Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libslirp-4.3.1/src/arp_table.c
Examining data/libslirp-4.3.1/src/bootp.c
Examining data/libslirp-4.3.1/src/bootp.h
Examining data/libslirp-4.3.1/src/cksum.c
Examining data/libslirp-4.3.1/src/debug.h
Examining data/libslirp-4.3.1/src/dhcpv6.c
Examining data/libslirp-4.3.1/src/dhcpv6.h
Examining data/libslirp-4.3.1/src/dnssearch.c
Examining data/libslirp-4.3.1/src/if.c
Examining data/libslirp-4.3.1/src/if.h
Examining data/libslirp-4.3.1/src/ip.h
Examining data/libslirp-4.3.1/src/ip6.h
Examining data/libslirp-4.3.1/src/ip6_icmp.c
Examining data/libslirp-4.3.1/src/ip6_icmp.h
Examining data/libslirp-4.3.1/src/ip6_input.c
Examining data/libslirp-4.3.1/src/ip6_output.c
Examining data/libslirp-4.3.1/src/ip_icmp.c
Examining data/libslirp-4.3.1/src/ip_icmp.h
Examining data/libslirp-4.3.1/src/ip_input.c
Examining data/libslirp-4.3.1/src/ip_output.c
Examining data/libslirp-4.3.1/src/libslirp.h
Examining data/libslirp-4.3.1/src/main.h
Examining data/libslirp-4.3.1/src/mbuf.c
Examining data/libslirp-4.3.1/src/mbuf.h
Examining data/libslirp-4.3.1/src/misc.c
Examining data/libslirp-4.3.1/src/misc.h
Examining data/libslirp-4.3.1/src/ncsi-pkt.h
Examining data/libslirp-4.3.1/src/ncsi.c
Examining data/libslirp-4.3.1/src/ndp_table.c
Examining data/libslirp-4.3.1/src/sbuf.c
Examining data/libslirp-4.3.1/src/sbuf.h
Examining data/libslirp-4.3.1/src/slirp.c
Examining data/libslirp-4.3.1/src/slirp.h
Examining data/libslirp-4.3.1/src/socket.c
Examining data/libslirp-4.3.1/src/socket.h
Examining data/libslirp-4.3.1/src/state.c
Examining data/libslirp-4.3.1/src/stream.c
Examining data/libslirp-4.3.1/src/stream.h
Examining data/libslirp-4.3.1/src/tcp.h
Examining data/libslirp-4.3.1/src/tcp_input.c
Examining data/libslirp-4.3.1/src/tcp_output.c
Examining data/libslirp-4.3.1/src/tcp_subr.c
Examining data/libslirp-4.3.1/src/tcp_timer.c
Examining data/libslirp-4.3.1/src/tcp_timer.h
Examining data/libslirp-4.3.1/src/tcp_var.h
Examining data/libslirp-4.3.1/src/tcpip.h
Examining data/libslirp-4.3.1/src/tftp.c
Examining data/libslirp-4.3.1/src/tftp.h
Examining data/libslirp-4.3.1/src/udp.c
Examining data/libslirp-4.3.1/src/udp.h
Examining data/libslirp-4.3.1/src/udp6.c
Examining data/libslirp-4.3.1/src/util.c
Examining data/libslirp-4.3.1/src/util.h
Examining data/libslirp-4.3.1/src/version.c
Examining data/libslirp-4.3.1/src/vmstate.c
Examining data/libslirp-4.3.1/src/vmstate.h

FINAL RESULTS:

data/libslirp-4.3.1/src/bootp.c:259:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(rbp->bp_file, slirp->bootp_filename);
data/libslirp-4.3.1/src/ip6_icmp.c:11:5:  [3] (random) g_rand_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    g_rand_int_range(slirp->grand, NDP_MinRtrAdvInterval, NDP_MaxRtrAdvInterval)
data/libslirp-4.3.1/src/arp_table.c:52:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(arptbl->table[i].ar_sha, ethaddr, ETH_ALEN);
data/libslirp-4.3.1/src/arp_table.c:59:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(arptbl->table[arptbl->next_victim].ar_sha, ethaddr, ETH_ALEN);
data/libslirp-4.3.1/src/arp_table.c:83:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(out_ethaddr, arptbl->table[i].ar_sha, ETH_ALEN);
data/libslirp-4.3.1/src/bootp.c:132:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(&(preq_addr->s_addr), p, 4);
data/libslirp-4.3.1/src/bootp.c:143:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&(preq_addr->s_addr), &bp->bp_ciaddr, 4);
data/libslirp-4.3.1/src/bootp.c:175:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(client_ethaddr, bp->bp_hwaddr, ETH_ALEN);
data/libslirp-4.3.1/src/bootp.c:201:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(bc->macaddr, client_ethaddr, ETH_ALEN);
data/libslirp-4.3.1/src/bootp.c:206:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(bc->macaddr, client_ethaddr, ETH_ALEN);
data/libslirp-4.3.1/src/bootp.c:232:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(rbp->bp_hwaddr, bp->bp_hwaddr, ETH_ALEN);
data/libslirp-4.3.1/src/bootp.c:239:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(q, rfc1533_cookie, 4);
data/libslirp-4.3.1/src/bootp.c:264:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(q, &saddr.sin_addr, 4);
data/libslirp-4.3.1/src/bootp.c:269:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(q, &slirp->vnetwork_mask, 4);
data/libslirp-4.3.1/src/bootp.c:275:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(q, &saddr.sin_addr, 4);
data/libslirp-4.3.1/src/bootp.c:280:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(q, &slirp->vnameserver_addr, 4);
data/libslirp-4.3.1/src/bootp.c:287:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(q, &val, 4);
data/libslirp-4.3.1/src/bootp.c:298:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(q, slirp->client_hostname, val);
data/libslirp-4.3.1/src/bootp.c:311:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(q, slirp->vdomainname, val);
data/libslirp-4.3.1/src/bootp.c:324:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(q, slirp->tftp_server_name, val);
data/libslirp-4.3.1/src/bootp.c:335:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(q, slirp->vdnssearch, val);
data/libslirp-4.3.1/src/bootp.c:350:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(q, nak_msg, sizeof(nak_msg) - 1);
data/libslirp-4.3.1/src/bootp.h:116:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char bp_file[128];
data/libslirp-4.3.1/src/dhcpv6.c:164:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(resp, ri.client_id, ri.client_id_len);
data/libslirp-4.3.1/src/dhcpv6.c:172:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(resp, &slirp->vnameserver_addr6, 16);
data/libslirp-4.3.1/src/ip6.h:165:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&eth[2], &ip.s6_addr[16 - (ETH_ALEN - 2)], ETH_ALEN - 2);
data/libslirp-4.3.1/src/ip6_icmp.c:52:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(t->m_data, m->m_data, t->m_len);
data/libslirp-4.3.1/src/ip6_icmp.c:77:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char addrstr[INET6_ADDRSTRLEN];
data/libslirp-4.3.1/src/ip6_icmp.c:124:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(t->m_data, m->m_data, error_data_len);
data/libslirp-4.3.1/src/ip6_icmp.c:221:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char addrstr[INET6_ADDRSTRLEN];
data/libslirp-4.3.1/src/ip6_icmp.c:233:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&rip->ip_dst.s6_addr[13], &addr.s6_addr[13], 3);
data/libslirp-4.3.1/src/ip6_icmp.h:122:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char linklayer_addr[6]; /* Source/Target Link-layer */
data/libslirp-4.3.1/src/ip_icmp.c:279:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char bufa[20], bufb[20];
data/libslirp-4.3.1/src/ip_icmp.c:317:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(m->m_data, msrc->m_data, msrc->m_len);
data/libslirp-4.3.1/src/ip_icmp.c:344:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&icp->icmp_ip, msrc->m_data, s_ip_len); /* report the ip packet */
data/libslirp-4.3.1/src/ip_icmp.c:356:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(cpnt, message, message_len);
data/libslirp-4.3.1/src/ip_icmp.h:84:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char id_data[1];
data/libslirp-4.3.1/src/ip_input.c:457:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(opts, opts + olen, (unsigned)i);
data/libslirp-4.3.1/src/mbuf.c:135:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(m->m_data + m->m_len, n->m_data, n->m_len);
data/libslirp-4.3.1/src/mbuf.c:158:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(m->m_ext, m->m_dat, m->m_size);
data/libslirp-4.3.1/src/mbuf.c:191:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((n->m_data + n->m_len), (m->m_data + off), len);
data/libslirp-4.3.1/src/misc.c:296:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[20];
data/libslirp-4.3.1/src/ncsi-pkt.h:66:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char reserved2[3]; /* Reserved                  */
data/libslirp-4.3.1/src/ncsi-pkt.h:74:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pad[26];
data/libslirp-4.3.1/src/ncsi-pkt.h:80:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pad[22];
data/libslirp-4.3.1/src/ncsi-pkt.h:86:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char reserved[3]; /* Reserved       */
data/libslirp-4.3.1/src/ncsi-pkt.h:89:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pad[22];
data/libslirp-4.3.1/src/ncsi-pkt.h:95:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char reserved[3]; /* Reserved        */
data/libslirp-4.3.1/src/ncsi-pkt.h:98:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pad[22];
data/libslirp-4.3.1/src/ncsi-pkt.h:106:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pad[22];
data/libslirp-4.3.1/src/ncsi-pkt.h:112:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char reserved[3]; /* Reserved         */
data/libslirp-4.3.1/src/ncsi-pkt.h:116:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pad[18];
data/libslirp-4.3.1/src/ncsi-pkt.h:125:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pad[18];
data/libslirp-4.3.1/src/ncsi-pkt.h:137:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pad[14];
data/libslirp-4.3.1/src/ncsi-pkt.h:143:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char reserved[3]; /* Reserved         */
data/libslirp-4.3.1/src/ncsi-pkt.h:146:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pad[22];
data/libslirp-4.3.1/src/ncsi-pkt.h:152:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char mac[6]; /* MAC address             */
data/libslirp-4.3.1/src/ncsi-pkt.h:156:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pad[18];
data/libslirp-4.3.1/src/ncsi-pkt.h:164:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pad[22];
data/libslirp-4.3.1/src/ncsi-pkt.h:172:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pad[22];
data/libslirp-4.3.1/src/ncsi-pkt.h:178:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char reserved[3]; /* Reserved          */
data/libslirp-4.3.1/src/ncsi-pkt.h:181:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pad[22];
data/libslirp-4.3.1/src/ncsi-pkt.h:191:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pad[10];
data/libslirp-4.3.1/src/ncsi-pkt.h:198:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char reserved[3]; /* Reserved        */
data/libslirp-4.3.1/src/ncsi-pkt.h:200:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char fw_name[12]; /* f/w name string */
data/libslirp-4.3.1/src/ncsi-pkt.h:219:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char reserved[2]; /* Reserved          */
data/libslirp-4.3.1/src/ncsi-pkt.h:229:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char reserved[2]; /* Reserved              */
data/libslirp-4.3.1/src/ncsi-pkt.h:239:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char reserved2[2]; /* Reserved              */
data/libslirp-4.3.1/src/ncsi-pkt.h:241:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char mac[6]; /* Supported MAC addr    */
data/libslirp-4.3.1/src/ncsi-pkt.h:331:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char uuid[16]; /* UUID            */
data/libslirp-4.3.1/src/ncsi-pkt.h:341:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pad[14];
data/libslirp-4.3.1/src/ncsi-pkt.h:348:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pad[22];
data/libslirp-4.3.1/src/ncsi-pkt.h:356:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char pad[18];
data/libslirp-4.3.1/src/ndp_table.c:12:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char addrstr[INET6_ADDRSTRLEN];
data/libslirp-4.3.1/src/ndp_table.c:34:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(ndp_table->table[i].eth_addr, ethaddr, ETH_ALEN);
data/libslirp-4.3.1/src/ndp_table.c:42:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ndp_table->table[ndp_table->next_victim].eth_addr, ethaddr,
data/libslirp-4.3.1/src/ndp_table.c:50:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char addrstr[INET6_ADDRSTRLEN];
data/libslirp-4.3.1/src/ndp_table.c:77:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(out_ethaddr, ndp_table->table[i].eth_addr, ETH_ALEN);
data/libslirp-4.3.1/src/sbuf.c:117:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(sb->sb_wptr, m->m_data, n);
data/libslirp-4.3.1/src/sbuf.c:123:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(sb->sb_wptr, m->m_data, n);
data/libslirp-4.3.1/src/sbuf.c:130:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(sb->sb_data, m->m_data + n, nn);
data/libslirp-4.3.1/src/sbuf.c:157:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(to, from, len);
data/libslirp-4.3.1/src/sbuf.c:163:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(to, from, off);
data/libslirp-4.3.1/src/sbuf.c:166:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(to + off, sb->sb_data, len);
data/libslirp-4.3.1/src/slirp.c:132:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pdns_addr, cached_addr, addrlen);
data/libslirp-4.3.1/src/slirp.c:143:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pdns_addr, cached_addr, addrlen);
data/libslirp-4.3.1/src/slirp.c:153:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buff[512];
data/libslirp-4.3.1/src/slirp.c:154:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buff2[257];
data/libslirp-4.3.1/src/slirp.c:160:9:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    f = fopen("/etc/resolv.conf", "r");
data/libslirp-4.3.1/src/slirp.c:180:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(pdns_addr, tmp_addr, addrlen);
data/libslirp-4.3.1/src/slirp.c:181:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(cached_addr, tmp_addr, addrlen);
data/libslirp-4.3.1/src/slirp.c:192:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char s[INET6_ADDRSTRLEN];
data/libslirp-4.3.1/src/slirp.c:793:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(reh->h_dest, pkt + ETH_ALEN, ETH_ALEN);
data/libslirp-4.3.1/src/slirp.c:794:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(reh->h_source, special_ethaddr, ETH_ALEN - 4);
data/libslirp-4.3.1/src/slirp.c:795:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&reh->h_source[2], &ah->ar_tip, 4);
data/libslirp-4.3.1/src/slirp.c:803:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(rah->ar_sha, reh->h_source, ETH_ALEN);
data/libslirp-4.3.1/src/slirp.c:805:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(rah->ar_tha, ah->ar_sha, ETH_ALEN);
data/libslirp-4.3.1/src/slirp.c:842:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(m->m_data + TCPIPHDR_DELTA + 2, pkt, pkt_len);
data/libslirp-4.3.1/src/slirp.c:880:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(reh->h_source, special_ethaddr, ETH_ALEN - 4);
data/libslirp-4.3.1/src/slirp.c:881:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&reh->h_source[2], &slirp->vhost_addr, 4);
data/libslirp-4.3.1/src/slirp.c:890:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(rah->ar_sha, special_ethaddr, ETH_ALEN - 4);
data/libslirp-4.3.1/src/slirp.c:891:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&rah->ar_sha[2], &slirp->vhost_addr, 4);
data/libslirp-4.3.1/src/slirp.c:911:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(eh->h_source, special_ethaddr, ETH_ALEN - 4);
data/libslirp-4.3.1/src/slirp.c:913:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&eh->h_source[2], &slirp->vhost_addr, 4);
data/libslirp-4.3.1/src/slirp.c:980:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(eh->h_dest, ethaddr, ETH_ALEN);
data/libslirp-4.3.1/src/slirp.c:987:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf + sizeof(struct ethhdr), ifm->m_data, ifm->m_len);
data/libslirp-4.3.1/src/slirp.h:73:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char h_dest[ETH_ALEN]; /* destination eth addr */
data/libslirp-4.3.1/src/slirp.h:74:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char h_source[ETH_ALEN]; /* source ether addr    */
data/libslirp-4.3.1/src/slirp.h:88:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char ar_sha[ETH_ALEN]; /* sender hardware address */
data/libslirp-4.3.1/src/slirp.h:90:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char ar_tha[ETH_ALEN]; /* target hardware address */
data/libslirp-4.3.1/src/slirp.h:108:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char eth_addr[ETH_ALEN]; /* sender hardware address */
data/libslirp-4.3.1/src/slirp.h:143:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char client_hostname[33];
data/libslirp-4.3.1/src/socket.c:265:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(iov[0].iov_base, buf, nn);
data/libslirp-4.3.1/src/socket.c:273:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(iov[1].iov_base, buf, copy);
data/libslirp-4.3.1/src/socket.c:331:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buff[2048]; /* XXX Shouldn't be sending more oob data than this */
data/libslirp-4.3.1/src/socket.c:357:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buff, sb->sb_rptr, len);
data/libslirp-4.3.1/src/socket.c:364:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((buff + len), sb->sb_data, n);
data/libslirp-4.3.1/src/socket.c:501:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buff[256];
data/libslirp-4.3.1/src/tcp_input.c:1400:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((char *)&mss, (char *)cp + 2, sizeof(mss));
data/libslirp-4.3.1/src/tcp_output.c:271:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((char *)(opt + 2), (char *)&mss, sizeof(mss));
data/libslirp-4.3.1/src/tcp_output.c:324:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((char *)ti, &tp->t_template, sizeof(struct tcpiphdr));
data/libslirp-4.3.1/src/tcp_output.c:353:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((char *)(ti + 1), (char *)opt, optlen);
data/libslirp-4.3.1/src/tcp_subr.c:608:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buff[257];
data/libslirp-4.3.1/src/tcp_subr.c:846:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char ra_tbl[4];
data/libslirp-4.3.1/src/tftp.c:75:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&spt->client_addr, srcsas, sockaddr_size(srcsas));
data/libslirp-4.3.1/src/tftp.c:113:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        spt->fd = open(spt->filename, O_RDONLY | O_BINARY);
data/libslirp-4.3.1/src/tftp.c:280:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *option_name[2];
data/libslirp-4.3.1/src/tftp.c:311:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(spt->filename, slirp->tftp_prefix, prefix_len);
data/libslirp-4.3.1/src/tftp.c:381:25:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int tsize = atoi(value);
data/libslirp-4.3.1/src/tftp.c:397:27:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
            int blksize = atoi(value);
data/libslirp-4.3.1/src/tftp.h:35:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char tp_buf[TFTP_BLOCKSIZE_MAX + 2];
data/libslirp-4.3.1/src/bootp.c:258:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            g_assert(strlen(slirp->bootp_filename) < sizeof(rbp->bp_file));
data/libslirp-4.3.1/src/bootp.c:291:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            val = strlen(slirp->client_hostname);
data/libslirp-4.3.1/src/bootp.c:304:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            val = strlen(slirp->vdomainname);
data/libslirp-4.3.1/src/bootp.c:317:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            val = strlen(slirp->tftp_server_name);
data/libslirp-4.3.1/src/dnssearch.c:250:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t nlen = strlen(names[i]);
data/libslirp-4.3.1/src/ip_icmp.c:210:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (sendto(so->s, icmp_ping_msg, strlen(icmp_ping_msg), 0,
data/libslirp-4.3.1/src/ip_icmp.c:352:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        message_len = strlen(message);
data/libslirp-4.3.1/src/slirp.c:166:13:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
        if (sscanf(buff, "nameserver%*[ \t]%256s", buff2) == 1) {
data/libslirp-4.3.1/src/slirp.c:287:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                         (strlen(cfg->bootfile) <
data/libslirp-4.3.1/src/tcp_subr.c:770:13:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
        if (sscanf(bptr, "DCC CHAT %256s %u %u", buff, &laddr, &lport) == 3) {
data/libslirp-4.3.1/src/tcp_subr.c:780:20:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
        } else if (sscanf(bptr, "DCC SEND %256s %u %u %u", buff, &laddr, &lport,
data/libslirp-4.3.1/src/tcp_subr.c:791:20:  [1] (buffer) sscanf:
  It's unclear if the %s limit in the format string is small enough
  (CWE-120). Check that the limit is sufficiently small, or use a different
  input function.
        } else if (sscanf(bptr, "DCC MOVE %256s %u %u %u", buff, &laddr, &lport,
data/libslirp-4.3.1/src/tftp.c:125:22:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        bytes_read = read(spt->fd, buf, len);
data/libslirp-4.3.1/src/tftp.c:222:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
               strlen(msg) - sizeof(struct udphdr);
data/libslirp-4.3.1/src/tftp.c:309:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    prefix_len = strlen(slirp->tftp_prefix);
data/libslirp-4.3.1/src/tftp.c:347:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        req_fname[strlen(req_fname) - 1] == '\\' ||
data/libslirp-4.3.1/src/tftp.c:350:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        req_fname[strlen(req_fname) - 1] == '/') {
data/libslirp-4.3.1/src/tftp.c:370:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        k += strlen(key) + 1;
data/libslirp-4.3.1/src/tftp.c:378:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        k += strlen(value) + 1;

ANALYSIS SUMMARY:

Hits = 150
Lines analyzed = 15719 in approximately 0.44 seconds (35417 lines/second)
Physical Source Lines of Code (SLOC) = 10201
Hits@level = [0]  17 [1]  19 [2] 129 [3]   1 [4]   1 [5]   0
Hits@level+ = [0+] 167 [1+] 150 [2+] 131 [3+]   2 [4+]   1 [5+]   0
Hits/KSLOC@level+ = [0+] 16.3709 [1+] 14.7044 [2+] 12.8419 [3+] 0.196059 [4+] 0.0980296 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.