src/dmm/es519xx.c Examining data/libsigrok-0.5.2/src/dmm/vc870.c Examining data/libsigrok-0.5.2/src/dmm/eev121gw.c Examining data/libsigrok-0.5.2/src/dmm/fs9922.c Examining data/libsigrok-0.5.2/src/dmm/rs9lcd.c Examining data/libsigrok-0.5.2/src/dmm/vc96.c Examining data/libsigrok-0.5.2/src/dmm/bm25x.c Examining data/libsigrok-0.5.2/src/dmm/bm86x.c Examining data/libsigrok-0.5.2/src/dmm/fs9721.c Examining data/libsigrok-0.5.2/src/dmm/ms8250d.c Examining data/libsigrok-0.5.2/src/dmm/m2110.c Examining data/libsigrok-0.5.2/src/dmm/ut71x.c Examining data/libsigrok-0.5.2/src/dmm/dtm0660.c Examining data/libsigrok-0.5.2/src/dmm/asycii.c Examining data/libsigrok-0.5.2/src/dmm/ms2115b.c Examining data/libsigrok-0.5.2/src/serial_bt.c Examining data/libsigrok-0.5.2/src/version.c Examining data/libsigrok-0.5.2/src/serial_hid_cp2110.c Examining data/libsigrok-0.5.2/src/drivers.c Examining data/libsigrok-0.5.2/src/serial_hid_bu86x.c Examining data/libsigrok-0.5.2/src/log.c Examining data/libsigrok-0.5.2/src/hwdriver.c Examining data/libsigrok-0.5.2/src/modbus/modbus.c Examining data/libsigrok-0.5.2/src/modbus/modbus_serial_rtu.c Examining data/libsigrok-0.5.2/src/session_file.c Examining data/libsigrok-0.5.2/src/lcr/vc4080.c Examining data/libsigrok-0.5.2/src/lcr/es51919.c Examining data/libsigrok-0.5.2/src/sw_limits.c Examining data/libsigrok-0.5.2/src/input/csv.c Examining data/libsigrok-0.5.2/src/input/vcd.c Examining data/libsigrok-0.5.2/src/input/wav.c Examining data/libsigrok-0.5.2/src/input/input.c Examining data/libsigrok-0.5.2/src/input/binary.c Examining data/libsigrok-0.5.2/src/input/chronovu_la8.c Examining data/libsigrok-0.5.2/src/input/raw_analog.c Examining data/libsigrok-0.5.2/src/input/null.c Examining data/libsigrok-0.5.2/src/input/logicport.c Examining data/libsigrok-0.5.2/src/input/trace32_ad.c Examining data/libsigrok-0.5.2/src/usb.c Examining data/libsigrok-0.5.2/src/backend.c Examining data/libsigrok-0.5.2/src/ezusb.c Examining data/libsigrok-0.5.2/src/device.c Examining data/libsigrok-0.5.2/src/soft-trigger.c Examining data/libsigrok-0.5.2/src/serial_hid_ch9325.c Examining data/libsigrok-0.5.2/src/analog.c Examining data/libsigrok-0.5.2/src/session_driver.c Examining data/libsigrok-0.5.2/src/fallback.c Examining data/libsigrok-0.5.2/tests/trigger.c Examining data/libsigrok-0.5.2/tests/session.c Examining data/libsigrok-0.5.2/tests/lib.c Examining data/libsigrok-0.5.2/tests/input_all.c Examining data/libsigrok-0.5.2/tests/output_all.c Examining data/libsigrok-0.5.2/tests/transform_all.c Examining data/libsigrok-0.5.2/tests/main.c Examining data/libsigrok-0.5.2/tests/core.c Examining data/libsigrok-0.5.2/tests/version.c Examining data/libsigrok-0.5.2/tests/driver_all.c Examining data/libsigrok-0.5.2/tests/device.c Examining data/libsigrok-0.5.2/tests/lib.h Examining data/libsigrok-0.5.2/tests/analog.c Examining data/libsigrok-0.5.2/tests/input_binary.c Examining data/libsigrok-0.5.2/tests/strutil.c FINAL RESULTS: data/libsigrok-0.5.2/src/hardware/agilent-dmm/protocol.c:219:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf) - 3, cmd, args); data/libsigrok-0.5.2/src/hardware/beaglelogic/beaglelogic_tcp.c:96:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = vsnprintf(NULL, 0, format, args_copy); data/libsigrok-0.5.2/src/hardware/beaglelogic/beaglelogic_tcp.c:100:2: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buf, format, args); data/libsigrok-0.5.2/src/hardware/gwinstek-gpd/protocol.c:32:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(cmdbuf, sizeof(cmdbuf), cmd, args); data/libsigrok-0.5.2/src/hardware/manson-hcs-3xxx/protocol.c:34:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(cmdbuf, sizeof(cmdbuf), cmd, args); data/libsigrok-0.5.2/src/hardware/motech-lps-30x/api.c:126:2: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), auxfmt, args); data/libsigrok-0.5.2/src/hardware/motech-lps-30x/api.c:208:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(reply, buf); data/libsigrok-0.5.2/src/hardware/serial-dmm/api.c:153:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(ch_name, sizeof(ch_name), fmt, ch_num); data/libsigrok-0.5.2/src/hardware/serial-lcr/api.c:166:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(ch_name, sizeof(ch_name), fmt, ch_idx + 1); data/libsigrok-0.5.2/src/hardware/teleinfo/protocol.c:95:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(optarif, data); data/libsigrok-0.5.2/src/strutil.c:346:8: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. ret = vsprintf(buf, format, args); data/libsigrok-0.5.2/src/strutil.c:385:8: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. ret = vsprintf(buf, format, args); data/libsigrok-0.5.2/src/strutil.c:396:8: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. ret = vsprintf(buf, format, args); data/libsigrok-0.5.2/src/strutil.c:411:8: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. ret = vsprintf(buf, format, args); data/libsigrok-0.5.2/src/strutil.c:519:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. ret = vsnprintf(buf, buf_size, format, args); data/libsigrok-0.5.2/src/strutil.c:558:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. ret = vsnprintf(buf, buf_size, format, args); data/libsigrok-0.5.2/src/strutil.c:569:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. ret = vsnprintf(buf, buf_size, format, args); data/libsigrok-0.5.2/src/strutil.c:584:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. ret = vsnprintf(buf, buf_size, format, args); data/libsigrok-0.5.2/src/strutil.c:762:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(fmt, ".%%0%d"PRIu64, i * 3); data/libsigrok-0.5.2/src/strutil.c:763:15: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. f = fract + sprintf(fract, fmt, x % divisor[i]) - 1; data/libsigrok-0.5.2/tests/strutil.c:38:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = vsnprintf(s, len, format, args); data/libsigrok-0.5.2/src/hardware/saleae-logic-pro/protocol.c:421:10: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. uint8_t random[32] = {}; data/libsigrok-0.5.2/src/hardware/saleae-logic-pro/protocol.c:432:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. ret = crypto_random(sdi, random); data/libsigrok-0.5.2/src/hardware/saleae-logic-pro/protocol.c:435:48: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. sr_dbg("random: 0x%02x 0x%02x 0x%02x 0x%02x", random[0], random[1], random[2], random[3]); data/libsigrok-0.5.2/src/hardware/saleae-logic-pro/protocol.c:435:59: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. sr_dbg("random: 0x%02x 0x%02x 0x%02x 0x%02x", random[0], random[1], random[2], random[3]); data/libsigrok-0.5.2/src/hardware/saleae-logic-pro/protocol.c:435:70: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. sr_dbg("random: 0x%02x 0x%02x 0x%02x 0x%02x", random[0], random[1], random[2], random[3]); data/libsigrok-0.5.2/src/hardware/saleae-logic-pro/protocol.c:435:81: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. sr_dbg("random: 0x%02x 0x%02x 0x%02x 0x%02x", random[0], random[1], random[2], random[3]); data/libsigrok-0.5.2/bindings/cxx/classes.cpp:84:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). reader->open(res, name); data/libsigrok-0.5.2/bindings/cxx/classes.cpp:669:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void Device::open() data/libsigrok-0.5.2/bindings/cxx/include/libsigrokcxx/libsigrokcxx.hpp:224:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virtual void open(struct sr_resource *res, std::string name) = 0; data/libsigrok-0.5.2/bindings/cxx/include/libsigrokcxx/libsigrokcxx.hpp:396:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(); data/libsigrok-0.5.2/src/analog.c:275:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outbuf, analog->data, count * sizeof(float)); data/libsigrok-0.5.2/src/bt/bt_bluez.c:165:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numbuf[3]; data/libsigrok-0.5.2/src/bt/bt_bluez.c:218:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[20]; data/libsigrok-0.5.2/src/bt/bt_bluez.c:242:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char local_addr[20]; data/libsigrok-0.5.2/src/bt/bt_bluez.c:243:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char remote_addr[20]; data/libsigrok-0.5.2/src/bt/bt_bluez.c:532:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[20]; data/libsigrok-0.5.2/src/bt/bt_bluez.c:629:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr[20]; data/libsigrok-0.5.2/src/bt/bt_bluez.c:630:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/libsigrok-0.5.2/src/device.c:812:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char conn_id_usb[64]; data/libsigrok-0.5.2/src/dmm/asycii.c:61:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char valstr[7 + 1]; data/libsigrok-0.5.2/src/dmm/asycii.c:142:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unit[8 + 1]; data/libsigrok-0.5.2/src/dmm/bm86x.c:162:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txtbuf[16], temp_unit; data/libsigrok-0.5.2/src/dmm/eev121gw.c:309:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. SR_PRIV const char *eev121gw_channel_formats[EEV121GW_DISPLAY_COUNT] = { data/libsigrok-0.5.2/src/dmm/metex14.c:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char valstr[7 + 1]; data/libsigrok-0.5.2/src/dmm/metex14.c:105:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unit[4 + 1]; data/libsigrok-0.5.2/src/dmm/ms2115b.c:211:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. SR_PRIV const char *ms2115b_channel_formats[MS2115B_DISPLAY_COUNT] = { data/libsigrok-0.5.2/src/dmm/ut372.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hex[3]; data/libsigrok-0.5.2/src/dmm/vc96.c:44:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char valstr[8 + 1]; data/libsigrok-0.5.2/src/dmm/vc96.c:88:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unit[4 + 1]; data/libsigrok-0.5.2/src/ezusb.c:41:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[1]; data/libsigrok-0.5.2/src/hardware/agilent-dmm/protocol.c:214:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/libsigrok-0.5.2/src/hardware/agilent-dmm/protocol.c:223:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "\r\n"); data/libsigrok-0.5.2/src/hardware/agilent-dmm/protocol.c:225:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "\n\r\n"); data/libsigrok-0.5.2/src/hardware/agilent-dmm/protocol.h:85:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[AGDMM_BUFSIZE]; data/libsigrok-0.5.2/src/hardware/appa-55ii/protocol.c:210:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(devc->log_buf + devc->log_buf_len, ptr, s); data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/api.c:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/protocol.c:73:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/protocol.c:103:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/protocol.c:125:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/protocol.c:159:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/protocol.c:195:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/protocol.c:231:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/protocol.h:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[RELOADPRO_BUFSIZE]; data/libsigrok-0.5.2/src/hardware/asix-sigma/api.c:73:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serial_txt[10]; data/libsigrok-0.5.2/src/hardware/atten-pps3xxx/api.c:92:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char channel[10]; data/libsigrok-0.5.2/src/hardware/atten-pps3xxx/protocol.c:27:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[128]; data/libsigrok-0.5.2/src/hardware/atten-pps3xxx/protocol.c:31:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str + strlen(str), "%.2x ", packet[i]); data/libsigrok-0.5.2/src/hardware/baylibre-acme/protocol.c:275:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eeprom_buf[EEPROM_SIZE]; data/libsigrok-0.5.2/src/hardware/baylibre-acme/protocol.c:638:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/libsigrok-0.5.2/src/hardware/baylibre-acme/protocol.c:662:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[64]; data/libsigrok-0.5.2/src/hardware/baylibre-acme/protocol.c:682:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDONLY); data/libsigrok-0.5.2/src/hardware/beaglelogic/api.c:125:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (devc->beaglelogic->open(devc) != SR_OK) data/libsigrok-0.5.2/src/hardware/beaglelogic/api.c:160:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (devc->beaglelogic->open(devc)) data/libsigrok-0.5.2/src/hardware/beaglelogic/beaglelogic.h:96:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int (*open)(struct dev_context *devc); data/libsigrok-0.5.2/src/hardware/beaglelogic/beaglelogic_native.c:25:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). devc->fd = open(BEAGLELOGIC_DEV_NODE, O_RDONLY | O_NONBLOCK); data/libsigrok-0.5.2/src/hardware/beaglelogic/beaglelogic_native.c:85:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/libsigrok-0.5.2/src/hardware/beaglelogic/beaglelogic_native.c:88:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(BEAGLELOGIC_SYSFS_ATTR(lasterror), O_RDONLY)) == -1) data/libsigrok-0.5.2/src/hardware/brymen-dmm/parser.c:154:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[32]; data/libsigrok-0.5.2/src/hardware/cem-dt-885x/protocol.h:105:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[BUF_SIZE]; data/libsigrok-0.5.2/src/hardware/chronovu-la/api.c:135:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char product[64], serial_num[64], connection_id[64]; data/libsigrok-0.5.2/src/hardware/colead-slm/protocol.c:189:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/libsigrok-0.5.2/src/hardware/colead-slm/protocol.h:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10]; data/libsigrok-0.5.2/src/hardware/conrad-digi-35-cpu/protocol.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[5]; data/libsigrok-0.5.2/src/hardware/demo/api.c:115:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char channel_name[16]; data/libsigrok-0.5.2/src/hardware/demo/api.c:157:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(channel_name, "D%d", i); data/libsigrok-0.5.2/src/hardware/dreamsourcelab-dslogic/api.c:138:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char manufacturer[64], product[64], serial_num[64], connection_id[64]; data/libsigrok-0.5.2/src/hardware/dreamsourcelab-dslogic/api.c:139:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char channel_name[16]; data/libsigrok-0.5.2/src/hardware/dreamsourcelab-dslogic/api.c:246:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(channel_name, "%d", j); data/libsigrok-0.5.2/src/hardware/dreamsourcelab-dslogic/protocol.c:548:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connection_id[64]; data/libsigrok-0.5.2/src/hardware/fluke-45/protocol.c:133:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). mod = atoi(devc->response); data/libsigrok-0.5.2/src/hardware/fluke-45/protocol.c:175:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expstr[3]; data/libsigrok-0.5.2/src/hardware/fluke-dmm/api.c:71:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128], *b, **tokens; data/libsigrok-0.5.2/src/hardware/fluke-dmm/protocol.c:428:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd[16], **tokens; data/libsigrok-0.5.2/src/hardware/fluke-dmm/protocol.c:466:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. n = sprintf(cmd, "QM %d\r", devc->meas_type); data/libsigrok-0.5.2/src/hardware/fluke-dmm/protocol.h:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[FLUKEDMM_BUFSIZE]; data/libsigrok-0.5.2/src/hardware/fx2lafw/api.c:195:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char manufacturer[64], product[64], serial_num[64], connection_id[64]; data/libsigrok-0.5.2/src/hardware/fx2lafw/api.c:196:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char channel_name[16]; data/libsigrok-0.5.2/src/hardware/fx2lafw/api.c:311:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(channel_name, "D%d", j); data/libsigrok-0.5.2/src/hardware/fx2lafw/protocol.c:152:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connection_id[64]; data/libsigrok-0.5.2/src/hardware/gwinstek-gds-800/protocol.c:74:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[32]; data/libsigrok-0.5.2/src/hardware/gwinstek-gds-800/protocol.c:200:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&devc->sample_rate, &sample_rate, sizeof(float)); data/libsigrok-0.5.2/src/hardware/gwinstek-gds-800/protocol.h:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rcv_buffer[MAX_RCV_BUFFER_SIZE]; data/libsigrok-0.5.2/src/hardware/gwinstek-gpd/api.c:75:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reply[50]; data/libsigrok-0.5.2/src/hardware/gwinstek-gpd/api.c:78:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char channel[10]; data/libsigrok-0.5.2/src/hardware/gwinstek-gpd/protocol.c:27:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdbuf[50]; data/libsigrok-0.5.2/src/hardware/gwinstek-gpd/protocol.c:107:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reply[50]; data/libsigrok-0.5.2/src/hardware/hameg-hmo/api.c:273:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[MAX_COMMAND_SIZE], command2[MAX_COMMAND_SIZE]; data/libsigrok-0.5.2/src/hardware/hameg-hmo/api.c:274:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char float_str[30], *tmp_str; data/libsigrok-0.5.2/src/hardware/hameg-hmo/api.c:622:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[MAX_COMMAND_SIZE]; data/libsigrok-0.5.2/src/hardware/hameg-hmo/api.c:712:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[MAX_COMMAND_SIZE]; data/libsigrok-0.5.2/src/hardware/hameg-hmo/protocol.c:874:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[MAX_COMMAND_SIZE]; data/libsigrok-0.5.2/src/hardware/hameg-hmo/protocol.c:948:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *logic_threshold_short[MAX_NUM_LOGIC_THRESHOLD_ENTRIES]; data/libsigrok-0.5.2/src/hardware/hameg-hmo/protocol.c:949:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[MAX_COMMAND_SIZE]; data/libsigrok-0.5.2/src/hardware/hameg-hmo/protocol.c:1238:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char *)(*scope_models[model_index].analog_names)[i]); data/libsigrok-0.5.2/src/hardware/hameg-hmo/protocol.h:40:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *name[MAX_INSTRUMENT_VERSIONS]; data/libsigrok-0.5.2/src/hardware/hameg-hmo/protocol.h:109:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char trigger_pattern[MAX_ANALOG_CHANNEL_COUNT + MAX_DIGITAL_CHANNEL_COUNT + 1]; data/libsigrok-0.5.2/src/hardware/hantek-4032l/api.c:180:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connection_id[64]; data/libsigrok-0.5.2/src/hardware/hantek-4032l/api.c:244:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char channel_name[4]; data/libsigrok-0.5.2/src/hardware/hantek-4032l/api.c:245:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(channel_name, "%c%d", 'A' + (j & 1), j / 2); data/libsigrok-0.5.2/src/hardware/hantek-4032l/protocol.c:473:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connection_id[64]; data/libsigrok-0.5.2/src/hardware/hantek-6xxx/api.c:197:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connection_id[64]; data/libsigrok-0.5.2/src/hardware/hantek-6xxx/protocol.c:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connection_id[64]; data/libsigrok-0.5.2/src/hardware/hantek-dso/api.c:280:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connection_id[64]; data/libsigrok-0.5.2/src/hardware/hantek-dso/api.c:739:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(devc->framebuf + devc->samp_buffered * 2, data/libsigrok-0.5.2/src/hardware/hantek-dso/api.c:749:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(devc->framebuf + devc->samp_buffered * 2, data/libsigrok-0.5.2/src/hardware/hantek-dso/protocol.c:115:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connection_id[64]; data/libsigrok-0.5.2/src/hardware/hp-3457a/api.c:71:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[16]; data/libsigrok-0.5.2/src/hardware/hp-3457a/protocol.c:208:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chan[16], list_str[64] = ""; data/libsigrok-0.5.2/src/hardware/ikalogic-scanalogic2/api.c:375:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(devc->xfer_data_out + 2, &tmp, sizeof(tmp)); data/libsigrok-0.5.2/src/hardware/ikalogic-scanalogic2/api.c:378:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(devc->xfer_data_out + 4, &tmp, sizeof(tmp)); data/libsigrok-0.5.2/src/hardware/ikalogic-scanalogic2/api.c:386:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(devc->xfer_data_out + 10, &tmp, sizeof(tmp)); data/libsigrok-0.5.2/src/hardware/ikalogic-scanalogic2/protocol.c:68:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(devc->sample_buffer[devc->channel] + offset, data/libsigrok-0.5.2/src/hardware/ikalogic-scanalogic2/protocol.c:677:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(dev_info->serial), buffer + 1, sizeof(uint32_t)); data/libsigrok-0.5.2/src/hardware/ipdbg-la/protocol.c:147:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recvbuf[16]; data/libsigrok-0.5.2/src/hardware/ipdbg-la/protocol.c:325:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(devc->raw_sample_buf[devc->num_transfers]), data/libsigrok-0.5.2/src/hardware/ipdbg-la/protocol.c:541:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[4]; data/libsigrok-0.5.2/src/hardware/kecheng-kc-330b/api.c:68:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cmd, buf[32]; data/libsigrok-0.5.2/src/hardware/kecheng-kc-330b/api.c:328:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[9]; data/libsigrok-0.5.2/src/hardware/kecheng-kc-330b/protocol.c:37:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; data/libsigrok-0.5.2/src/hardware/kecheng-kc-330b/protocol.c:196:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[7]; data/libsigrok-0.5.2/src/hardware/kecheng-kc-330b/protocol.c:237:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[7]; data/libsigrok-0.5.2/src/hardware/kecheng-kc-330b/protocol.h:82:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[128]; data/libsigrok-0.5.2/src/hardware/korad-kaxxxxp/api.c:90:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reply[50]; data/libsigrok-0.5.2/src/hardware/korad-kaxxxxp/protocol.c:172:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reply[6]; data/libsigrok-0.5.2/src/hardware/lascar-el-usb/api.c:272:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cmd[3], resp[4], *buf; data/libsigrok-0.5.2/src/hardware/lascar-el-usb/protocol.c:96:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cmd[3], buf[MAX_CONFIGBLOCK_SIZE]; data/libsigrok-0.5.2/src/hardware/lascar-el-usb/protocol.c:182:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(configblock, buf, buflen); data/libsigrok-0.5.2/src/hardware/lascar-el-usb/protocol.c:213:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cmd[3], buf[256]; data/libsigrok-0.5.2/src/hardware/lascar-el-usb/protocol.c:297:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char firmware[5]; data/libsigrok-0.5.2/src/hardware/lascar-el-usb/protocol.c:318:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(firmware, config + 0x30, 4); data/libsigrok-0.5.2/src/hardware/lascar-el-usb/protocol.c:359:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char config[MAX_CONFIGBLOCK_SIZE]; data/libsigrok-0.5.2/src/hardware/lascar-el-usb/protocol.h:45:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char config[MAX_CONFIGBLOCK_SIZE]; data/libsigrok-0.5.2/src/hardware/lecroy-logicstudio/api.c:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char channel_name[8]; data/libsigrok-0.5.2/src/hardware/lecroy-logicstudio/api.c:119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connection_id[64]; data/libsigrok-0.5.2/src/hardware/lecroy-logicstudio/api.c:195:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connection_id[64]; data/libsigrok-0.5.2/src/hardware/lecroy-xstream/api.c:202:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[MAX_COMMAND_SIZE]; data/libsigrok-0.5.2/src/hardware/lecroy-xstream/api.c:358:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[MAX_COMMAND_SIZE]; data/libsigrok-0.5.2/src/hardware/lecroy-xstream/api.c:383:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[MAX_COMMAND_SIZE]; data/libsigrok-0.5.2/src/hardware/lecroy-xstream/protocol.c:39:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char instrument_name[16]; data/libsigrok-0.5.2/src/hardware/lecroy-xstream/protocol.c:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char trace_label[16]; data/libsigrok-0.5.2/src/hardware/lecroy-xstream/protocol.c:63:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vertunit[48]; data/libsigrok-0.5.2/src/hardware/lecroy-xstream/protocol.c:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char horunit[48]; data/libsigrok-0.5.2/src/hardware/lecroy-xstream/protocol.c:70:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char descriptor_name[16]; data/libsigrok-0.5.2/src/hardware/lecroy-xstream/protocol.c:71:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char template_name[16]; data/libsigrok-0.5.2/src/hardware/lecroy-xstream/protocol.c:275:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[MAX_COMMAND_SIZE]; data/libsigrok-0.5.2/src/hardware/lecroy-xstream/protocol.c:328:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[MAX_COMMAND_SIZE]; data/libsigrok-0.5.2/src/hardware/lecroy-xstream/protocol.c:396:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[MAX_COMMAND_SIZE]; data/libsigrok-0.5.2/src/hardware/lecroy-xstream/protocol.c:480:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[MAX_COMMAND_SIZE]; data/libsigrok-0.5.2/src/hardware/lecroy-xstream/protocol.c:531:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char *)(*scope_models[model_index].analog_names)[i]); data/libsigrok-0.5.2/src/hardware/lecroy-xstream/protocol.c:618:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[MAX_COMMAND_SIZE]; data/libsigrok-0.5.2/src/hardware/lecroy-xstream/protocol.h:36:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *name[MAX_INSTRUMENT_VERSIONS]; data/libsigrok-0.5.2/src/hardware/manson-hcs-3xxx/api.c:79:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reply[50], **tokens, *dummy; data/libsigrok-0.5.2/src/hardware/manson-hcs-3xxx/protocol.c:29:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmdbuf[50]; data/libsigrok-0.5.2/src/hardware/manson-hcs-3xxx/protocol.h:78:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[50]; data/libsigrok-0.5.2/src/hardware/mic-985xx/protocol.c:73:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4]; data/libsigrok-0.5.2/src/hardware/microchip-pickit2/protocol.c:271:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*buf, &recv_cmd.raw[0], copy_len); data/libsigrok-0.5.2/src/hardware/mooshimeter-dmm/protocol.c:368:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node->value.b->data, contents->data + 3, len); data/libsigrok-0.5.2/src/hardware/mooshimeter-dmm/protocol.c:632:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(analog.meaning, &devc->channel_meaning[channel], data/libsigrok-0.5.2/src/hardware/mooshimeter-dmm/protocol.c:702:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(analog.meaning, &devc->channel_meaning[channel], data/libsigrok-0.5.2/src/hardware/motech-lps-30x/api.c:122:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char auxfmt[LINELEN_MAX]; data/libsigrok-0.5.2/src/hardware/motech-lps-30x/api.c:123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[LINELEN_MAX]; data/libsigrok-0.5.2/src/hardware/motech-lps-30x/api.c:157:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[LINELEN_MAX]; data/libsigrok-0.5.2/src/hardware/motech-lps-30x/api.c:188:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[LINELEN_MAX]; data/libsigrok-0.5.2/src/hardware/motech-lps-30x/api.c:264:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[LINELEN_MAX]; data/libsigrok-0.5.2/src/hardware/motech-lps-30x/api.c:303:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[LINELEN_MAX]; data/libsigrok-0.5.2/src/hardware/norma-dmm/api.c:52:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *nameref[5][2] = { data/libsigrok-0.5.2/src/hardware/norma-dmm/api.c:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char req[10]; data/libsigrok-0.5.2/src/hardware/norma-dmm/protocol.c:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[NMADMM_BUFSIZE]; data/libsigrok-0.5.2/src/hardware/openbench-logic-sniffer/api.c:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8]; data/libsigrok-0.5.2/src/hardware/openbench-logic-sniffer/protocol.c:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1]; data/libsigrok-0.5.2/src/hardware/openbench-logic-sniffer/protocol.c:42:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[5]; data/libsigrok-0.5.2/src/hardware/openbench-logic-sniffer/protocol.c:474:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(devc->sample, devc->tmp_sample, 4); data/libsigrok-0.5.2/src/hardware/openbench-logic-sniffer/protocol.c:485:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(devc->raw_sample_buf + offset + (i * 4), data/libsigrok-0.5.2/src/hardware/openbench-logic-sniffer/protocol.h:94:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sample[4]; data/libsigrok-0.5.2/src/hardware/openbench-logic-sniffer/protocol.h:95:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp_sample[4]; data/libsigrok-0.5.2/src/hardware/pipistrello-ols/api.c:87:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[70]; data/libsigrok-0.5.2/src/hardware/pipistrello-ols/protocol.c:522:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(devc->raw_sample_buf + offset + (i * 8), data/libsigrok-0.5.2/src/hardware/pipistrello-ols/protocol.c:524:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(devc->raw_sample_buf + offset + (4 + (i * 8)), data/libsigrok-0.5.2/src/hardware/pipistrello-ols/protocol.c:589:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(devc->sample, devc->tmp_sample, 4); data/libsigrok-0.5.2/src/hardware/pipistrello-ols/protocol.c:600:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(devc->raw_sample_buf + offset + (i * 4), data/libsigrok-0.5.2/src/hardware/pipistrello-ols/protocol.h:107:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sample[4]; data/libsigrok-0.5.2/src/hardware/pipistrello-ols/protocol.h:108:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp_sample[4]; data/libsigrok-0.5.2/src/hardware/pipistrello-ols/protocol.h:109:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp_sample2[4]; data/libsigrok-0.5.2/src/hardware/rigol-ds/api.c:673:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[16]; data/libsigrok-0.5.2/src/hardware/rigol-ds/protocol.h:142:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *coupling[MAX_ANALOG_CHANNELS]; data/libsigrok-0.5.2/src/hardware/saleae-logic-pro/api.c:134:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char strdesc[64]; data/libsigrok-0.5.2/src/hardware/saleae-logic-pro/api.c:174:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connection_id[64]; data/libsigrok-0.5.2/src/hardware/saleae-logic-pro/protocol.c:197:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&req[3], regs, cnt); data/libsigrok-0.5.2/src/hardware/saleae-logic-pro/protocol.c:290:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, rsp + 1, len); data/libsigrok-0.5.2/src/hardware/saleae-logic-pro/protocol.c:308:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(req + 5, data, len); data/libsigrok-0.5.2/src/hardware/saleae-logic-pro/protocol.c:365:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, i2c_rsp + 1, 32); data/libsigrok-0.5.2/src/hardware/saleae-logic-pro/protocol.c:391:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, i2c_rsp + 1, 32); data/libsigrok-0.5.2/src/hardware/saleae-logic-pro/protocol.c:412:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, i2c_rsp + 1, 64); data/libsigrok-0.5.2/src/hardware/saleae-logic-pro/protocol.c:413:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crc, i2c_rsp + 1 + 64, 2); data/libsigrok-0.5.2/src/hardware/saleae-logic-pro/protocol.c:478:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(req + 4, data, len); data/libsigrok-0.5.2/src/hardware/saleae-logic-pro/protocol.c:859:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, dst + devc->conv_size, CONV_BATCH_SIZE); data/libsigrok-0.5.2/src/hardware/saleae-logic16/api.c:109:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char strdesc[64]; data/libsigrok-0.5.2/src/hardware/saleae-logic16/api.c:153:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connection_id[64]; data/libsigrok-0.5.2/src/hardware/saleae-logic16/api.c:247:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connection_id[64]; data/libsigrok-0.5.2/src/hardware/saleae-logic16/protocol.c:268:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(command + 3, table, chunk); data/libsigrok-0.5.2/src/hardware/saleae-logic16/protocol.c:835:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, channel_data, 16 * 2); data/libsigrok-0.5.2/src/hardware/scpi-dmm/protocol.c:164:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prec_text[20]; data/libsigrok-0.5.2/src/hardware/scpi-pps/api.c:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch_name[16]; data/libsigrok-0.5.2/src/hardware/scpi-pps/api.c:679:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *s[16]; data/libsigrok-0.5.2/src/hardware/scpi-pps/profiles.c:957:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (*channels)[i].name = (char *)philips_pm2800_names[i]; data/libsigrok-0.5.2/src/hardware/scpi-pps/profiles.c:958:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&((*channels)[i].voltage), spec, sizeof(double) * 15); data/libsigrok-0.5.2/src/hardware/scpi-pps/profiles.c:959:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (*channel_groups)[i].name = (char *)philips_pm2800_names[i]; data/libsigrok-0.5.2/src/hardware/serial-dmm/api.c:60:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch_name[12]; data/libsigrok-0.5.2/src/hardware/serial-lcr/api.c:151:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ch_name[8]; data/libsigrok-0.5.2/src/hardware/siglent-sds/api.c:543:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[16]; data/libsigrok-0.5.2/src/hardware/siglent-sds/api.c:545:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd4[4]; data/libsigrok-0.5.2/src/hardware/siglent-sds/protocol.c:183:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/libsigrok-0.5.2/src/hardware/siglent-sds/protocol.c:194:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&framecount, buf + 40, 4); data/libsigrok-0.5.2/src/hardware/siglent-sds/protocol.c:232:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[200]; data/libsigrok-0.5.2/src/hardware/siglent-sds/protocol.c:243:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&framecount, buf + 40, 4); data/libsigrok-0.5.2/src/hardware/siglent-sds/protocol.c:328:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&desc_length, buf + 36, 4); /* Descriptor block length */ data/libsigrok-0.5.2/src/hardware/siglent-sds/protocol.c:329:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&data_length, buf + 60, 4); /* Data block length */ data/libsigrok-0.5.2/src/hardware/siglent-sds/protocol.h:132:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *coupling[MAX_ANALOG_CHANNELS]; data/libsigrok-0.5.2/src/hardware/sysclk-lwla/api.c:59:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; data/libsigrok-0.5.2/src/hardware/sysclk-lwla/api.c:195:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[512]; data/libsigrok-0.5.2/src/hardware/sysclk-lwla/lwla1016.c:189:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char reply[512]; data/libsigrok-0.5.2/src/hardware/sysclk-lwla/lwla1034.c:267:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[512]; data/libsigrok-0.5.2/src/hardware/sysclk-lwla/protocol.h:136:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[12]; data/libsigrok-0.5.2/src/hardware/sysclk-sla5032/api.c:72:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; data/libsigrok-0.5.2/src/hardware/sysclk-sla5032/protocol.c:146:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cmd_pkt[2], data, len); data/libsigrok-0.5.2/src/hardware/sysclk-sla5032/protocol.c:157:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cmd_pkt[3], data, len); data/libsigrok-0.5.2/src/hardware/sysclk-sla5032/protocol.c:569:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fw_data + 0x100, stream + BITSTREAM_HEADER_SIZE, data/libsigrok-0.5.2/src/hardware/teleinfo/protocol.c:91:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int v = atoi(data); data/libsigrok-0.5.2/src/hardware/teleinfo/protocol.c:132:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[9], data[13], control, cr; data/libsigrok-0.5.2/src/hardware/teleinfo/protocol.c:164:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char optarif[5] = { 0 }; data/libsigrok-0.5.2/src/hardware/testo/api.c:59:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char manufacturer[64], product[64], connection_id[64]; data/libsigrok-0.5.2/src/hardware/testo/api.c:244:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(devc->reply + devc->reply_size, data, len); data/libsigrok-0.5.2/src/hardware/testo/protocol.c:63:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char packet[MAX_REPLY_SIZE], buf[MAX_REPLY_SIZE]; data/libsigrok-0.5.2/src/hardware/testo/protocol.c:95:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(packet + packet_len, buf + 2, len - 2); data/libsigrok-0.5.2/src/hardware/yokogawa-dlm/api.c:272:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char float_str[30]; data/libsigrok-0.5.2/src/hardware/yokogawa-dlm/protocol.c:41:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *dlm_trigger_slopes[2] = { data/libsigrok-0.5.2/src/hardware/yokogawa-dlm/protocol.c:747:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. *model_name = (char *)scope_models[i].model_name[j]; data/libsigrok-0.5.2/src/hardware/yokogawa-dlm/protocol.c:796:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char *)(*scope_models[model_index].analog_names)[i]); data/libsigrok-0.5.2/src/hardware/yokogawa-dlm/protocol.h:52:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char *dlm_trigger_slopes[2]; data/libsigrok-0.5.2/src/hardware/yokogawa-dlm/protocol.h:57:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *model_id[MAX_INSTRUMENT_VERSIONS]; data/libsigrok-0.5.2/src/hardware/yokogawa-dlm/protocol.h:58:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *model_name[MAX_INSTRUMENT_VERSIONS]; data/libsigrok-0.5.2/src/hardware/yokogawa-dlm/protocol.h:112:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char receive_buffer[RECEIVE_BUFFER_SIZE]; data/libsigrok-0.5.2/src/hardware/zeroplus-logic-cube/api.c:170:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serial_num[64], connection_id[64]; data/libsigrok-0.5.2/src/hardware/zeroplus-logic-cube/gl_usb.c:57:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char packet[8] = { address & 0xFF }; data/libsigrok-0.5.2/src/hardware/zeroplus-logic-cube/gl_usb.c:69:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char packet[8] = { val & 0xFF }; data/libsigrok-0.5.2/src/hardware/zeroplus-logic-cube/gl_usb.c:81:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char packet[8] = { 0 }; data/libsigrok-0.5.2/src/hardware/zeroplus-logic-cube/gl_usb.c:95:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char packet[8] = { data/libsigrok-0.5.2/src/hardware/zketech-ebd-usb/protocol.c:26:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[count * 2 + 1]; data/libsigrok-0.5.2/src/hardware/zketech-ebd-usb/protocol.c:29:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(&buffer[2 * j], "%02X", buf[j]); data/libsigrok-0.5.2/src/input/binary.c:46:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[16]; data/libsigrok-0.5.2/src/input/chronovu_la8.c:109:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[16]; data/libsigrok-0.5.2/src/input/logicport.c:128:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *wire_names[MAX_CHANNELS]; data/libsigrok-0.5.2/src/input/logicport.c:129:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *signal_names[MAX_CHANNELS]; data/libsigrok-0.5.2/src/input/logicport.c:916:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, sample_buffer, inc->unitsize); data/libsigrok-0.5.2/src/input/raw_analog.c:109:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char channelname[16]; data/libsigrok-0.5.2/src/input/trace32_ad.c:96:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pod_status[MAX_POD_COUNT]; data/libsigrok-0.5.2/src/input/trace32_ad.c:157:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[17]; data/libsigrok-0.5.2/src/input/trace32_ad.c:385:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; data/libsigrok-0.5.2/src/input/trace32_ad.c:454:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char single_payload[12 * 3]; data/libsigrok-0.5.2/src/input/trace32_ad.c:615:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char single_payload[3]; data/libsigrok-0.5.2/src/input/trace32_ad.c:667:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chan_suffix[2], chan_name[33]; data/libsigrok-0.5.2/src/input/trace32_ad.c:724:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ch = atoi(s1 + 1); data/libsigrok-0.5.2/src/input/trace32_ad.c:728:9: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ch = atoi(s1); data/libsigrok-0.5.2/src/input/trace32_ad.c:743:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char delimiter[3]; data/libsigrok-0.5.2/src/input/vcd.c:393:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, inc->current_levels, inc->bytes_per_sample); data/libsigrok-0.5.2/src/input/wav.c:232:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d, s, inc->unitsize); data/libsigrok-0.5.2/src/input/wav.c:323:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char channelname[16]; data/libsigrok-0.5.2/src/lcr/vc4080.c:187:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value_text[8]; data/libsigrok-0.5.2/src/lcr/vc4080.c:191:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(value_text, digits, length); data/libsigrok-0.5.2/src/lcr/vc4080.c:628:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. SR_PRIV const char *vc4080_channel_formats[VC4080_CHANNEL_COUNT] = { data/libsigrok-0.5.2/src/libsigrok-internal.h:1203:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int (*open)(struct sr_serial_dev_inst *serial, int flags); data/libsigrok-0.5.2/src/libsigrok-internal.h:1336:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int (*open)(void *priv); data/libsigrok-0.5.2/src/libsigrok-internal.h:1682:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern SR_PRIV const char *vc4080_channel_formats[VC4080_CHANNEL_COUNT]; data/libsigrok-0.5.2/src/modbus/modbus.c:180:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return modbus->open(modbus->priv); data/libsigrok-0.5.2/src/modbus/modbus.c:326:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8]; data/libsigrok-0.5.2/src/modbus/modbus.c:425:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(coils, reply + 2, (nb_coils + 7) / 8); data/libsigrok-0.5.2/src/modbus/modbus.c:474:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(registers, reply + 2, 2 * nb_registers); data/libsigrok-0.5.2/src/modbus/modbus.c:540:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(request + 6, registers, 2 * nb_registers); data/libsigrok-0.5.2/src/output/ascii.c:217:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->prev_sample, logic->data + i, logic->unitsize); data/libsigrok-0.5.2/src/output/csv.c:460:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->previous_sample, logic_sample, data/libsigrok-0.5.2/src/output/csv.c:462:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->previous_sample data/libsigrok-0.5.2/src/output/vcd.c:267:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->prevsample, sample, logic->unitsize); data/libsigrok-0.5.2/src/output/wav.c:78:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bufp, outc->chanbuf[j] + i * 4, 4); data/libsigrok-0.5.2/src/output/wav.c:123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4]; data/libsigrok-0.5.2/src/output/wav.c:162:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4]; data/libsigrok-0.5.2/src/scpi.h:102:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int (*open)(struct sr_scpi_dev_inst *scpi); data/libsigrok-0.5.2/src/scpi/scpi.c:407:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return scpi->open(scpi); data/libsigrok-0.5.2/src/scpi/scpi.c:965:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10]; data/libsigrok-0.5.2/src/scpi/scpi.c:1037:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, &response->str[2], llen); data/libsigrok-0.5.2/src/scpi/scpi.c:1177:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char quotes[3]; data/libsigrok-0.5.2/src/scpi/scpi_tcp.c:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char length_buf[LENGTH_BYTES]; data/libsigrok-0.5.2/src/scpi/scpi_usbtmc_libusb.c:497:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uscpi->buffer + USBTMC_BULK_HEADER_SIZE, data, size); data/libsigrok-0.5.2/src/scpi/scpi_usbtmc_libusb.c:622:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, uscpi->buffer + uscpi->response_bytes_read, read_length); data/libsigrok-0.5.2/src/scpi/scpi_vxi.c:192:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, read_resp->data.data_val, read_resp->data.data_len); data/libsigrok-0.5.2/src/serial.c:119:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!serial->lib_funcs->open) data/libsigrok-0.5.2/src/serial.c:121:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ret = serial->lib_funcs->open(serial, flags); data/libsigrok-0.5.2/src/serial.c:342:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, buf->str, len); data/libsigrok-0.5.2/src/serial_bt.c:64:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *ser_bt_conn_names[SER_BT_CONN_MAX] = { data/libsigrok-0.5.2/src/serial_bt.c:733:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addr_text[20]; data/libsigrok-0.5.2/src/serial_hid.c:786:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serno_got[128]; data/libsigrok-0.5.2/src/serial_hid_ch9325.c:125:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, &buffer[1], count); data/libsigrok-0.5.2/src/serial_hid_ch9325.c:151:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buffer[1], data, size); data/libsigrok-0.5.2/src/serial_hid_cp2110.c:241:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, &buffer[1], count); data/libsigrok-0.5.2/src/serial_hid_cp2110.c:266:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buffer[1], data, size); data/libsigrok-0.5.2/src/serial_hid_victor.c:105:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret_buf, rx_buf, rx_len); data/libsigrok-0.5.2/src/session.c:1510:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(payload, packet->payload, sizeof(struct sr_datafeed_header)); data/libsigrok-0.5.2/src/session.c:1531:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(logic_copy->data, logic->data, logic->length * logic->unitsize); data/libsigrok-0.5.2/src/session.c:1539:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(analog_copy->data, analog->data, data/libsigrok-0.5.2/src/session_driver.c:75:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char capturefile[128]; data/libsigrok-0.5.2/src/session_file.c:120:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[11]; data/libsigrok-0.5.2/src/session_file.c:220:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char channelname[SR_MAX_CHANNELNAME_LEN + 1]; data/libsigrok-0.5.2/src/soft-trigger.c:100:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stl->pre_trigger_head, buf, size); data/libsigrok-0.5.2/src/soft-trigger.c:205:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stl->prev_sample, buf + i, stl->unitsize); data/libsigrok-0.5.2/src/strutil.c:754:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[16], fract[20] = "", *f; data/libsigrok-0.5.2/src/usb.c:524:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char strdesc[64]; data/libsigrok-0.5.2/tests/trigger.c:38:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[10]; data/libsigrok-0.5.2/tests/trigger.c:42:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *)&name, "T%d", i); data/libsigrok-0.5.2/tests/trigger.c:126:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[10]; data/libsigrok-0.5.2/tests/trigger.c:130:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *)&name, "L%d", i); data/libsigrok-0.5.2/tests/trigger.c:137:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *)&name, "A%d", i); data/libsigrok-0.5.2/bindings/cxx/classes.cpp:112:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return reader->read(res, buf, count); data/libsigrok-0.5.2/bindings/cxx/include/libsigrokcxx/libsigrokcxx.hpp:228:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual size_t read(const struct sr_resource *res, void *buf, size_t count) = 0; data/libsigrok-0.5.2/src/bt/bt_bluez.c:1084:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rdlen = read(desc->fd, data, len); data/libsigrok-0.5.2/src/dmm/asycii.c:108:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *exponent = -(valstr + strlen(valstr) - dot_pos - 1); data/libsigrok-0.5.2/src/dmm/asycii.c:186:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u += strlen("A"); data/libsigrok-0.5.2/src/dmm/asycii.c:189:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u += strlen("VA"); data/libsigrok-0.5.2/src/dmm/asycii.c:192:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u += strlen("V"); data/libsigrok-0.5.2/src/dmm/asycii.c:195:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u += strlen("ohm"); data/libsigrok-0.5.2/src/dmm/asycii.c:199:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u += strlen("F"); data/libsigrok-0.5.2/src/dmm/asycii.c:203:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u += strlen("dB"); data/libsigrok-0.5.2/src/dmm/asycii.c:207:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u += strlen("Hz"); data/libsigrok-0.5.2/src/dmm/asycii.c:211:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u += strlen("%"); data/libsigrok-0.5.2/src/dmm/asycii.c:223:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u += strlen("Cnt"); data/libsigrok-0.5.2/src/dmm/asycii.c:236:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u += strlen("s"); data/libsigrok-0.5.2/src/dmm/asycii.c:257:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u += strlen("ac+dc"); data/libsigrok-0.5.2/src/dmm/asycii.c:260:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u += strlen("ac"); data/libsigrok-0.5.2/src/dmm/asycii.c:263:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u += strlen("dc"); data/libsigrok-0.5.2/src/dmm/asycii.c:266:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u += strlen("d"); data/libsigrok-0.5.2/src/dmm/asycii.c:269:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). u += strlen("Pk"); data/libsigrok-0.5.2/src/hardware/agilent-dmm/protocol.c:226:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (serial_write_blocking(serial, buf, strlen(buf), SERIAL_WRITE_TIMEOUT_MS) < (int)strlen(buf)) { data/libsigrok-0.5.2/src/hardware/agilent-dmm/protocol.c:226:86: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (serial_write_blocking(serial, buf, strlen(buf), SERIAL_WRITE_TIMEOUT_MS) < (int)strlen(buf)) { data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/api.c:109:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(CMD_MONITOR_STOP), serial_timeout(serial, data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/api.c:110:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(CMD_MONITOR_STOP))) < (int)strlen(CMD_MONITOR_STOP)) { data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/api.c:110:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(CMD_MONITOR_STOP))) < (int)strlen(CMD_MONITOR_STOP)) { data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/api.c:118:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(CMD_VERSION), serial_timeout(serial, data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/api.c:119:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(CMD_VERSION))) < (int)strlen(CMD_VERSION)) { data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/api.c:119:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(CMD_VERSION))) < (int)strlen(CMD_VERSION)) { data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/api.c:297:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(CMD_MONITOR_STOP), serial_timeout(sdi->conn, data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/api.c:298:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(CMD_MONITOR_STOP))) < (int)strlen(CMD_MONITOR_STOP)) { data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/api.c:298:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(CMD_MONITOR_STOP))) < (int)strlen(CMD_MONITOR_STOP)) { data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/api.c:318:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(CMD_MONITOR), serial_timeout(serial, data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/api.c:319:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(CMD_MONITOR)))) < (int)strlen(CMD_MONITOR)) { data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/api.c:319:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(CMD_MONITOR)))) < (int)strlen(CMD_MONITOR)) { data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/protocol.c:40:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(cmd), serial_timeout(serial, data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/protocol.c:41:4: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(cmd)))) < (int)strlen(cmd)) { data/libsigrok-0.5.2/src/hardware/arachnid-labs-re-load-pro/protocol.c:41:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(cmd)))) < (int)strlen(cmd)) { data/libsigrok-0.5.2/src/hardware/atten-pps3xxx/protocol.c:31:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(str + strlen(str), "%.2x ", packet[i]); data/libsigrok-0.5.2/src/hardware/baylibre-acme/protocol.c:178:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(buf, prb_name, strlen(prb_name))) { data/libsigrok-0.5.2/src/hardware/baylibre-acme/protocol.c:285:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rd = read(fd, eeprom_buf, EEPROM_SIZE); data/libsigrok-0.5.2/src/hardware/baylibre-acme/protocol.c:647:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(fd, buf, sizeof(buf)); data/libsigrok-0.5.2/src/hardware/baylibre-acme/protocol.c:733:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(devc->timer_fd, &nrexpiration, sizeof(nrexpiration)) < 0) { data/libsigrok-0.5.2/src/hardware/beaglelogic/beaglelogic_native.c:91:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((ret = read(fd, buf, 16)) < 0) data/libsigrok-0.5.2/src/hardware/beaglelogic/beaglelogic_tcp.c:106:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out = send(devc->socket, buf, strlen(buf), 0); data/libsigrok-0.5.2/src/hardware/beaglelogic/beaglelogic_tcp.c:114:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (out < (int)strlen(buf)) { data/libsigrok-0.5.2/src/hardware/beaglelogic/beaglelogic_tcp.c:116:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(buf), buf); data/libsigrok-0.5.2/src/hardware/center-3xx/protocol.c:37:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((ret = serial_write_blocking(serial, cmd, strlen(cmd), data/libsigrok-0.5.2/src/hardware/center-3xx/protocol.c:38:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). serial_timeout(serial, strlen(cmd)))) < 0) { data/libsigrok-0.5.2/src/hardware/fluke-45/protocol.c:273:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). digits = get_reading_dd(reading, strlen(reading)); data/libsigrok-0.5.2/src/hardware/gwinstek-gpd/protocol.c:39:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = serial_write_blocking(serial, cmdbuf, strlen(cmdbuf), data/libsigrok-0.5.2/src/hardware/gwinstek-gpd/protocol.c:40:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). serial_timeout(serial, strlen(cmdbuf))); data/libsigrok-0.5.2/src/hardware/hameg-hmo/api.c:379:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). idx = strlen(tmp_str); data/libsigrok-0.5.2/src/hardware/hameg-hmo/api.c:388:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(state->trigger_pattern, data/libsigrok-0.5.2/src/hardware/hameg-hmo/protocol.c:980:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (*config->logic_threshold)[i], strlen((*config->logic_threshold)[i])); data/libsigrok-0.5.2/src/hardware/hameg-hmo/protocol.c:1131:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(state->trigger_pattern, data/libsigrok-0.5.2/src/hardware/korad-kaxxxxp/api.c:126:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(models[i].id) > len) data/libsigrok-0.5.2/src/hardware/korad-kaxxxxp/api.c:127:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(models[i].id); data/libsigrok-0.5.2/src/hardware/korad-kaxxxxp/protocol.c:33:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((ret = serial_write_blocking(serial, cmd, strlen(cmd), 0)) < 0) { data/libsigrok-0.5.2/src/hardware/manson-hcs-3xxx/protocol.c:41:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((ret = serial_write_blocking(serial, cmdbuf, strlen(cmdbuf), data/libsigrok-0.5.2/src/hardware/manson-hcs-3xxx/protocol.c:42:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). serial_timeout(serial, strlen(cmdbuf)))) < 0) { data/libsigrok-0.5.2/src/hardware/mic-985xx/protocol.c:27:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((ret = serial_write_blocking(serial, cmd, strlen(cmd), data/libsigrok-0.5.2/src/hardware/mic-985xx/protocol.c:28:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). serial_timeout(serial, strlen(cmd)))) < 0) { data/libsigrok-0.5.2/src/hardware/mic-985xx/protocol.c:82:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *)&tmp, &buf[2], 3); data/libsigrok-0.5.2/src/hardware/mic-985xx/protocol.c:86:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *)&tmp, &buf[6], 3); data/libsigrok-0.5.2/src/hardware/mooshimeter-dmm/protocol.c:278:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(path); data/libsigrok-0.5.2/src/hardware/mooshimeter-dmm/protocol.c:286:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(current->children[i].name) != length) data/libsigrok-0.5.2/src/hardware/motech-lps-30x/api.c:130:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). retc = serial_write_blocking(serial, buf, strlen(buf), data/libsigrok-0.5.2/src/hardware/motech-lps-30x/api.c:131:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). serial_timeout(serial, strlen(buf))); data/libsigrok-0.5.2/src/hardware/norma-dmm/api.c:110:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (serial_write_blocking(serial, req, strlen(req), data/libsigrok-0.5.2/src/hardware/norma-dmm/api.c:111:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). serial_timeout(serial, strlen(req))) < 0) { data/libsigrok-0.5.2/src/hardware/norma-dmm/protocol.c:102:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen((const char *)devc->buf) != LINE_LENGTH) { data/libsigrok-0.5.2/src/hardware/siglent-sds/api.c:662:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(cmd4, devc->coupling[i], 3); data/libsigrok-0.5.2/src/hardware/siglent-sds/protocol.c:805:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(tokens[4]); data/libsigrok-0.5.2/src/hardware/siglent-sds/protocol.c:901:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sample_points_string[strlen(sample_points_string) - 4] = '\0'; data/libsigrok-0.5.2/src/hardware/siglent-sds/protocol.c:908:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sample_points_string[strlen(sample_points_string) - 4] = '\0'; data/libsigrok-0.5.2/src/hardware/teleinfo/protocol.c:134:6: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(str, "\x0A%8s %13s %c%c", label, data, &control, &cr) != 4 data/libsigrok-0.5.2/src/hardware/yokogawa-dlm/protocol.c:336:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ss, value, pos); data/libsigrok-0.5.2/src/hardware/yokogawa-dlm/protocol.c:337:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(es, &(value[pos+1]), 3); data/libsigrok-0.5.2/src/input/csv.c:802:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(column); data/libsigrok-0.5.2/src/input/csv.c:907:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(column); data/libsigrok-0.5.2/src/input/csv.c:1105:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fn && *fn && (fn_len = strlen(fn)) >= strlen(default_extension)) { data/libsigrok-0.5.2/src/input/csv.c:1105:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fn && *fn && (fn_len = strlen(fn)) >= strlen(default_extension)) { data/libsigrok-0.5.2/src/input/csv.c:1106:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcasecmp(&fn[fn_len - strlen(default_extension)], default_extension) == 0) { data/libsigrok-0.5.2/src/input/csv.c:1153:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(col, binary_charset) != strlen(col)) { data/libsigrok-0.5.2/src/input/csv.c:1484:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (in->buf->len < strlen(utf8_bom)) data/libsigrok-0.5.2/src/input/csv.c:1486:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(in->buf->str, utf8_bom, strlen(utf8_bom)) != 0) data/libsigrok-0.5.2/src/input/csv.c:1488:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_string_erase(in->buf, 0, strlen(utf8_bom)); data/libsigrok-0.5.2/src/input/csv.c:1568:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). processed_up_to += strlen(inc->termination); data/libsigrok-0.5.2/src/input/logicport.c:200:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(read_ptr, keyword, strlen(keyword)) != 0) data/libsigrok-0.5.2/src/input/logicport.c:202:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). read_ptr += strlen(keyword); data/libsigrok-0.5.2/src/input/logicport.c:235:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(read_ptr, caution, strlen(caution)) != 0) data/libsigrok-0.5.2/src/input/logicport.c:237:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). read_ptr += strlen(caution); data/libsigrok-0.5.2/src/input/logicport.c:675:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). eol_ptr += strlen(CRLF); data/libsigrok-0.5.2/src/input/logicport.c:707:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line = p + strlen(CONT_OPEN); data/libsigrok-0.5.2/src/input/logicport.c:716:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_string_append_len(inc->cont_buff, line, strlen(line)); data/libsigrok-0.5.2/src/input/logicport.c:719:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_string_append_len(inc->cont_buff, CRLF, strlen(CRLF)); data/libsigrok-0.5.2/src/input/trace32_ad.c:117:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(name); data/libsigrok-0.5.2/src/input/trace32_ad.c:118:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = g_malloc0(l * strlen("\\x00") + 1); data/libsigrok-0.5.2/src/input/trace32_ad.c:124:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("\\x00"); data/libsigrok-0.5.2/src/input/trace32_ad.c:286:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). format_name_sig = g_strndup(format_name, strlen(TRACE32)); data/libsigrok-0.5.2/src/input/trace32_ad.c:717:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if ((strlen(s1) == 4) && g_ascii_isupper(s1[3])) { data/libsigrok-0.5.2/src/lcr/vc4080.c:639:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). serial_write_blocking(serial, command, strlen(command), 0); data/libsigrok-0.5.2/src/libsigrok-internal.h:1210:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int (*read)(struct sr_serial_dev_inst *serial, data/libsigrok-0.5.2/src/modbus/modbus.c:151:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(resource, modbus_dev->prefix, strlen(modbus_dev->prefix))) { data/libsigrok-0.5.2/src/output/ascii.c:73:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!ctx->charset || strlen(ctx->charset) < 2) { data/libsigrok-0.5.2/src/output/ascii.c:77:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ctx->edges = (strlen(ctx->charset) >= 4) ? TRUE : FALSE; data/libsigrok-0.5.2/src/output/csv.c:148:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*ctx->gnuplot && strlen(ctx->value) > 1) data/libsigrok-0.5.2/src/output/srzip.c:361:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). baselen = strlen(basename); data/libsigrok-0.5.2/src/output/vcd.c:131:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). timestamp[strlen(timestamp) - 1] = 0; data/libsigrok-0.5.2/src/scpi/scpi.c:376:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!strncmp(resource, scpi_dev->prefix, strlen(scpi_dev->prefix))) { data/libsigrok-0.5.2/src/scpi/scpi.c:1183:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s_len = strlen(s); data/libsigrok-0.5.2/src/scpi/scpi.c:1200:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(rdptr, rdptr + 1, strlen(rdptr)); data/libsigrok-0.5.2/src/scpi/scpi_libgpib.c:91:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(command); data/libsigrok-0.5.2/src/scpi/scpi_serial.c:159:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). result = serial_write_blocking(serial, command, strlen(command), 0); data/libsigrok-0.5.2/src/scpi/scpi_tcp.c:150:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(command); data/libsigrok-0.5.2/src/scpi/scpi_usbtmc_libusb.c:577:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). command, strlen(command), EOM) <= 0) data/libsigrok-0.5.2/src/scpi/scpi_visa.c:103:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(command); data/libsigrok-0.5.2/src/scpi/scpi_vxi.c:133:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(command); data/libsigrok-0.5.2/src/serial.c:445:48: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!serial->lib_funcs || !serial->lib_funcs->read) data/libsigrok-0.5.2/src/serial.c:447:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = serial->lib_funcs->read(serial, buf, count, data/libsigrok-0.5.2/src/serial_bt.c:304:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). off = strlen(SER_BT_CONN_PREFIX); data/libsigrok-0.5.2/src/serial_hid.c:102:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). is_hex_colon = strspn(path, accept) == strlen(path); data/libsigrok-0.5.2/src/serial_hid.c:109:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_strcanon(name + strlen(SER_HID_USB_PREFIX), keep, '.'); data/libsigrok-0.5.2/src/serial_hid.c:135:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(p, SER_HID_RAW_PREFIX, strlen(SER_HID_RAW_PREFIX)) == 0) { data/libsigrok-0.5.2/src/serial_hid.c:136:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(SER_HID_RAW_PREFIX); data/libsigrok-0.5.2/src/serial_hid.c:139:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strncmp(p, SER_HID_USB_PREFIX, strlen(SER_HID_USB_PREFIX)) == 0) { data/libsigrok-0.5.2/src/serial_hid.c:140:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(SER_HID_USB_PREFIX); data/libsigrok-0.5.2/src/serial_hid.c:200:16: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (manuf && wcslen(manuf) != 0) data/libsigrok-0.5.2/src/serial_hid.c:202:15: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (prod && wcslen(prod) != 0) data/libsigrok-0.5.2/src/serial_hid.c:204:16: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (serno && wcslen(serno) != 0) data/libsigrok-0.5.2/src/serial_hid.c:603:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). spec += strlen(desc->chipname); data/libsigrok-0.5.2/src/serial_hid.c:720:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(SER_HID_CONN_PREFIX); data/libsigrok-0.5.2/src/serial_hid.c:738:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p); data/libsigrok-0.5.2/src/serial_hid.c:744:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p); data/libsigrok-0.5.2/src/serial_hid.c:746:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(SER_HID_SNR_PREFIX); data/libsigrok-0.5.2/src/serial_hid.c:748:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p); data/libsigrok-0.5.2/src/serial_hid.c:1023:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). off = strlen(SER_HID_CONN_PREFIX); data/libsigrok-0.5.2/tests/version.c:88:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fail_unless(strlen(str) >= len_min); data/libsigrok-0.5.2/tests/version.c:89:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fail_unless(strlen(str) <= len_max); data/libsigrok-0.5.2/tests/version.c:92:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fail_unless(strlen(str) >= len_min); data/libsigrok-0.5.2/tests/version.c:93:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fail_unless(strlen(str) <= len_max); ANALYSIS SUMMARY: Hits = 481 Lines analyzed = 130679 in approximately 3.07 seconds (42582 lines/second) Physical Source Lines of Code (SLOC) = 91191 Hits@level = [0] 56 [1] 140 [2] 314 [3] 6 [4] 21 [5] 0 Hits@level+ = [0+] 537 [1+] 481 [2+] 341 [3+] 27 [4+] 21 [5+] 0 Hits/KSLOC@level+ = [0+] 5.88874 [1+] 5.27464 [2+] 3.7394 [3+] 0.296082 [4+] 0.230286 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.