Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/h5VLStrHelperImp.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/h5fHelperImp.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/h5pHelperImp.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/exceptionImp.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/exceptionImp.h
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5Constants.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5Imp.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5Imp.h
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5aImp.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5aImp.h
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5dImp.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5dImp.h
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5eImp.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5eImp.h
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5fImp.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5fImp.h
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5gImp.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5gImp.h
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5iImp.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5iImp.h
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5lImp.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5lImp.h
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5oImp.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5oImp.h
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5pImp.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5pImp.h
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5plImp.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5plImp.h
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5rImp.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5rImp.h
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5sImp.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5sImp.h
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5tImp.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5tImp.h
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5zImp.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5zImp.h
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/nativeData.c
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/nativeData.h
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5jni.h
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.h
Examining data/libsis-jhdf5-java-19.04.0+dfsg/source/c/h5lHelperImp.c
FINAL RESULTS:
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/h5lHelperImp.c:204:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*(info->name+info->count), name);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/h5lHelperImp.c:291:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*(info->name+info->count), name);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5jni.h:37:30: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define HDstrcpy(X,Y) strcpy(X,Y)
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5jni.h:49:30: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define HDstrcat(X,Y) strcat(X,Y)
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5pImp.c:3882:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(member_name[i], utf8);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:318:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fmt_llong, "%%%sd", H5_PRINTF_LL_WIDTH);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:319:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fmt_ullong, "%%%su", H5_PRINTF_LL_WIDTH);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:420:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(token, fmt_ullong, &tmp_ullong);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:426:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(token, fmt_llong, &tmp_llong);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:609:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fmt_llong, "%%%sd", H5_PRINTF_LL_WIDTH);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:610:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fmt_ullong, "%%%su", H5_PRINTF_LL_WIDTH);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:705:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fmt_llong, "%%%sd", H5_PRINTF_LL_WIDTH);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:706:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fmt_ullong, "%%%su", H5_PRINTF_LL_WIDTH);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:824:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(this_str, fmt_ullong, tmp_ullong);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:830:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(this_str, fmt_llong, tmp_llong);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:867:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(this_str, "%s%02x", i ? ":" : "", ucptr[i]);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:997:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(this_str, "%s%02x", i ? ":" : "", ucptr[i]);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:1210:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_str, "%s%lu", j ? "," : "(",
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:1217:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_str, "%s%lu", j ? "," : ")-(",
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:1393:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_str, "%s%lu", j ? "," : "(",
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:3003:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(*(datainfo->objname+datainfo->count), name);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/exceptionImp.c:227:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *args[2];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/exceptionImp.c:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *args[2];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5jni.h:28:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define HDmemcpy(X,Y,Z) memcpy((char*)(X),(const char*)(Y),Z)
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5jni.h:55:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define HDfopen(S,M) fopen(S,M)
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5pImp.c:3838:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *member_name[H5FD_MEM_NTYPES];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:178:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fmt_llong[8], fmt_ullong[8];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:296:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fmt_llong[8], fmt_ullong[8];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:461:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char enum_name[1024];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:591:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fmt_llong[8], fmt_ullong[8];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:685:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fmt_llong[8], fmt_ullong[8];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:718:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(this_str, "%g", tmp_float);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:724:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(this_str, "%g", tmp_double);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:731:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(this_str, "%Lf", tmp_ldouble);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:768:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(this_str, "%u", tmp_uchar);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:774:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(this_str, "%hhd", tmp_char);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:782:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(this_str, "%u", tmp_uint);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:788:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(this_str, "%d", tmp_int);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:796:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(this_str, "%u", tmp_ushort);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:802:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(this_str, "%d", tmp_short);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:810:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(this_str, "%lu", tmp_ulong);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:816:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(this_str, "%ld", tmp_long);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:853:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char enum_name[1024];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:863:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(this_str, "%#02x", ucptr[0]);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:883:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ref_name[1024];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:938:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(this_str, "%u-%lu", (unsigned) oi.type, oi.addr);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:993:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(this_str, "%#02x", ucptr[0]);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:1181:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[256];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:1363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[256];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/nativeData.c:644:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[4];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/nativeData.c:714:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[4];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/nativeData.c:783:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[4];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/nativeData.c:852:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[8];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/nativeData.c:922:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[8];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/nativeData.c:987:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[sizeof(int)];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/nativeData.c:1026:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[sizeof(float)];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/nativeData.c:1065:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[sizeof(short)];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/nativeData.c:1105:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[sizeof(double)];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/nativeData.c:1145:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[sizeof(jlong)];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/nativeData.c:1184:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bytes[sizeof(jbyte)];
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/h5lHelperImp.c:198:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(info->name+info->count) = (char *) malloc(strlen(name)+1);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/h5lHelperImp.c:285:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(info->name+info->count) = (char *) malloc(strlen(name)+1);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5dImp.c:1078:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(&c_buf[i * str_len], utf8, str_len);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5jni.h:40:31: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define HDstrncpy(X,Y,Z) strncpy(X,Y,Z)
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5jni.h:46:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define HDstrlen(S) strlen(S)
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5pImp.c:3880:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
member_name[i] = (char*)HDmalloc(strlen(utf8) + 1);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5pImp.c:4188:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cacheinfo.trace_file_name, str, 1025);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:1772:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(s);
data/libsis-jhdf5-java-19.04.0+dfsg/source/c/jni/h5util.c:2956:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(datainfo->objname+datainfo->count) = (char *)HDmalloc(strlen(name)+1);
ANALYSIS SUMMARY:
Hits = 69
Lines analyzed = 28666 in approximately 0.79 seconds (36058 lines/second)
Physical Source Lines of Code (SLOC) = 18986
Hits@level = [0] 14 [1] 9 [2] 39 [3] 0 [4] 21 [5] 0
Hits@level+ = [0+] 83 [1+] 69 [2+] 60 [3+] 21 [4+] 21 [5+] 0
Hits/KSLOC@level+ = [0+] 4.37164 [1+] 3.63426 [2+] 3.16022 [3+] 1.10608 [4+] 1.10608 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.