Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libvirt-6.9.0/config.h Examining data/libvirt-6.9.0/examples/c/admin/client_close.c Examining data/libvirt-6.9.0/examples/c/admin/client_info.c Examining data/libvirt-6.9.0/examples/c/admin/client_limits.c Examining data/libvirt-6.9.0/examples/c/admin/list_clients.c Examining data/libvirt-6.9.0/examples/c/admin/list_servers.c Examining data/libvirt-6.9.0/examples/c/admin/logging.c Examining data/libvirt-6.9.0/examples/c/admin/threadpool_params.c Examining data/libvirt-6.9.0/examples/c/domain/dommigrate.c Examining data/libvirt-6.9.0/examples/c/domain/domtop.c Examining data/libvirt-6.9.0/examples/c/domain/info1.c Examining data/libvirt-6.9.0/examples/c/domain/rename.c Examining data/libvirt-6.9.0/examples/c/domain/suspend.c Examining data/libvirt-6.9.0/examples/c/misc/event-test.c Examining data/libvirt-6.9.0/examples/c/misc/hellolibvirt.c Examining data/libvirt-6.9.0/examples/c/misc/openauth.c Examining data/libvirt-6.9.0/include/libvirt/libvirt-admin.h Examining data/libvirt-6.9.0/include/libvirt/libvirt-domain-checkpoint.h Examining data/libvirt-6.9.0/include/libvirt/libvirt-domain-snapshot.h Examining data/libvirt-6.9.0/include/libvirt/libvirt-domain.h Examining data/libvirt-6.9.0/include/libvirt/libvirt-event.h Examining data/libvirt-6.9.0/include/libvirt/libvirt-host.h Examining data/libvirt-6.9.0/include/libvirt/libvirt-interface.h Examining data/libvirt-6.9.0/include/libvirt/libvirt-lxc.h Examining data/libvirt-6.9.0/include/libvirt/libvirt-network.h Examining data/libvirt-6.9.0/include/libvirt/libvirt-nodedev.h Examining data/libvirt-6.9.0/include/libvirt/libvirt-nwfilter.h Examining data/libvirt-6.9.0/include/libvirt/libvirt-qemu.h Examining data/libvirt-6.9.0/include/libvirt/libvirt-secret.h Examining data/libvirt-6.9.0/include/libvirt/libvirt-storage.h Examining data/libvirt-6.9.0/include/libvirt/libvirt-stream.h Examining data/libvirt-6.9.0/include/libvirt/libvirt.h Examining data/libvirt-6.9.0/include/libvirt/virterror.h Examining data/libvirt-6.9.0/scripts/cocci-macro-file.h Examining data/libvirt-6.9.0/src/access/viraccessdriver.h Examining data/libvirt-6.9.0/src/access/viraccessdrivernop.c Examining data/libvirt-6.9.0/src/access/viraccessdrivernop.h Examining data/libvirt-6.9.0/src/access/viraccessdriverpolkit.c Examining data/libvirt-6.9.0/src/access/viraccessdriverpolkit.h Examining data/libvirt-6.9.0/src/access/viraccessdriverstack.c Examining data/libvirt-6.9.0/src/access/viraccessdriverstack.h Examining data/libvirt-6.9.0/src/access/viraccessmanager.c Examining data/libvirt-6.9.0/src/access/viraccessmanager.h Examining data/libvirt-6.9.0/src/access/viraccessperm.c Examining data/libvirt-6.9.0/src/access/viraccessperm.h Examining data/libvirt-6.9.0/src/admin/admin_remote.c Examining data/libvirt-6.9.0/src/admin/admin_server.c Examining data/libvirt-6.9.0/src/admin/admin_server.h Examining data/libvirt-6.9.0/src/admin/admin_server_dispatch.c Examining data/libvirt-6.9.0/src/admin/admin_server_dispatch.h Examining data/libvirt-6.9.0/src/admin/libvirt-admin.c Examining data/libvirt-6.9.0/src/bhyve/bhyve_capabilities.c Examining data/libvirt-6.9.0/src/bhyve/bhyve_capabilities.h Examining data/libvirt-6.9.0/src/bhyve/bhyve_command.c Examining data/libvirt-6.9.0/src/bhyve/bhyve_command.h Examining data/libvirt-6.9.0/src/bhyve/bhyve_conf.c Examining data/libvirt-6.9.0/src/bhyve/bhyve_conf.h Examining data/libvirt-6.9.0/src/bhyve/bhyve_device.c Examining data/libvirt-6.9.0/src/bhyve/bhyve_device.h Examining data/libvirt-6.9.0/src/bhyve/bhyve_domain.c Examining data/libvirt-6.9.0/src/bhyve/bhyve_domain.h Examining data/libvirt-6.9.0/src/bhyve/bhyve_driver.c Examining data/libvirt-6.9.0/src/bhyve/bhyve_driver.h Examining data/libvirt-6.9.0/src/bhyve/bhyve_monitor.c Examining data/libvirt-6.9.0/src/bhyve/bhyve_monitor.h Examining data/libvirt-6.9.0/src/bhyve/bhyve_parse_command.c Examining data/libvirt-6.9.0/src/bhyve/bhyve_parse_command.h Examining data/libvirt-6.9.0/src/bhyve/bhyve_process.c Examining data/libvirt-6.9.0/src/bhyve/bhyve_process.h Examining data/libvirt-6.9.0/src/bhyve/bhyve_utils.h Examining data/libvirt-6.9.0/src/conf/backup_conf.c Examining data/libvirt-6.9.0/src/conf/backup_conf.h Examining data/libvirt-6.9.0/src/conf/capabilities.c Examining data/libvirt-6.9.0/src/conf/capabilities.h Examining data/libvirt-6.9.0/src/conf/checkpoint_conf.c Examining data/libvirt-6.9.0/src/conf/checkpoint_conf.h Examining data/libvirt-6.9.0/src/conf/cpu_conf.c Examining data/libvirt-6.9.0/src/conf/cpu_conf.h Examining data/libvirt-6.9.0/src/conf/device_conf.c Examining data/libvirt-6.9.0/src/conf/device_conf.h Examining data/libvirt-6.9.0/src/conf/domain_addr.c Examining data/libvirt-6.9.0/src/conf/domain_addr.h Examining data/libvirt-6.9.0/src/conf/domain_audit.c Examining data/libvirt-6.9.0/src/conf/domain_audit.h Examining data/libvirt-6.9.0/src/conf/domain_capabilities.c Examining data/libvirt-6.9.0/src/conf/domain_capabilities.h Examining data/libvirt-6.9.0/src/conf/domain_conf.c Examining data/libvirt-6.9.0/src/conf/domain_conf.h Examining data/libvirt-6.9.0/src/conf/domain_event.c Examining data/libvirt-6.9.0/src/conf/domain_event.h Examining data/libvirt-6.9.0/src/conf/domain_nwfilter.c Examining data/libvirt-6.9.0/src/conf/domain_nwfilter.h Examining data/libvirt-6.9.0/src/conf/interface_conf.c Examining data/libvirt-6.9.0/src/conf/interface_conf.h Examining data/libvirt-6.9.0/src/conf/moment_conf.c Examining data/libvirt-6.9.0/src/conf/moment_conf.h Examining data/libvirt-6.9.0/src/conf/netdev_bandwidth_conf.c Examining data/libvirt-6.9.0/src/conf/netdev_bandwidth_conf.h Examining data/libvirt-6.9.0/src/conf/netdev_vlan_conf.c Examining data/libvirt-6.9.0/src/conf/netdev_vlan_conf.h Examining data/libvirt-6.9.0/src/conf/netdev_vport_profile_conf.c Examining data/libvirt-6.9.0/src/conf/netdev_vport_profile_conf.h Examining data/libvirt-6.9.0/src/conf/network_conf.c Examining data/libvirt-6.9.0/src/conf/network_conf.h Examining data/libvirt-6.9.0/src/conf/network_event.c Examining data/libvirt-6.9.0/src/conf/network_event.h Examining data/libvirt-6.9.0/src/conf/networkcommon_conf.c Examining data/libvirt-6.9.0/src/conf/networkcommon_conf.h Examining data/libvirt-6.9.0/src/conf/node_device_conf.c Examining data/libvirt-6.9.0/src/conf/node_device_conf.h Examining data/libvirt-6.9.0/src/conf/node_device_event.c Examining data/libvirt-6.9.0/src/conf/node_device_event.h Examining data/libvirt-6.9.0/src/conf/node_device_util.c Examining data/libvirt-6.9.0/src/conf/node_device_util.h Examining data/libvirt-6.9.0/src/conf/numa_conf.c Examining data/libvirt-6.9.0/src/conf/numa_conf.h Examining data/libvirt-6.9.0/src/conf/nwfilter_conf.c Examining data/libvirt-6.9.0/src/conf/nwfilter_conf.h Examining data/libvirt-6.9.0/src/conf/nwfilter_ipaddrmap.c Examining data/libvirt-6.9.0/src/conf/nwfilter_ipaddrmap.h Examining data/libvirt-6.9.0/src/conf/nwfilter_params.c Examining data/libvirt-6.9.0/src/conf/nwfilter_params.h Examining data/libvirt-6.9.0/src/conf/object_event.c Examining data/libvirt-6.9.0/src/conf/object_event.h Examining data/libvirt-6.9.0/src/conf/object_event_private.h Examining data/libvirt-6.9.0/src/conf/secret_conf.c Examining data/libvirt-6.9.0/src/conf/secret_conf.h Examining data/libvirt-6.9.0/src/conf/secret_event.c Examining data/libvirt-6.9.0/src/conf/secret_event.h Examining data/libvirt-6.9.0/src/conf/snapshot_conf.c Examining data/libvirt-6.9.0/src/conf/snapshot_conf.h Examining data/libvirt-6.9.0/src/conf/snapshot_conf_priv.h Examining data/libvirt-6.9.0/src/conf/storage_adapter_conf.c Examining data/libvirt-6.9.0/src/conf/storage_adapter_conf.h Examining data/libvirt-6.9.0/src/conf/storage_capabilities.c Examining data/libvirt-6.9.0/src/conf/storage_capabilities.h Examining data/libvirt-6.9.0/src/conf/storage_conf.c Examining data/libvirt-6.9.0/src/conf/storage_conf.h Examining data/libvirt-6.9.0/src/conf/storage_event.c Examining data/libvirt-6.9.0/src/conf/storage_event.h Examining data/libvirt-6.9.0/src/conf/virchrdev.c Examining data/libvirt-6.9.0/src/conf/virchrdev.h Examining data/libvirt-6.9.0/src/conf/virconftypes.h Examining data/libvirt-6.9.0/src/conf/virdomaincheckpointobjlist.c Examining data/libvirt-6.9.0/src/conf/virdomaincheckpointobjlist.h Examining data/libvirt-6.9.0/src/conf/virdomainmomentobjlist.c Examining data/libvirt-6.9.0/src/conf/virdomainmomentobjlist.h Examining data/libvirt-6.9.0/src/conf/virdomainobjlist.c Examining data/libvirt-6.9.0/src/conf/virdomainobjlist.h Examining data/libvirt-6.9.0/src/conf/virdomainsnapshotobjlist.c Examining data/libvirt-6.9.0/src/conf/virdomainsnapshotobjlist.h Examining data/libvirt-6.9.0/src/conf/virinterfaceobj.c Examining data/libvirt-6.9.0/src/conf/virinterfaceobj.h Examining data/libvirt-6.9.0/src/conf/virnetworkobj.c Examining data/libvirt-6.9.0/src/conf/virnetworkobj.h Examining data/libvirt-6.9.0/src/conf/virnetworkportdef.c Examining data/libvirt-6.9.0/src/conf/virnetworkportdef.h Examining data/libvirt-6.9.0/src/conf/virnodedeviceobj.c Examining data/libvirt-6.9.0/src/conf/virnodedeviceobj.h Examining data/libvirt-6.9.0/src/conf/virnwfilterbindingdef.c Examining data/libvirt-6.9.0/src/conf/virnwfilterbindingdef.h Examining data/libvirt-6.9.0/src/conf/virnwfilterbindingobj.c Examining data/libvirt-6.9.0/src/conf/virnwfilterbindingobj.h Examining data/libvirt-6.9.0/src/conf/virnwfilterbindingobjlist.c Examining data/libvirt-6.9.0/src/conf/virnwfilterbindingobjlist.h Examining data/libvirt-6.9.0/src/conf/virnwfilterobj.c Examining data/libvirt-6.9.0/src/conf/virnwfilterobj.h Examining data/libvirt-6.9.0/src/conf/virsavecookie.c Examining data/libvirt-6.9.0/src/conf/virsavecookie.h Examining data/libvirt-6.9.0/src/conf/virsecretobj.c Examining data/libvirt-6.9.0/src/conf/virsecretobj.h Examining data/libvirt-6.9.0/src/conf/virstorageobj.c Examining data/libvirt-6.9.0/src/conf/virstorageobj.h Examining data/libvirt-6.9.0/src/cpu/cpu.c Examining data/libvirt-6.9.0/src/cpu/cpu.h Examining data/libvirt-6.9.0/src/cpu/cpu_arm.c Examining data/libvirt-6.9.0/src/cpu/cpu_arm.h Examining data/libvirt-6.9.0/src/cpu/cpu_arm_data.h Examining data/libvirt-6.9.0/src/cpu/cpu_map.c Examining data/libvirt-6.9.0/src/cpu/cpu_map.h Examining data/libvirt-6.9.0/src/cpu/cpu_ppc64.c Examining data/libvirt-6.9.0/src/cpu/cpu_ppc64.h Examining data/libvirt-6.9.0/src/cpu/cpu_ppc64_data.h Examining data/libvirt-6.9.0/src/cpu/cpu_s390.c Examining data/libvirt-6.9.0/src/cpu/cpu_s390.h Examining data/libvirt-6.9.0/src/cpu/cpu_x86.c Examining data/libvirt-6.9.0/src/cpu/cpu_x86.h Examining data/libvirt-6.9.0/src/cpu/cpu_x86_data.h Examining data/libvirt-6.9.0/src/datatypes.c Examining data/libvirt-6.9.0/src/datatypes.h Examining data/libvirt-6.9.0/src/driver-hypervisor.h Examining data/libvirt-6.9.0/src/driver-interface.h Examining data/libvirt-6.9.0/src/driver-network.h Examining data/libvirt-6.9.0/src/driver-nodedev.h Examining data/libvirt-6.9.0/src/driver-nwfilter.h Examining data/libvirt-6.9.0/src/driver-secret.h Examining data/libvirt-6.9.0/src/driver-state.h Examining data/libvirt-6.9.0/src/driver-storage.h Examining data/libvirt-6.9.0/src/driver-stream.h Examining data/libvirt-6.9.0/src/driver.c Examining data/libvirt-6.9.0/src/driver.h Examining data/libvirt-6.9.0/src/esx/esx_driver.c Examining data/libvirt-6.9.0/src/esx/esx_driver.h Examining data/libvirt-6.9.0/src/esx/esx_interface_driver.c Examining data/libvirt-6.9.0/src/esx/esx_interface_driver.h Examining data/libvirt-6.9.0/src/esx/esx_network_driver.c Examining data/libvirt-6.9.0/src/esx/esx_network_driver.h Examining data/libvirt-6.9.0/src/esx/esx_private.h Examining data/libvirt-6.9.0/src/esx/esx_storage_backend_iscsi.c Examining data/libvirt-6.9.0/src/esx/esx_storage_backend_iscsi.h Examining data/libvirt-6.9.0/src/esx/esx_storage_backend_vmfs.c Examining data/libvirt-6.9.0/src/esx/esx_storage_backend_vmfs.h Examining data/libvirt-6.9.0/src/esx/esx_storage_driver.c Examining data/libvirt-6.9.0/src/esx/esx_storage_driver.h Examining data/libvirt-6.9.0/src/esx/esx_stream.c Examining data/libvirt-6.9.0/src/esx/esx_stream.h Examining data/libvirt-6.9.0/src/esx/esx_util.c Examining data/libvirt-6.9.0/src/esx/esx_util.h Examining data/libvirt-6.9.0/src/esx/esx_vi.c Examining data/libvirt-6.9.0/src/esx/esx_vi.h Examining data/libvirt-6.9.0/src/esx/esx_vi_methods.c Examining data/libvirt-6.9.0/src/esx/esx_vi_methods.h Examining data/libvirt-6.9.0/src/esx/esx_vi_types.c Examining data/libvirt-6.9.0/src/esx/esx_vi_types.h Examining data/libvirt-6.9.0/src/hyperv/hyperv_driver.c Examining data/libvirt-6.9.0/src/hyperv/hyperv_driver.h Examining data/libvirt-6.9.0/src/hyperv/hyperv_private.h Examining data/libvirt-6.9.0/src/hyperv/hyperv_util.c Examining data/libvirt-6.9.0/src/hyperv/hyperv_util.h Examining data/libvirt-6.9.0/src/hyperv/hyperv_wmi.c Examining data/libvirt-6.9.0/src/hyperv/hyperv_wmi.h Examining data/libvirt-6.9.0/src/hyperv/hyperv_wmi_classes.c Examining data/libvirt-6.9.0/src/hyperv/hyperv_wmi_classes.h Examining data/libvirt-6.9.0/src/hypervisor/domain_cgroup.c Examining data/libvirt-6.9.0/src/hypervisor/domain_cgroup.h Examining data/libvirt-6.9.0/src/hypervisor/domain_driver.c Examining data/libvirt-6.9.0/src/hypervisor/domain_driver.h Examining data/libvirt-6.9.0/src/hypervisor/virclosecallbacks.c Examining data/libvirt-6.9.0/src/hypervisor/virclosecallbacks.h Examining data/libvirt-6.9.0/src/hypervisor/virhostdev.c Examining data/libvirt-6.9.0/src/hypervisor/virhostdev.h Examining data/libvirt-6.9.0/src/interface/interface_backend_netcf.c Examining data/libvirt-6.9.0/src/interface/interface_backend_udev.c Examining data/libvirt-6.9.0/src/interface/interface_driver.c Examining data/libvirt-6.9.0/src/interface/interface_driver.h Examining data/libvirt-6.9.0/src/internal.h Examining data/libvirt-6.9.0/src/keycodemapdb/tests/stdc++.cc Examining data/libvirt-6.9.0/src/keycodemapdb/tests/stdc.c Examining data/libvirt-6.9.0/src/libvirt-domain-checkpoint.c Examining data/libvirt-6.9.0/src/libvirt-domain-snapshot.c Examining data/libvirt-6.9.0/src/libvirt-domain.c Examining data/libvirt-6.9.0/src/libvirt-host.c Examining data/libvirt-6.9.0/src/libvirt-interface.c Examining data/libvirt-6.9.0/src/libvirt-lxc.c Examining data/libvirt-6.9.0/src/libvirt-network.c Examining data/libvirt-6.9.0/src/libvirt-nodedev.c Examining data/libvirt-6.9.0/src/libvirt-nwfilter.c Examining data/libvirt-6.9.0/src/libvirt-qemu.c Examining data/libvirt-6.9.0/src/libvirt-secret.c Examining data/libvirt-6.9.0/src/libvirt-storage.c Examining data/libvirt-6.9.0/src/libvirt-stream.c Examining data/libvirt-6.9.0/src/libvirt.c Examining data/libvirt-6.9.0/src/libvirt_internal.h Examining data/libvirt-6.9.0/src/libxl/libxl_capabilities.c Examining data/libvirt-6.9.0/src/libxl/libxl_capabilities.h Examining data/libvirt-6.9.0/src/libxl/libxl_conf.c Examining data/libvirt-6.9.0/src/libxl/libxl_conf.h Examining data/libvirt-6.9.0/src/libxl/libxl_domain.c Examining data/libvirt-6.9.0/src/libxl/libxl_domain.h Examining data/libvirt-6.9.0/src/libxl/libxl_driver.c Examining data/libvirt-6.9.0/src/libxl/libxl_driver.h Examining data/libvirt-6.9.0/src/libxl/libxl_logger.c Examining data/libvirt-6.9.0/src/libxl/libxl_logger.h Examining data/libvirt-6.9.0/src/libxl/libxl_migration.c Examining data/libvirt-6.9.0/src/libxl/libxl_migration.h Examining data/libvirt-6.9.0/src/libxl/xen_common.c Examining data/libvirt-6.9.0/src/libxl/xen_common.h Examining data/libvirt-6.9.0/src/libxl/xen_xl.c Examining data/libvirt-6.9.0/src/libxl/xen_xl.h Examining data/libvirt-6.9.0/src/libxl/xen_xm.c Examining data/libvirt-6.9.0/src/libxl/xen_xm.h Examining data/libvirt-6.9.0/src/libxl/xenxs_private.h Examining data/libvirt-6.9.0/src/locking/domain_lock.c Examining data/libvirt-6.9.0/src/locking/domain_lock.h Examining data/libvirt-6.9.0/src/locking/lock_daemon.c Examining data/libvirt-6.9.0/src/locking/lock_daemon.h Examining data/libvirt-6.9.0/src/locking/lock_daemon_config.c Examining data/libvirt-6.9.0/src/locking/lock_daemon_config.h Examining data/libvirt-6.9.0/src/locking/lock_daemon_dispatch.c Examining data/libvirt-6.9.0/src/locking/lock_daemon_dispatch.h Examining data/libvirt-6.9.0/src/locking/lock_driver.h Examining data/libvirt-6.9.0/src/locking/lock_driver_lockd.c Examining data/libvirt-6.9.0/src/locking/lock_driver_lockd.h Examining data/libvirt-6.9.0/src/locking/lock_driver_nop.c Examining data/libvirt-6.9.0/src/locking/lock_driver_nop.h Examining data/libvirt-6.9.0/src/locking/lock_driver_sanlock.c Examining data/libvirt-6.9.0/src/locking/lock_manager.c Examining data/libvirt-6.9.0/src/locking/lock_manager.h Examining data/libvirt-6.9.0/src/locking/sanlock_helper.c Examining data/libvirt-6.9.0/src/logging/log_daemon.c Examining data/libvirt-6.9.0/src/logging/log_daemon.h Examining data/libvirt-6.9.0/src/logging/log_daemon_config.c Examining data/libvirt-6.9.0/src/logging/log_daemon_config.h Examining data/libvirt-6.9.0/src/logging/log_daemon_dispatch.c Examining data/libvirt-6.9.0/src/logging/log_daemon_dispatch.h Examining data/libvirt-6.9.0/src/logging/log_handler.c Examining data/libvirt-6.9.0/src/logging/log_handler.h Examining data/libvirt-6.9.0/src/logging/log_manager.c Examining data/libvirt-6.9.0/src/logging/log_manager.h Examining data/libvirt-6.9.0/src/lxc/lxc_cgroup.c Examining data/libvirt-6.9.0/src/lxc/lxc_cgroup.h Examining data/libvirt-6.9.0/src/lxc/lxc_conf.c Examining data/libvirt-6.9.0/src/lxc/lxc_conf.h Examining data/libvirt-6.9.0/src/lxc/lxc_container.c Examining data/libvirt-6.9.0/src/lxc/lxc_container.h Examining data/libvirt-6.9.0/src/lxc/lxc_controller.c Examining data/libvirt-6.9.0/src/lxc/lxc_domain.c Examining data/libvirt-6.9.0/src/lxc/lxc_domain.h Examining data/libvirt-6.9.0/src/lxc/lxc_driver.c Examining data/libvirt-6.9.0/src/lxc/lxc_driver.h Examining data/libvirt-6.9.0/src/lxc/lxc_fuse.c Examining data/libvirt-6.9.0/src/lxc/lxc_fuse.h Examining data/libvirt-6.9.0/src/lxc/lxc_hostdev.c Examining data/libvirt-6.9.0/src/lxc/lxc_hostdev.h Examining data/libvirt-6.9.0/src/lxc/lxc_monitor.c Examining data/libvirt-6.9.0/src/lxc/lxc_monitor.h Examining data/libvirt-6.9.0/src/lxc/lxc_native.c Examining data/libvirt-6.9.0/src/lxc/lxc_native.h Examining data/libvirt-6.9.0/src/lxc/lxc_process.c Examining data/libvirt-6.9.0/src/lxc/lxc_process.h Examining data/libvirt-6.9.0/src/network/bridge_driver.c Examining data/libvirt-6.9.0/src/network/bridge_driver.h Examining data/libvirt-6.9.0/src/network/bridge_driver_linux.c Examining data/libvirt-6.9.0/src/network/bridge_driver_nop.c Examining data/libvirt-6.9.0/src/network/bridge_driver_platform.c Examining data/libvirt-6.9.0/src/network/bridge_driver_platform.h Examining data/libvirt-6.9.0/src/network/leaseshelper.c Examining data/libvirt-6.9.0/src/node_device/node_device_driver.c Examining data/libvirt-6.9.0/src/node_device/node_device_driver.h Examining data/libvirt-6.9.0/src/node_device/node_device_udev.c Examining data/libvirt-6.9.0/src/node_device/node_device_udev.h Examining data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.c Examining data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.h Examining data/libvirt-6.9.0/src/nwfilter/nwfilter_driver.c Examining data/libvirt-6.9.0/src/nwfilter/nwfilter_driver.h Examining data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c Examining data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.h Examining data/libvirt-6.9.0/src/nwfilter/nwfilter_gentech_driver.c Examining data/libvirt-6.9.0/src/nwfilter/nwfilter_gentech_driver.h Examining data/libvirt-6.9.0/src/nwfilter/nwfilter_learnipaddr.c Examining data/libvirt-6.9.0/src/nwfilter/nwfilter_learnipaddr.h Examining data/libvirt-6.9.0/src/nwfilter/nwfilter_tech_driver.h Examining data/libvirt-6.9.0/src/openvz/openvz_conf.c Examining data/libvirt-6.9.0/src/openvz/openvz_conf.h Examining data/libvirt-6.9.0/src/openvz/openvz_driver.c Examining data/libvirt-6.9.0/src/openvz/openvz_driver.h Examining data/libvirt-6.9.0/src/openvz/openvz_util.c Examining data/libvirt-6.9.0/src/openvz/openvz_util.h Examining data/libvirt-6.9.0/src/qemu/qemu_agent.c Examining data/libvirt-6.9.0/src/qemu/qemu_agent.h Examining data/libvirt-6.9.0/src/qemu/qemu_alias.c Examining data/libvirt-6.9.0/src/qemu/qemu_alias.h Examining data/libvirt-6.9.0/src/qemu/qemu_backup.c Examining data/libvirt-6.9.0/src/qemu/qemu_backup.h Examining data/libvirt-6.9.0/src/qemu/qemu_block.c Examining data/libvirt-6.9.0/src/qemu/qemu_block.h Examining data/libvirt-6.9.0/src/qemu/qemu_blockjob.c Examining data/libvirt-6.9.0/src/qemu/qemu_blockjob.h Examining data/libvirt-6.9.0/src/qemu/qemu_capabilities.c Examining data/libvirt-6.9.0/src/qemu/qemu_capabilities.h Examining data/libvirt-6.9.0/src/qemu/qemu_capspriv.h Examining data/libvirt-6.9.0/src/qemu/qemu_cgroup.c Examining data/libvirt-6.9.0/src/qemu/qemu_cgroup.h Examining data/libvirt-6.9.0/src/qemu/qemu_checkpoint.c Examining data/libvirt-6.9.0/src/qemu/qemu_checkpoint.h Examining data/libvirt-6.9.0/src/qemu/qemu_command.c Examining data/libvirt-6.9.0/src/qemu/qemu_command.h Examining data/libvirt-6.9.0/src/qemu/qemu_conf.c Examining data/libvirt-6.9.0/src/qemu/qemu_conf.h Examining data/libvirt-6.9.0/src/qemu/qemu_dbus.c Examining data/libvirt-6.9.0/src/qemu/qemu_dbus.h Examining data/libvirt-6.9.0/src/qemu/qemu_domain.c Examining data/libvirt-6.9.0/src/qemu/qemu_domain.h Examining data/libvirt-6.9.0/src/qemu/qemu_domain_address.c Examining data/libvirt-6.9.0/src/qemu/qemu_domain_address.h Examining data/libvirt-6.9.0/src/qemu/qemu_domainjob.c Examining data/libvirt-6.9.0/src/qemu/qemu_domainjob.h Examining data/libvirt-6.9.0/src/qemu/qemu_driver.c Examining data/libvirt-6.9.0/src/qemu/qemu_driver.h Examining data/libvirt-6.9.0/src/qemu/qemu_extdevice.c Examining data/libvirt-6.9.0/src/qemu/qemu_extdevice.h Examining data/libvirt-6.9.0/src/qemu/qemu_firmware.c Examining data/libvirt-6.9.0/src/qemu/qemu_firmware.h Examining data/libvirt-6.9.0/src/qemu/qemu_hostdev.c Examining data/libvirt-6.9.0/src/qemu/qemu_hostdev.h Examining data/libvirt-6.9.0/src/qemu/qemu_hotplug.c Examining data/libvirt-6.9.0/src/qemu/qemu_hotplug.h Examining data/libvirt-6.9.0/src/qemu/qemu_interface.c Examining data/libvirt-6.9.0/src/qemu/qemu_interface.h Examining data/libvirt-6.9.0/src/qemu/qemu_interop_config.c Examining data/libvirt-6.9.0/src/qemu/qemu_interop_config.h Examining data/libvirt-6.9.0/src/qemu/qemu_migration.c Examining data/libvirt-6.9.0/src/qemu/qemu_migration.h Examining data/libvirt-6.9.0/src/qemu/qemu_migration_cookie.c Examining data/libvirt-6.9.0/src/qemu/qemu_migration_cookie.h Examining data/libvirt-6.9.0/src/qemu/qemu_migration_params.c Examining data/libvirt-6.9.0/src/qemu/qemu_migration_params.h Examining data/libvirt-6.9.0/src/qemu/qemu_migration_paramspriv.h Examining data/libvirt-6.9.0/src/qemu/qemu_monitor.c Examining data/libvirt-6.9.0/src/qemu/qemu_monitor.h Examining data/libvirt-6.9.0/src/qemu/qemu_monitor_json.c Examining data/libvirt-6.9.0/src/qemu/qemu_monitor_json.h Examining data/libvirt-6.9.0/src/qemu/qemu_monitor_priv.h Examining data/libvirt-6.9.0/src/qemu/qemu_monitor_text.c Examining data/libvirt-6.9.0/src/qemu/qemu_monitor_text.h Examining data/libvirt-6.9.0/src/qemu/qemu_namespace.c Examining data/libvirt-6.9.0/src/qemu/qemu_namespace.h Examining data/libvirt-6.9.0/src/qemu/qemu_process.c Examining data/libvirt-6.9.0/src/qemu/qemu_process.h Examining data/libvirt-6.9.0/src/qemu/qemu_processpriv.h Examining data/libvirt-6.9.0/src/qemu/qemu_qapi.c Examining data/libvirt-6.9.0/src/qemu/qemu_qapi.h Examining data/libvirt-6.9.0/src/qemu/qemu_saveimage.c Examining data/libvirt-6.9.0/src/qemu/qemu_saveimage.h Examining data/libvirt-6.9.0/src/qemu/qemu_security.c Examining data/libvirt-6.9.0/src/qemu/qemu_security.h Examining data/libvirt-6.9.0/src/qemu/qemu_shim.c Examining data/libvirt-6.9.0/src/qemu/qemu_slirp.c Examining data/libvirt-6.9.0/src/qemu/qemu_slirp.h Examining data/libvirt-6.9.0/src/qemu/qemu_snapshot.c Examining data/libvirt-6.9.0/src/qemu/qemu_snapshot.h Examining data/libvirt-6.9.0/src/qemu/qemu_tpm.c Examining data/libvirt-6.9.0/src/qemu/qemu_tpm.h Examining data/libvirt-6.9.0/src/qemu/qemu_validate.c Examining data/libvirt-6.9.0/src/qemu/qemu_validate.h Examining data/libvirt-6.9.0/src/qemu/qemu_vhost_user.c Examining data/libvirt-6.9.0/src/qemu/qemu_vhost_user.h Examining data/libvirt-6.9.0/src/qemu/qemu_vhost_user_gpu.c Examining data/libvirt-6.9.0/src/qemu/qemu_vhost_user_gpu.h Examining data/libvirt-6.9.0/src/qemu/qemu_virtiofs.c Examining data/libvirt-6.9.0/src/qemu/qemu_virtiofs.h Examining data/libvirt-6.9.0/src/remote/remote_daemon.c Examining data/libvirt-6.9.0/src/remote/remote_daemon.h Examining data/libvirt-6.9.0/src/remote/remote_daemon_config.c Examining data/libvirt-6.9.0/src/remote/remote_daemon_config.h Examining data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c Examining data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.h Examining data/libvirt-6.9.0/src/remote/remote_daemon_stream.c Examining data/libvirt-6.9.0/src/remote/remote_daemon_stream.h Examining data/libvirt-6.9.0/src/remote/remote_driver.c Examining data/libvirt-6.9.0/src/remote/remote_driver.h Examining data/libvirt-6.9.0/src/remote/remote_sockets.c Examining data/libvirt-6.9.0/src/remote/remote_sockets.h Examining data/libvirt-6.9.0/src/remote/remote_ssh_helper.c Examining data/libvirt-6.9.0/src/rpc/virkeepalive.c Examining data/libvirt-6.9.0/src/rpc/virkeepalive.h Examining data/libvirt-6.9.0/src/rpc/virnetclient.c Examining data/libvirt-6.9.0/src/rpc/virnetclient.h Examining data/libvirt-6.9.0/src/rpc/virnetclientprogram.c Examining data/libvirt-6.9.0/src/rpc/virnetclientprogram.h Examining data/libvirt-6.9.0/src/rpc/virnetclientstream.c Examining data/libvirt-6.9.0/src/rpc/virnetclientstream.h Examining data/libvirt-6.9.0/src/rpc/virnetdaemon.c Examining data/libvirt-6.9.0/src/rpc/virnetdaemon.h Examining data/libvirt-6.9.0/src/rpc/virnetlibsshsession.c Examining data/libvirt-6.9.0/src/rpc/virnetlibsshsession.h Examining data/libvirt-6.9.0/src/rpc/virnetmessage.c Examining data/libvirt-6.9.0/src/rpc/virnetmessage.h Examining data/libvirt-6.9.0/src/rpc/virnetsaslcontext.c Examining data/libvirt-6.9.0/src/rpc/virnetsaslcontext.h Examining data/libvirt-6.9.0/src/rpc/virnetserver.c Examining data/libvirt-6.9.0/src/rpc/virnetserver.h Examining data/libvirt-6.9.0/src/rpc/virnetserverclient.c Examining data/libvirt-6.9.0/src/rpc/virnetserverclient.h Examining data/libvirt-6.9.0/src/rpc/virnetserverprogram.c Examining data/libvirt-6.9.0/src/rpc/virnetserverprogram.h Examining data/libvirt-6.9.0/src/rpc/virnetserverservice.c Examining data/libvirt-6.9.0/src/rpc/virnetserverservice.h Examining data/libvirt-6.9.0/src/rpc/virnetsocket.h Examining data/libvirt-6.9.0/src/rpc/virnetsshsession.c Examining data/libvirt-6.9.0/src/rpc/virnetsshsession.h Examining data/libvirt-6.9.0/src/rpc/virnettlscontext.c Examining data/libvirt-6.9.0/src/rpc/virnettlscontext.h Examining data/libvirt-6.9.0/src/rpc/virnetsocket.c Examining data/libvirt-6.9.0/src/secret/secret_driver.c Examining data/libvirt-6.9.0/src/secret/secret_driver.h Examining data/libvirt-6.9.0/src/security/security_apparmor.c Examining data/libvirt-6.9.0/src/security/security_apparmor.h Examining data/libvirt-6.9.0/src/security/security_dac.c Examining data/libvirt-6.9.0/src/security/security_dac.h Examining data/libvirt-6.9.0/src/security/security_driver.c Examining data/libvirt-6.9.0/src/security/security_driver.h Examining data/libvirt-6.9.0/src/security/security_manager.c Examining data/libvirt-6.9.0/src/security/security_manager.h Examining data/libvirt-6.9.0/src/security/security_nop.c Examining data/libvirt-6.9.0/src/security/security_nop.h Examining data/libvirt-6.9.0/src/security/security_selinux.c Examining data/libvirt-6.9.0/src/security/security_selinux.h Examining data/libvirt-6.9.0/src/security/security_stack.c Examining data/libvirt-6.9.0/src/security/security_stack.h Examining data/libvirt-6.9.0/src/security/security_util.c Examining data/libvirt-6.9.0/src/security/security_util.h Examining data/libvirt-6.9.0/src/security/virt-aa-helper.c Examining data/libvirt-6.9.0/src/storage/parthelper.c Examining data/libvirt-6.9.0/src/storage/storage_backend.c Examining data/libvirt-6.9.0/src/storage/storage_backend.h Examining data/libvirt-6.9.0/src/storage/storage_backend_disk.c Examining data/libvirt-6.9.0/src/storage/storage_backend_disk.h Examining data/libvirt-6.9.0/src/storage/storage_backend_fs.c Examining data/libvirt-6.9.0/src/storage/storage_backend_fs.h Examining data/libvirt-6.9.0/src/storage/storage_backend_gluster.c Examining data/libvirt-6.9.0/src/storage/storage_backend_gluster.h Examining data/libvirt-6.9.0/src/storage/storage_backend_iscsi.c Examining data/libvirt-6.9.0/src/storage/storage_backend_iscsi.h Examining data/libvirt-6.9.0/src/storage/storage_backend_iscsi_direct.c Examining data/libvirt-6.9.0/src/storage/storage_backend_iscsi_direct.h Examining data/libvirt-6.9.0/src/storage/storage_backend_logical.c Examining data/libvirt-6.9.0/src/storage/storage_backend_logical.h Examining data/libvirt-6.9.0/src/storage/storage_backend_mpath.c Examining data/libvirt-6.9.0/src/storage/storage_backend_mpath.h Examining data/libvirt-6.9.0/src/storage/storage_backend_rbd.c Examining data/libvirt-6.9.0/src/storage/storage_backend_rbd.h Examining data/libvirt-6.9.0/src/storage/storage_backend_scsi.c Examining data/libvirt-6.9.0/src/storage/storage_backend_scsi.h Examining data/libvirt-6.9.0/src/storage/storage_backend_sheepdog.c Examining data/libvirt-6.9.0/src/storage/storage_backend_sheepdog.h Examining data/libvirt-6.9.0/src/storage/storage_backend_sheepdog_priv.h Examining data/libvirt-6.9.0/src/storage/storage_backend_vstorage.c Examining data/libvirt-6.9.0/src/storage/storage_backend_vstorage.h Examining data/libvirt-6.9.0/src/storage/storage_backend_zfs.c Examining data/libvirt-6.9.0/src/storage/storage_backend_zfs.h Examining data/libvirt-6.9.0/src/storage/storage_driver.c Examining data/libvirt-6.9.0/src/storage/storage_driver.h Examining data/libvirt-6.9.0/src/storage/storage_file_fs.c Examining data/libvirt-6.9.0/src/storage/storage_file_fs.h Examining data/libvirt-6.9.0/src/storage/storage_file_gluster.c Examining data/libvirt-6.9.0/src/storage/storage_file_gluster.h Examining data/libvirt-6.9.0/src/storage/storage_util.c Examining data/libvirt-6.9.0/src/storage/storage_util.h Examining data/libvirt-6.9.0/src/test/test_driver.c Examining data/libvirt-6.9.0/src/test/test_driver.h Examining data/libvirt-6.9.0/src/util/glibcompat.c Examining data/libvirt-6.9.0/src/util/glibcompat.h Examining data/libvirt-6.9.0/src/util/iohelper.c Examining data/libvirt-6.9.0/src/util/viralloc.c Examining data/libvirt-6.9.0/src/util/viralloc.h Examining data/libvirt-6.9.0/src/util/virarch.c Examining data/libvirt-6.9.0/src/util/virarch.h Examining data/libvirt-6.9.0/src/util/virarptable.c Examining data/libvirt-6.9.0/src/util/virarptable.h Examining data/libvirt-6.9.0/src/util/viraudit.c Examining data/libvirt-6.9.0/src/util/viraudit.h Examining data/libvirt-6.9.0/src/util/virauth.c Examining data/libvirt-6.9.0/src/util/virauth.h Examining data/libvirt-6.9.0/src/util/virauthconfig.c Examining data/libvirt-6.9.0/src/util/virauthconfig.h Examining data/libvirt-6.9.0/src/util/virbitmap.c Examining data/libvirt-6.9.0/src/util/virbitmap.h Examining data/libvirt-6.9.0/src/util/virbpf.c Examining data/libvirt-6.9.0/src/util/virbpf.h Examining data/libvirt-6.9.0/src/util/virbuffer.c Examining data/libvirt-6.9.0/src/util/virbuffer.h Examining data/libvirt-6.9.0/src/util/vircgroup.c Examining data/libvirt-6.9.0/src/util/vircgroup.h Examining data/libvirt-6.9.0/src/util/vircgroupbackend.c Examining data/libvirt-6.9.0/src/util/vircgroupbackend.h Examining data/libvirt-6.9.0/src/util/vircgrouppriv.h Examining data/libvirt-6.9.0/src/util/vircgroupv1.c Examining data/libvirt-6.9.0/src/util/vircgroupv1.h Examining data/libvirt-6.9.0/src/util/vircgroupv2.c Examining data/libvirt-6.9.0/src/util/vircgroupv2.h Examining data/libvirt-6.9.0/src/util/vircgroupv2devices.c Examining data/libvirt-6.9.0/src/util/vircgroupv2devices.h Examining data/libvirt-6.9.0/src/util/vircommand.c Examining data/libvirt-6.9.0/src/util/vircommand.h Examining data/libvirt-6.9.0/src/util/vircommandpriv.h Examining data/libvirt-6.9.0/src/util/virconf.c Examining data/libvirt-6.9.0/src/util/virconf.h Examining data/libvirt-6.9.0/src/util/vircrypto.c Examining data/libvirt-6.9.0/src/util/vircrypto.h Examining data/libvirt-6.9.0/src/util/virdaemon.c Examining data/libvirt-6.9.0/src/util/virdaemon.h Examining data/libvirt-6.9.0/src/util/virdevmapper.c Examining data/libvirt-6.9.0/src/util/virdevmapper.h Examining data/libvirt-6.9.0/src/util/virdnsmasq.c Examining data/libvirt-6.9.0/src/util/virdnsmasq.h Examining data/libvirt-6.9.0/src/util/virebtables.c Examining data/libvirt-6.9.0/src/util/virebtables.h Examining data/libvirt-6.9.0/src/util/virendian.h Examining data/libvirt-6.9.0/src/util/virenum.c Examining data/libvirt-6.9.0/src/util/virenum.h Examining data/libvirt-6.9.0/src/util/virerror.c Examining data/libvirt-6.9.0/src/util/virerror.h Examining data/libvirt-6.9.0/src/util/virerrorpriv.h Examining data/libvirt-6.9.0/src/util/virevent.c Examining data/libvirt-6.9.0/src/util/virevent.h Examining data/libvirt-6.9.0/src/util/vireventglib.c Examining data/libvirt-6.9.0/src/util/vireventglib.h Examining data/libvirt-6.9.0/src/util/vireventglibwatch.c Examining data/libvirt-6.9.0/src/util/vireventglibwatch.h Examining data/libvirt-6.9.0/src/util/vireventthread.c Examining data/libvirt-6.9.0/src/util/vireventthread.h Examining data/libvirt-6.9.0/src/util/virfcp.c Examining data/libvirt-6.9.0/src/util/virfcp.h Examining data/libvirt-6.9.0/src/util/virfdstream.c Examining data/libvirt-6.9.0/src/util/virfdstream.h Examining data/libvirt-6.9.0/src/util/virfile.c Examining data/libvirt-6.9.0/src/util/virfile.h Examining data/libvirt-6.9.0/src/util/virfilecache.c Examining data/libvirt-6.9.0/src/util/virfilecache.h Examining data/libvirt-6.9.0/src/util/virfirewall.c Examining data/libvirt-6.9.0/src/util/virfirewall.h Examining data/libvirt-6.9.0/src/util/virfirewalld.c Examining data/libvirt-6.9.0/src/util/virfirewalld.h Examining data/libvirt-6.9.0/src/util/virfirewalldpriv.h Examining data/libvirt-6.9.0/src/util/virfirewallpriv.h Examining data/libvirt-6.9.0/src/util/virfirmware.c Examining data/libvirt-6.9.0/src/util/virfirmware.h Examining data/libvirt-6.9.0/src/util/virgdbus.c Examining data/libvirt-6.9.0/src/util/virgdbus.h Examining data/libvirt-6.9.0/src/util/virgettext.c Examining data/libvirt-6.9.0/src/util/virgettext.h Examining data/libvirt-6.9.0/src/util/virgic.c Examining data/libvirt-6.9.0/src/util/virgic.h Examining data/libvirt-6.9.0/src/util/virhash.c Examining data/libvirt-6.9.0/src/util/virhash.h Examining data/libvirt-6.9.0/src/util/virhashcode.c Examining data/libvirt-6.9.0/src/util/virhashcode.h Examining data/libvirt-6.9.0/src/util/virhook.c Examining data/libvirt-6.9.0/src/util/virhook.h Examining data/libvirt-6.9.0/src/util/virhostcpu.c Examining data/libvirt-6.9.0/src/util/virhostcpu.h Examining data/libvirt-6.9.0/src/util/virhostcpupriv.h Examining data/libvirt-6.9.0/src/util/virhostmem.c Examining data/libvirt-6.9.0/src/util/virhostmem.h Examining data/libvirt-6.9.0/src/util/virhostuptime.c Examining data/libvirt-6.9.0/src/util/virhostuptime.h Examining data/libvirt-6.9.0/src/util/viridentity.c Examining data/libvirt-6.9.0/src/util/viridentity.h Examining data/libvirt-6.9.0/src/util/virinitctl.c Examining data/libvirt-6.9.0/src/util/virinitctl.h Examining data/libvirt-6.9.0/src/util/viriptables.c Examining data/libvirt-6.9.0/src/util/viriptables.h Examining data/libvirt-6.9.0/src/util/viriscsi.c Examining data/libvirt-6.9.0/src/util/viriscsi.h Examining data/libvirt-6.9.0/src/util/virjson.c Examining data/libvirt-6.9.0/src/util/virjson.h Examining data/libvirt-6.9.0/src/util/virkeycode.c Examining data/libvirt-6.9.0/src/util/virkeycode.h Examining data/libvirt-6.9.0/src/util/virkmod.c Examining data/libvirt-6.9.0/src/util/virkmod.h Examining data/libvirt-6.9.0/src/util/virlease.c Examining data/libvirt-6.9.0/src/util/virlease.h Examining data/libvirt-6.9.0/src/util/virlockspace.c Examining data/libvirt-6.9.0/src/util/virlockspace.h Examining data/libvirt-6.9.0/src/util/virlog.c Examining data/libvirt-6.9.0/src/util/virlog.h Examining data/libvirt-6.9.0/src/util/virmacaddr.c Examining data/libvirt-6.9.0/src/util/virmacaddr.h Examining data/libvirt-6.9.0/src/util/virmacmap.c Examining data/libvirt-6.9.0/src/util/virmacmap.h Examining data/libvirt-6.9.0/src/util/virmdev.c Examining data/libvirt-6.9.0/src/util/virmdev.h Examining data/libvirt-6.9.0/src/util/virmodule.c Examining data/libvirt-6.9.0/src/util/virmodule.h Examining data/libvirt-6.9.0/src/util/virnetdev.c Examining data/libvirt-6.9.0/src/util/virnetdev.h Examining data/libvirt-6.9.0/src/util/virnetdevbandwidth.c Examining data/libvirt-6.9.0/src/util/virnetdevbandwidth.h Examining data/libvirt-6.9.0/src/util/virnetdevbridge.c Examining data/libvirt-6.9.0/src/util/virnetdevbridge.h Examining data/libvirt-6.9.0/src/util/virnetdevip.c Examining data/libvirt-6.9.0/src/util/virnetdevip.h Examining data/libvirt-6.9.0/src/util/virnetdevmacvlan.c Examining data/libvirt-6.9.0/src/util/virnetdevmacvlan.h Examining data/libvirt-6.9.0/src/util/virnetdevmidonet.c Examining data/libvirt-6.9.0/src/util/virnetdevmidonet.h Examining data/libvirt-6.9.0/src/util/virnetdevopenvswitch.c Examining data/libvirt-6.9.0/src/util/virnetdevopenvswitch.h Examining data/libvirt-6.9.0/src/util/virnetdevtap.c Examining data/libvirt-6.9.0/src/util/virnetdevtap.h Examining data/libvirt-6.9.0/src/util/virnetdevveth.c Examining data/libvirt-6.9.0/src/util/virnetdevveth.h Examining data/libvirt-6.9.0/src/util/virnetdevvlan.c Examining data/libvirt-6.9.0/src/util/virnetdevvlan.h Examining data/libvirt-6.9.0/src/util/virnetdevvportprofile.c Examining data/libvirt-6.9.0/src/util/virnetdevvportprofile.h Examining data/libvirt-6.9.0/src/util/virnetlink.c Examining data/libvirt-6.9.0/src/util/virnetlink.h Examining data/libvirt-6.9.0/src/util/virnodesuspend.c Examining data/libvirt-6.9.0/src/util/virnodesuspend.h Examining data/libvirt-6.9.0/src/util/virnuma.c Examining data/libvirt-6.9.0/src/util/virnuma.h Examining data/libvirt-6.9.0/src/util/virnvme.c Examining data/libvirt-6.9.0/src/util/virnvme.h Examining data/libvirt-6.9.0/src/util/virobject.c Examining data/libvirt-6.9.0/src/util/virobject.h Examining data/libvirt-6.9.0/src/util/virpci.c Examining data/libvirt-6.9.0/src/util/virpci.h Examining data/libvirt-6.9.0/src/util/virperf.c Examining data/libvirt-6.9.0/src/util/virperf.h Examining data/libvirt-6.9.0/src/util/virpidfile.c Examining data/libvirt-6.9.0/src/util/virpidfile.h Examining data/libvirt-6.9.0/src/util/virpolkit.c Examining data/libvirt-6.9.0/src/util/virpolkit.h Examining data/libvirt-6.9.0/src/util/virportallocator.c Examining data/libvirt-6.9.0/src/util/virportallocator.h Examining data/libvirt-6.9.0/src/util/virprobe.h Examining data/libvirt-6.9.0/src/util/virprocess.c Examining data/libvirt-6.9.0/src/util/virprocess.h Examining data/libvirt-6.9.0/src/util/virqemu.c Examining data/libvirt-6.9.0/src/util/virqemu.h Examining data/libvirt-6.9.0/src/util/virrandom.c Examining data/libvirt-6.9.0/src/util/virrandom.h Examining data/libvirt-6.9.0/src/util/virresctrl.c Examining data/libvirt-6.9.0/src/util/virresctrl.h Examining data/libvirt-6.9.0/src/util/virresctrlpriv.h Examining data/libvirt-6.9.0/src/util/virrotatingfile.c Examining data/libvirt-6.9.0/src/util/virrotatingfile.h Examining data/libvirt-6.9.0/src/util/virscsi.c Examining data/libvirt-6.9.0/src/util/virscsi.h Examining data/libvirt-6.9.0/src/util/virscsihost.c Examining data/libvirt-6.9.0/src/util/virscsihost.h Examining data/libvirt-6.9.0/src/util/virscsivhost.c Examining data/libvirt-6.9.0/src/util/virscsivhost.h Examining data/libvirt-6.9.0/src/util/virseclabel.c Examining data/libvirt-6.9.0/src/util/virseclabel.h Examining data/libvirt-6.9.0/src/util/virsecret.c Examining data/libvirt-6.9.0/src/util/virsecret.h Examining data/libvirt-6.9.0/src/util/virsocket.c Examining data/libvirt-6.9.0/src/util/virsocket.h Examining data/libvirt-6.9.0/src/util/virsocketaddr.c Examining data/libvirt-6.9.0/src/util/virsocketaddr.h Examining data/libvirt-6.9.0/src/util/virstorageencryption.c Examining data/libvirt-6.9.0/src/util/virstorageencryption.h Examining data/libvirt-6.9.0/src/util/virstoragefile.c Examining data/libvirt-6.9.0/src/util/virstoragefile.h Examining data/libvirt-6.9.0/src/util/virstoragefilebackend.c Examining data/libvirt-6.9.0/src/util/virstoragefilebackend.h Examining data/libvirt-6.9.0/src/util/virstring.c Examining data/libvirt-6.9.0/src/util/virstring.h Examining data/libvirt-6.9.0/src/util/virsysinfo.c Examining data/libvirt-6.9.0/src/util/virsysinfo.h Examining data/libvirt-6.9.0/src/util/virsysinfopriv.h Examining data/libvirt-6.9.0/src/util/virsystemd.c Examining data/libvirt-6.9.0/src/util/virsystemd.h Examining data/libvirt-6.9.0/src/util/virsystemdpriv.h Examining data/libvirt-6.9.0/src/util/virthread.c Examining data/libvirt-6.9.0/src/util/virthread.h Examining data/libvirt-6.9.0/src/util/virthreadjob.c Examining data/libvirt-6.9.0/src/util/virthreadjob.h Examining data/libvirt-6.9.0/src/util/virthreadpool.c Examining data/libvirt-6.9.0/src/util/virthreadpool.h Examining data/libvirt-6.9.0/src/util/virtime.c Examining data/libvirt-6.9.0/src/util/virtime.h Examining data/libvirt-6.9.0/src/util/virtpm.c Examining data/libvirt-6.9.0/src/util/virtpm.h Examining data/libvirt-6.9.0/src/util/virtypedparam-public.c Examining data/libvirt-6.9.0/src/util/virtypedparam.c Examining data/libvirt-6.9.0/src/util/virtypedparam.h Examining data/libvirt-6.9.0/src/util/viruri.c Examining data/libvirt-6.9.0/src/util/viruri.h Examining data/libvirt-6.9.0/src/util/virusb.c Examining data/libvirt-6.9.0/src/util/virusb.h Examining data/libvirt-6.9.0/src/util/virutil.h Examining data/libvirt-6.9.0/src/util/viruuid.c Examining data/libvirt-6.9.0/src/util/viruuid.h Examining data/libvirt-6.9.0/src/util/virvhba.c Examining data/libvirt-6.9.0/src/util/virvhba.h Examining data/libvirt-6.9.0/src/util/virvsock.c Examining data/libvirt-6.9.0/src/util/virvsock.h Examining data/libvirt-6.9.0/src/util/virxdrdefs.h Examining data/libvirt-6.9.0/src/util/virxml.c Examining data/libvirt-6.9.0/src/util/virxml.h Examining data/libvirt-6.9.0/src/util/virutil.c Examining data/libvirt-6.9.0/src/vbox/vbox_CAPI_v5_2.h Examining data/libvirt-6.9.0/src/vbox/vbox_CAPI_v6_0.h Examining data/libvirt-6.9.0/src/vbox/vbox_CAPI_v6_1.h Examining data/libvirt-6.9.0/src/vbox/vbox_V5_2.c Examining data/libvirt-6.9.0/src/vbox/vbox_V6_0.c Examining data/libvirt-6.9.0/src/vbox/vbox_V6_1.c Examining data/libvirt-6.9.0/src/vbox/vbox_XPCOMCGlue.c Examining data/libvirt-6.9.0/src/vbox/vbox_XPCOMCGlue.h Examining data/libvirt-6.9.0/src/vbox/vbox_common.c Examining data/libvirt-6.9.0/src/vbox/vbox_common.h Examining data/libvirt-6.9.0/src/vbox/vbox_driver.c Examining data/libvirt-6.9.0/src/vbox/vbox_driver.h Examining data/libvirt-6.9.0/src/vbox/vbox_get_driver.h Examining data/libvirt-6.9.0/src/vbox/vbox_network.c Examining data/libvirt-6.9.0/src/vbox/vbox_snapshot_conf.c Examining data/libvirt-6.9.0/src/vbox/vbox_snapshot_conf.h Examining data/libvirt-6.9.0/src/vbox/vbox_storage.c Examining data/libvirt-6.9.0/src/vbox/vbox_tmpl.c Examining data/libvirt-6.9.0/src/vbox/vbox_uniformed_api.h Examining data/libvirt-6.9.0/src/vmware/vmware_conf.c Examining data/libvirt-6.9.0/src/vmware/vmware_conf.h Examining data/libvirt-6.9.0/src/vmware/vmware_driver.c Examining data/libvirt-6.9.0/src/vmware/vmware_driver.h Examining data/libvirt-6.9.0/src/vmx/vmx.c Examining data/libvirt-6.9.0/src/vmx/vmx.h Examining data/libvirt-6.9.0/src/vz/vz_driver.c Examining data/libvirt-6.9.0/src/vz/vz_driver.h Examining data/libvirt-6.9.0/src/vz/vz_sdk.c Examining data/libvirt-6.9.0/src/vz/vz_sdk.h Examining data/libvirt-6.9.0/src/vz/vz_utils.c Examining data/libvirt-6.9.0/src/vz/vz_utils.h Examining data/libvirt-6.9.0/tests/bhyveargv2xmlmock.c Examining data/libvirt-6.9.0/tests/bhyveargv2xmltest.c Examining data/libvirt-6.9.0/tests/bhyvexml2argvmock.c Examining data/libvirt-6.9.0/tests/bhyvexml2argvtest.c Examining data/libvirt-6.9.0/tests/bhyvexml2xmltest.c Examining data/libvirt-6.9.0/tests/commandhelper.c Examining data/libvirt-6.9.0/tests/commandtest.c Examining data/libvirt-6.9.0/tests/cputest.c Examining data/libvirt-6.9.0/tests/domaincapsmock.c Examining data/libvirt-6.9.0/tests/domaincapstest.c Examining data/libvirt-6.9.0/tests/domainconftest.c Examining data/libvirt-6.9.0/tests/esxutilstest.c Examining data/libvirt-6.9.0/tests/eventtest.c Examining data/libvirt-6.9.0/tests/fchosttest.c Examining data/libvirt-6.9.0/tests/fdstreamtest.c Examining data/libvirt-6.9.0/tests/genericxml2xmltest.c Examining data/libvirt-6.9.0/tests/interfacexml2xmltest.c Examining data/libvirt-6.9.0/tests/libxlmock.c Examining data/libvirt-6.9.0/tests/libxlxml2domconfigtest.c Examining data/libvirt-6.9.0/tests/lxcconf2xmltest.c Examining data/libvirt-6.9.0/tests/lxcxml2xmltest.c Examining data/libvirt-6.9.0/tests/metadatatest.c Examining data/libvirt-6.9.0/tests/networkxml2conftest.c Examining data/libvirt-6.9.0/tests/networkxml2firewalltest.c Examining data/libvirt-6.9.0/tests/networkxml2xmltest.c Examining data/libvirt-6.9.0/tests/networkxml2xmlupdatetest.c Examining data/libvirt-6.9.0/tests/nodedevmdevctltest.c Examining data/libvirt-6.9.0/tests/nodedevxml2xmltest.c Examining data/libvirt-6.9.0/tests/nsslinktest.c Examining data/libvirt-6.9.0/tests/nssmock.c Examining data/libvirt-6.9.0/tests/nsstest.c Examining data/libvirt-6.9.0/tests/nwfilterebiptablestest.c Examining data/libvirt-6.9.0/tests/nwfilterxml2firewalltest.c Examining data/libvirt-6.9.0/tests/nwfilterxml2xmltest.c Examining data/libvirt-6.9.0/tests/objecteventtest.c Examining data/libvirt-6.9.0/tests/openvzutilstest.c Examining data/libvirt-6.9.0/tests/pkix_asn1_tab.c Examining data/libvirt-6.9.0/tests/qemuagenttest.c Examining data/libvirt-6.9.0/tests/qemublocktest.c Examining data/libvirt-6.9.0/tests/qemucapabilitiestest.c Examining data/libvirt-6.9.0/tests/qemucaps2xmlmock.c Examining data/libvirt-6.9.0/tests/qemucaps2xmltest.c Examining data/libvirt-6.9.0/tests/qemucapsprobe.c Examining data/libvirt-6.9.0/tests/qemucapsprobemock.c Examining data/libvirt-6.9.0/tests/qemucommandutiltest.c Examining data/libvirt-6.9.0/tests/qemucpumock.c Examining data/libvirt-6.9.0/tests/qemudomaincheckpointxml2xmltest.c Examining data/libvirt-6.9.0/tests/qemudomainsnapshotxml2xmltest.c Examining data/libvirt-6.9.0/tests/qemufirmwaretest.c Examining data/libvirt-6.9.0/tests/qemuhotplugmock.c Examining data/libvirt-6.9.0/tests/qemuhotplugtest.c Examining data/libvirt-6.9.0/tests/qemumemlocktest.c Examining data/libvirt-6.9.0/tests/qemumigparamstest.c Examining data/libvirt-6.9.0/tests/qemumonitorjsontest.c Examining data/libvirt-6.9.0/tests/qemumonitortestutils.c Examining data/libvirt-6.9.0/tests/qemumonitortestutils.h Examining data/libvirt-6.9.0/tests/qemusecuritymock.c Examining data/libvirt-6.9.0/tests/qemusecuritytest.c Examining data/libvirt-6.9.0/tests/qemusecuritytest.h Examining data/libvirt-6.9.0/tests/qemuvhostusertest.c Examining data/libvirt-6.9.0/tests/qemuxml2argvmock.c Examining data/libvirt-6.9.0/tests/qemuxml2argvtest.c Examining data/libvirt-6.9.0/tests/qemuxml2xmltest.c Examining data/libvirt-6.9.0/tests/scsihosttest.c Examining data/libvirt-6.9.0/tests/seclabeltest.c Examining data/libvirt-6.9.0/tests/secretxml2xmltest.c Examining data/libvirt-6.9.0/tests/securityselinuxhelper.c Examining data/libvirt-6.9.0/tests/securityselinuxlabeltest.c Examining data/libvirt-6.9.0/tests/securityselinuxtest.c Examining data/libvirt-6.9.0/tests/shunloadhelper.c Examining data/libvirt-6.9.0/tests/shunloadtest.c Examining data/libvirt-6.9.0/tests/sockettest.c Examining data/libvirt-6.9.0/tests/ssh.c Examining data/libvirt-6.9.0/tests/storagebackendsheepdogtest.c Examining data/libvirt-6.9.0/tests/storagepoolcapstest.c Examining data/libvirt-6.9.0/tests/storagepoolxml2argvtest.c Examining data/libvirt-6.9.0/tests/storagepoolxml2xmltest.c Examining data/libvirt-6.9.0/tests/storagevolxml2argvtest.c Examining data/libvirt-6.9.0/tests/storagevolxml2xmltest.c Examining data/libvirt-6.9.0/tests/sysinfotest.c Examining data/libvirt-6.9.0/tests/testutils.c Examining data/libvirt-6.9.0/tests/testutils.h Examining data/libvirt-6.9.0/tests/testutilshostcpus.h Examining data/libvirt-6.9.0/tests/testutilslxc.c Examining data/libvirt-6.9.0/tests/testutilslxc.h Examining data/libvirt-6.9.0/tests/testutilsqemu.c Examining data/libvirt-6.9.0/tests/testutilsqemu.h Examining data/libvirt-6.9.0/tests/testutilsqemuschema.c Examining data/libvirt-6.9.0/tests/testutilsqemuschema.h Examining data/libvirt-6.9.0/tests/testutilsxen.c Examining data/libvirt-6.9.0/tests/testutilsxen.h Examining data/libvirt-6.9.0/tests/utiltest.c Examining data/libvirt-6.9.0/tests/vboxsnapshotxmltest.c Examining data/libvirt-6.9.0/tests/viralloctest.c Examining data/libvirt-6.9.0/tests/virauthconfigtest.c Examining data/libvirt-6.9.0/tests/virbitmaptest.c Examining data/libvirt-6.9.0/tests/virbuftest.c Examining data/libvirt-6.9.0/tests/vircaps2xmltest.c Examining data/libvirt-6.9.0/tests/vircapstest.c Examining data/libvirt-6.9.0/tests/vircgroupmock.c Examining data/libvirt-6.9.0/tests/virconftest.c Examining data/libvirt-6.9.0/tests/vircryptotest.c Examining data/libvirt-6.9.0/tests/virdeterministichashmock.c Examining data/libvirt-6.9.0/tests/virdriverconnvalidatetest.c Examining data/libvirt-6.9.0/tests/virdrivermoduletest.c Examining data/libvirt-6.9.0/tests/virendiantest.c Examining data/libvirt-6.9.0/tests/virerrortest.c Examining data/libvirt-6.9.0/tests/virfilecachemock.c Examining data/libvirt-6.9.0/tests/virfilecachetest.c Examining data/libvirt-6.9.0/tests/virfilemock.c Examining data/libvirt-6.9.0/tests/virfiletest.c Examining data/libvirt-6.9.0/tests/virfilewrapper.c Examining data/libvirt-6.9.0/tests/virfilewrapper.h Examining data/libvirt-6.9.0/tests/virfirewalltest.c Examining data/libvirt-6.9.0/tests/virgdbusmock.c Examining data/libvirt-6.9.0/tests/virhashdata.h Examining data/libvirt-6.9.0/tests/virhashtest.c Examining data/libvirt-6.9.0/tests/virhostcpumock.c Examining data/libvirt-6.9.0/tests/virhostcputest.c Examining data/libvirt-6.9.0/tests/virhostdevmock.c Examining data/libvirt-6.9.0/tests/virhostdevtest.c Examining data/libvirt-6.9.0/tests/viridentitytest.c Examining data/libvirt-6.9.0/tests/viriscsitest.c Examining data/libvirt-6.9.0/tests/virjsontest.c Examining data/libvirt-6.9.0/tests/virkeycodetest.c Examining data/libvirt-6.9.0/tests/virkmodtest.c Examining data/libvirt-6.9.0/tests/virlockspacetest.c Examining data/libvirt-6.9.0/tests/virlogtest.c Examining data/libvirt-6.9.0/tests/virmacmaptest.c Examining data/libvirt-6.9.0/tests/virmigtest.c Examining data/libvirt-6.9.0/tests/virmock.h Examining data/libvirt-6.9.0/tests/virmockstathelpers.c Examining data/libvirt-6.9.0/tests/virnetdaemonmock.c Examining data/libvirt-6.9.0/tests/virnetdaemontest.c Examining data/libvirt-6.9.0/tests/virnetdevbandwidthmock.c Examining data/libvirt-6.9.0/tests/virnetdevbandwidthtest.c Examining data/libvirt-6.9.0/tests/virnetdevmock.c Examining data/libvirt-6.9.0/tests/virnetdevopenvswitchtest.c Examining data/libvirt-6.9.0/tests/virnetdevtest.c Examining data/libvirt-6.9.0/tests/virnetmessagetest.c Examining data/libvirt-6.9.0/tests/virnetserverclientmock.c Examining data/libvirt-6.9.0/tests/virnetserverclienttest.c Examining data/libvirt-6.9.0/tests/virnetsockettest.c Examining data/libvirt-6.9.0/tests/virnettlscontexttest.c Examining data/libvirt-6.9.0/tests/virnettlshelpers.c Examining data/libvirt-6.9.0/tests/virnettlshelpers.h Examining data/libvirt-6.9.0/tests/virnettlssessiontest.c Examining data/libvirt-6.9.0/tests/virnetworkportxml2xmltest.c Examining data/libvirt-6.9.0/tests/virnumamock.c Examining data/libvirt-6.9.0/tests/virnwfilterbindingxml2xmltest.c Examining data/libvirt-6.9.0/tests/virpcimock.c Examining data/libvirt-6.9.0/tests/virpcitest.c Examining data/libvirt-6.9.0/tests/virpolkittest.c Examining data/libvirt-6.9.0/tests/virportallocatormock.c Examining data/libvirt-6.9.0/tests/virportallocatortest.c Examining data/libvirt-6.9.0/tests/virprocessmock.c Examining data/libvirt-6.9.0/tests/virrandommock.c Examining data/libvirt-6.9.0/tests/virresctrltest.c Examining data/libvirt-6.9.0/tests/virrotatingfiletest.c Examining data/libvirt-6.9.0/tests/virschematest.c Examining data/libvirt-6.9.0/tests/virscsitest.c Examining data/libvirt-6.9.0/tests/virshtest.c Examining data/libvirt-6.9.0/tests/virstoragetest.c Examining data/libvirt-6.9.0/tests/virstorageutiltest.c Examining data/libvirt-6.9.0/tests/virstringtest.c Examining data/libvirt-6.9.0/tests/virsystemdtest.c Examining data/libvirt-6.9.0/tests/virtestmock.c Examining data/libvirt-6.9.0/tests/virtimetest.c Examining data/libvirt-6.9.0/tests/virtypedparamtest.c Examining data/libvirt-6.9.0/tests/viruritest.c Examining data/libvirt-6.9.0/tests/virusbmock.c Examining data/libvirt-6.9.0/tests/virusbtest.c Examining data/libvirt-6.9.0/tests/vmwarevertest.c Examining data/libvirt-6.9.0/tests/vmx2xmltest.c Examining data/libvirt-6.9.0/tests/vshtabletest.c Examining data/libvirt-6.9.0/tests/xlconfigtest.c Examining data/libvirt-6.9.0/tests/xmconfigtest.c Examining data/libvirt-6.9.0/tests/xml2vmxtest.c Examining data/libvirt-6.9.0/tests/vircgrouptest.c Examining data/libvirt-6.9.0/tools/nss/libvirt_nss.c Examining data/libvirt-6.9.0/tools/nss/libvirt_nss.h Examining data/libvirt-6.9.0/tools/nss/libvirt_nss_leases.c Examining data/libvirt-6.9.0/tools/nss/libvirt_nss_leases.h Examining data/libvirt-6.9.0/tools/nss/libvirt_nss_macs.c Examining data/libvirt-6.9.0/tools/nss/libvirt_nss_macs.h Examining data/libvirt-6.9.0/tools/virsh-backup.c Examining data/libvirt-6.9.0/tools/virsh-backup.h Examining data/libvirt-6.9.0/tools/virsh-checkpoint.c Examining data/libvirt-6.9.0/tools/virsh-checkpoint.h Examining data/libvirt-6.9.0/tools/virsh-completer-checkpoint.c Examining data/libvirt-6.9.0/tools/virsh-completer-checkpoint.h Examining data/libvirt-6.9.0/tools/virsh-completer-domain.c Examining data/libvirt-6.9.0/tools/virsh-completer-domain.h Examining data/libvirt-6.9.0/tools/virsh-completer-host.c Examining data/libvirt-6.9.0/tools/virsh-completer-host.h Examining data/libvirt-6.9.0/tools/virsh-completer-interface.c Examining data/libvirt-6.9.0/tools/virsh-completer-interface.h Examining data/libvirt-6.9.0/tools/virsh-completer-network.c Examining data/libvirt-6.9.0/tools/virsh-completer-network.h Examining data/libvirt-6.9.0/tools/virsh-completer-nodedev.c Examining data/libvirt-6.9.0/tools/virsh-completer-nodedev.h Examining data/libvirt-6.9.0/tools/virsh-completer-nwfilter.c Examining data/libvirt-6.9.0/tools/virsh-completer-nwfilter.h Examining data/libvirt-6.9.0/tools/virsh-completer-pool.c Examining data/libvirt-6.9.0/tools/virsh-completer-pool.h Examining data/libvirt-6.9.0/tools/virsh-completer-secret.c Examining data/libvirt-6.9.0/tools/virsh-completer-secret.h Examining data/libvirt-6.9.0/tools/virsh-completer-snapshot.c Examining data/libvirt-6.9.0/tools/virsh-completer-snapshot.h Examining data/libvirt-6.9.0/tools/virsh-completer-volume.c Examining data/libvirt-6.9.0/tools/virsh-completer-volume.h Examining data/libvirt-6.9.0/tools/virsh-completer.c Examining data/libvirt-6.9.0/tools/virsh-completer.h Examining data/libvirt-6.9.0/tools/virsh-console.c Examining data/libvirt-6.9.0/tools/virsh-console.h Examining data/libvirt-6.9.0/tools/virsh-domain-monitor.c Examining data/libvirt-6.9.0/tools/virsh-domain-monitor.h Examining data/libvirt-6.9.0/tools/virsh-domain.c Examining data/libvirt-6.9.0/tools/virsh-domain.h Examining data/libvirt-6.9.0/tools/virsh-edit.c Examining data/libvirt-6.9.0/tools/virsh-host.c Examining data/libvirt-6.9.0/tools/virsh-host.h Examining data/libvirt-6.9.0/tools/virsh-interface.c Examining data/libvirt-6.9.0/tools/virsh-interface.h Examining data/libvirt-6.9.0/tools/virsh-network.c Examining data/libvirt-6.9.0/tools/virsh-network.h Examining data/libvirt-6.9.0/tools/virsh-nodedev.c Examining data/libvirt-6.9.0/tools/virsh-nodedev.h Examining data/libvirt-6.9.0/tools/virsh-nwfilter.c Examining data/libvirt-6.9.0/tools/virsh-nwfilter.h Examining data/libvirt-6.9.0/tools/virsh-pool.c Examining data/libvirt-6.9.0/tools/virsh-pool.h Examining data/libvirt-6.9.0/tools/virsh-secret.c Examining data/libvirt-6.9.0/tools/virsh-secret.h Examining data/libvirt-6.9.0/tools/virsh-snapshot.c Examining data/libvirt-6.9.0/tools/virsh-snapshot.h Examining data/libvirt-6.9.0/tools/virsh-util.c Examining data/libvirt-6.9.0/tools/virsh-util.h Examining data/libvirt-6.9.0/tools/virsh-volume.c Examining data/libvirt-6.9.0/tools/virsh-volume.h Examining data/libvirt-6.9.0/tools/virsh.c Examining data/libvirt-6.9.0/tools/virsh.h Examining data/libvirt-6.9.0/tools/virt-admin-completer.c Examining data/libvirt-6.9.0/tools/virt-admin-completer.h Examining data/libvirt-6.9.0/tools/virt-admin.c Examining data/libvirt-6.9.0/tools/virt-admin.h Examining data/libvirt-6.9.0/tools/virt-host-validate-bhyve.c Examining data/libvirt-6.9.0/tools/virt-host-validate-bhyve.h Examining data/libvirt-6.9.0/tools/virt-host-validate-common.c Examining data/libvirt-6.9.0/tools/virt-host-validate-common.h Examining data/libvirt-6.9.0/tools/virt-host-validate-lxc.c Examining data/libvirt-6.9.0/tools/virt-host-validate-lxc.h Examining data/libvirt-6.9.0/tools/virt-host-validate-qemu.c Examining data/libvirt-6.9.0/tools/virt-host-validate-qemu.h Examining data/libvirt-6.9.0/tools/virt-host-validate.c Examining data/libvirt-6.9.0/tools/virt-login-shell-helper.c Examining data/libvirt-6.9.0/tools/virt-login-shell.c Examining data/libvirt-6.9.0/tools/vsh-table.c Examining data/libvirt-6.9.0/tools/vsh-table.h Examining data/libvirt-6.9.0/tools/vsh.h Examining data/libvirt-6.9.0/tools/wireshark/src/packet-libvirt.c Examining data/libvirt-6.9.0/tools/wireshark/src/packet-libvirt.h Examining data/libvirt-6.9.0/tools/wireshark/src/plugin.c Examining data/libvirt-6.9.0/tools/vsh.c FINAL RESULTS: data/libvirt-6.9.0/src/locking/lock_driver_sanlock.c:314:14: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. (chown(path, driver->user, driver->group) < 0)) { data/libvirt-6.9.0/src/locking/lock_driver_sanlock.c:324:13: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(path, 0660) < 0) { data/libvirt-6.9.0/src/lxc/lxc_container.c:1875:13: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(ttyPath, uid, -1) < 0) { data/libvirt-6.9.0/src/lxc/lxc_container.c:2234:9: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(path, uid, gid) < 0) { data/libvirt-6.9.0/src/lxc/lxc_controller.c:1498:13: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(path, devs[i].mode)) { data/libvirt-6.9.0/src/lxc/lxc_controller.c:1569:13: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(path, sb.st_mode)) { data/libvirt-6.9.0/src/qemu/qemu_driver.c:251:13: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(src->path, uid, gid) < 0) data/libvirt-6.9.0/src/qemu/qemu_driver.c:799:13: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(cfg->libDir, cfg->user, cfg->group) < 0) { data/libvirt-6.9.0/src/qemu/qemu_driver.c:806:13: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(cfg->cacheDir, cfg->user, cfg->group) < 0) { data/libvirt-6.9.0/src/qemu/qemu_driver.c:813:13: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(cfg->saveDir, cfg->user, cfg->group) < 0) { data/libvirt-6.9.0/src/qemu/qemu_driver.c:820:13: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(cfg->snapshotDir, cfg->user, cfg->group) < 0) { data/libvirt-6.9.0/src/qemu/qemu_driver.c:827:13: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(cfg->checkpointDir, cfg->user, cfg->group) < 0) { data/libvirt-6.9.0/src/qemu/qemu_driver.c:834:13: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(cfg->autoDumpPath, cfg->user, cfg->group) < 0) { data/libvirt-6.9.0/src/qemu/qemu_driver.c:843:13: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(channeldir, cfg->user, cfg->group) < 0) { data/libvirt-6.9.0/src/qemu/qemu_driver.c:850:13: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(cfg->channelTargetDir, cfg->user, cfg->group) < 0) { data/libvirt-6.9.0/src/qemu/qemu_driver.c:857:13: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(cfg->nvramDir, cfg->user, cfg->group) < 0) { data/libvirt-6.9.0/src/qemu/qemu_driver.c:864:13: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(cfg->memoryBackingDir, cfg->user, cfg->group) < 0) { data/libvirt-6.9.0/src/qemu/qemu_driver.c:871:13: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(cfg->slirpStateDir, cfg->user, cfg->group) < 0) { data/libvirt-6.9.0/src/qemu/qemu_namespace.c:1005:9: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(data->file, data->sb.st_mode) < 0) { data/libvirt-6.9.0/src/qemu/qemu_process.c:8750:9: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(proc->uniqDir, proc->runUid, -1) < 0) { data/libvirt-6.9.0/src/qemu/qemu_shim.c:211:13: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(root, 0755) < 0) { data/libvirt-6.9.0/src/qemu/qemu_tpm.c:297:9: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(tpm->data.emulator.logfile, swtpm_user, swtpm_group) < 0) { data/libvirt-6.9.0/src/rpc/virnetsocket.c:526:21: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (grp != 0 && chown(path, user, grp)) { data/libvirt-6.9.0/src/security/security_dac.c:735:14: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. rc = chown(path, uid, gid); data/libvirt-6.9.0/src/storage/storage_file_fs.c:177:12: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. return chown(src->path, uid, gid); data/libvirt-6.9.0/src/storage/storage_util.c:546:13: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. && (chown(vol->target.path, uid, gid) < 0)) { data/libvirt-6.9.0/src/storage/storage_util.c:555:9: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(vol->target.path, mode) < 0) { data/libvirt-6.9.0/src/storage/storage_util.c:1251:13: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(secretPath, vol->target.perms->uid, data/libvirt-6.9.0/src/util/vircgroupv1.c:902:17: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(entry, uid, gid) < 0) { data/libvirt-6.9.0/src/util/vircgroupv1.c:912:13: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(base, uid, gid) < 0) { data/libvirt-6.9.0/src/util/vircgroupv2.c:589:9: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(base, uid, gid) < 0) { data/libvirt-6.9.0/src/util/virfile.c:610:9: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(path, mode) < 0) { data/libvirt-6.9.0/src/util/virfile.c:2607:13: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. && (chown(path, uid, gid) < 0)) { data/libvirt-6.9.0/src/util/virfile.c:2614:32: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (mode != (mode_t) -1 && chmod(path, mode) < 0) { data/libvirt-6.9.0/src/util/virfile.c:2751:32: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if ((st.st_gid != gid) && (chown(path, (uid_t) -1, gid) < 0)) { data/libvirt-6.9.0/src/util/virfile.c:2759:32: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (mode != (mode_t) -1 && chmod(path, mode) < 0) { data/libvirt-6.9.0/src/util/virfile.c:2971:13: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(path, uid, gid) < 0) { data/libvirt-6.9.0/tests/qemusecuritymock.c:106:24: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. VIR_MOCK_REAL_INIT(chown); data/libvirt-6.9.0/tests/qemusecuritymock.c:302:1: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. chown(const char *path, uid_t uid, gid_t gid) data/libvirt-6.9.0/examples/c/admin/logging.c:11:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, data/libvirt-6.9.0/examples/c/domain/domtop.c:40:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/libvirt-6.9.0/examples/c/domain/domtop.c:49:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/libvirt-6.9.0/examples/c/domain/suspend.c:37:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/libvirt-6.9.0/examples/c/domain/suspend.c:46:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/libvirt-6.9.0/src/bhyve/bhyve_conf.c:70:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK) == -1) { data/libvirt-6.9.0/src/conf/domain_conf.c:15825:59: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (virSysinfoSystemParseXML(tmpnode, ctxt, &def->system, data/libvirt-6.9.0/src/conf/domain_conf.c:27994:14: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (def->access) data/libvirt-6.9.0/src/conf/domain_conf.c:27996:66: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. virDomainMemoryAccessTypeToString(def->access)); data/libvirt-6.9.0/src/conf/domain_conf.c:29502:14: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (mem->access) data/libvirt-6.9.0/src/conf/domain_conf.c:29504:66: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. virDomainMemoryAccessTypeToString(mem->access)); data/libvirt-6.9.0/src/conf/domain_conf.h:2308:27: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. virDomainMemoryAccess access; data/libvirt-6.9.0/src/conf/domain_conf.h:2463:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. int access; /* enum virDomainMemoryAccess */ data/libvirt-6.9.0/src/conf/node_device_conf.c:175:15: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (data->system.product_name) data/libvirt-6.9.0/src/conf/node_device_conf.c:177:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. data->system.product_name); data/libvirt-6.9.0/src/conf/node_device_conf.c:180:15: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (data->system.hardware.vendor_name) data/libvirt-6.9.0/src/conf/node_device_conf.c:182:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. data->system.hardware.vendor_name); data/libvirt-6.9.0/src/conf/node_device_conf.c:183:15: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (data->system.hardware.version) data/libvirt-6.9.0/src/conf/node_device_conf.c:185:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. data->system.hardware.version); data/libvirt-6.9.0/src/conf/node_device_conf.c:186:15: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (data->system.hardware.serial) data/libvirt-6.9.0/src/conf/node_device_conf.c:188:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. data->system.hardware.serial); data/libvirt-6.9.0/src/conf/node_device_conf.c:189:25: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. virUUIDFormat(data->system.hardware.uuid, uuidstr); data/libvirt-6.9.0/src/conf/node_device_conf.c:196:15: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (data->system.firmware.vendor_name) data/libvirt-6.9.0/src/conf/node_device_conf.c:198:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. data->system.firmware.vendor_name); data/libvirt-6.9.0/src/conf/node_device_conf.c:199:15: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (data->system.firmware.version) data/libvirt-6.9.0/src/conf/node_device_conf.c:201:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. data->system.firmware.version); data/libvirt-6.9.0/src/conf/node_device_conf.c:202:15: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (data->system.firmware.release_date) data/libvirt-6.9.0/src/conf/node_device_conf.c:204:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. data->system.firmware.release_date); data/libvirt-6.9.0/src/conf/node_device_conf.c:1870:72: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ret = virNodeDevCapSystemParseXML(ctxt, def, node, &caps->data.system); data/libvirt-6.9.0/src/conf/node_device_conf.c:2160:24: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. VIR_FREE(data->system.product_name); data/libvirt-6.9.0/src/conf/node_device_conf.c:2161:24: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. VIR_FREE(data->system.hardware.vendor_name); data/libvirt-6.9.0/src/conf/node_device_conf.c:2162:24: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. VIR_FREE(data->system.hardware.version); data/libvirt-6.9.0/src/conf/node_device_conf.c:2163:24: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. VIR_FREE(data->system.hardware.serial); data/libvirt-6.9.0/src/conf/node_device_conf.c:2164:24: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. VIR_FREE(data->system.firmware.vendor_name); data/libvirt-6.9.0/src/conf/node_device_conf.c:2165:24: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. VIR_FREE(data->system.firmware.version); data/libvirt-6.9.0/src/conf/node_device_conf.c:2166:24: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. VIR_FREE(data->system.firmware.release_date); data/libvirt-6.9.0/src/conf/node_device_conf.h:290:29: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. virNodeDevCapSystem system; data/libvirt-6.9.0/src/internal.h:511:9: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # undef printf data/libvirt-6.9.0/src/internal.h:512:10: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define printf(...) g_printf(__VA_ARGS__) data/libvirt-6.9.0/src/internal.h:514:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # undef fprintf data/libvirt-6.9.0/src/internal.h:515:10: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define fprintf(fh, ...) g_fprintf(fh, __VA_ARGS__) data/libvirt-6.9.0/src/libvirt-lxc.c:225:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(oldlabel->label, (char *) ctx); data/libvirt-6.9.0/src/libxl/libxl_conf.c:1844:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK) == -1) { data/libvirt-6.9.0/src/locking/lock_daemon.c:769:9: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (execvp(argv[0], argv) < 0) { data/libvirt-6.9.0/src/locking/lock_daemon_config.c:110:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access(filename, R_OK) == -1 && data/libvirt-6.9.0/src/locking/lock_driver_lockd.c:87:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(configFile, R_OK) == -1) { data/libvirt-6.9.0/src/locking/lock_driver_sanlock.c:127:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(configFile, R_OK) == -1) { data/libvirt-6.9.0/src/locking/lock_manager.c:149:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(modfile, R_OK) < 0) { data/libvirt-6.9.0/src/logging/log_daemon.c:553:9: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (execvp(argv[0], argv) < 0) { data/libvirt-6.9.0/src/logging/log_daemon_config.c:116:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access(filename, R_OK) == -1 && data/libvirt-6.9.0/src/lxc/lxc_conf.c:252:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK) == -1) data/libvirt-6.9.0/src/lxc/lxc_container.c:570:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(fs->src->path, F_OK)) { data/libvirt-6.9.0/src/lxc/lxc_controller.c:2166:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(ctrl->devptmx, R_OK) < 0) { data/libvirt-6.9.0/src/network/bridge_driver.c:2168:26: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (ignoreMissing && access(field, W_OK) < 0 && errno == ENOENT) data/libvirt-6.9.0/src/node_device/node_device_driver.c:121:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(driver_link, R_OK) < 0) data/libvirt-6.9.0/src/node_device/node_device_udev.c:1845:37: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. udevGetDMIData(&def->caps->data.system); data/libvirt-6.9.0/src/openvz/openvz_driver.c:1250:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("/proc/vz", W_OK) < 0) data/libvirt-6.9.0/src/openvz/openvz_driver.c:1281:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("/proc/vz", W_OK) < 0) { data/libvirt-6.9.0/src/qemu/qemu_command.c:2893:44: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. virDomainMemoryAccess memAccess = mem->access; data/libvirt-6.9.0/src/qemu/qemu_command.c:2932:30: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. memAccess = def->mem.access; data/libvirt-6.9.0/src/qemu/qemu_command.c:5698:54: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. smbioscmd = qemuBuildSmbiosSystemStr(source->system, skip_uuid); data/libvirt-6.9.0/src/qemu/qemu_conf.c:1043:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(filename, R_OK) == -1) { data/libvirt-6.9.0/src/qemu/qemu_driver.c:1372:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(proc, R_OK) < 0) { data/libvirt-6.9.0/src/qemu/qemu_driver.c:1446:9: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. fscanf(pidinfo, data/libvirt-6.9.0/src/qemu/qemu_driver.c:5979:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(secmodel->model, p); data/libvirt-6.9.0/src/qemu/qemu_driver.c:5988:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(secmodel->doi, p); data/libvirt-6.9.0/src/qemu/qemu_process.c:3915:18: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. def->mem.access != VIR_DOMAIN_MEMORY_ACCESS_DEFAULT) data/libvirt-6.9.0/src/qemu/qemu_process.c:3927:15: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. (mem->access != VIR_DOMAIN_MEMORY_ACCESS_DEFAULT || data/libvirt-6.9.0/src/qemu/qemu_validate.c:788:14: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. mem->access != VIR_DOMAIN_MEMORY_ACCESS_DEFAULT && data/libvirt-6.9.0/src/qemu/qemu_validate.c:789:14: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. mem->access != VIR_DOMAIN_MEMORY_ACCESS_PRIVATE) { data/libvirt-6.9.0/src/qemu/qemu_validate.c:793:63: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. virDomainMemoryAccessTypeToString(mem->access)); data/libvirt-6.9.0/src/qemu/qemu_validate.c:3922:26: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (def->mem.access != VIR_DOMAIN_MEMORY_ACCESS_SHARED) { data/libvirt-6.9.0/src/remote/remote_daemon_config.c:385:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access(filename, R_OK) == -1 && data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:2651:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ret->label.label_val, seclabel->label); data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:2733:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ret->model.model_val, secmodel.model); data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:2737:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(ret->doi.doi_val, secmodel.doi); data/libvirt-6.9.0/src/remote/remote_driver.c:2341:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(seclabel->label, ret.label.label_val); data/libvirt-6.9.0/src/remote/remote_driver.c:2386:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy((*seclabels)[i].label, cur->label.label_val); data/libvirt-6.9.0/src/remote/remote_driver.c:2457:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(secmodel->model, ret.model.model_val); data/libvirt-6.9.0/src/remote/remote_driver.c:2466:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(secmodel->doi, ret.doi.doi_val); data/libvirt-6.9.0/src/rpc/virnettlscontext.c:564:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if ((access(certFile, R_OK) == 0) && data/libvirt-6.9.0/src/rpc/virnettlscontext.c:567:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if ((access(cacertFile, R_OK) == 0) && data/libvirt-6.9.0/src/security/security_apparmor.c:242:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(APPARMOR_PROFILES_PATH, R_OK) != 0) data/libvirt-6.9.0/src/security/security_selinux.c:1221:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sec->label, (char *)ctx); data/libvirt-6.9.0/src/storage/storage_backend_logical.c:165:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(regex, regex_unit); data/libvirt-6.9.0/src/storage/storage_backend_logical.c:169:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(regex, regex_unit); data/libvirt-6.9.0/src/storage/storage_util.c:876:21: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. accessRetCode = access(absolutePath ? absolutePath : data/libvirt-6.9.0/src/storage/storage_util.c:3989:13: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(lun_dirent->d_name, devicepattern, data/libvirt-6.9.0/src/test/test_driver.c:761:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(absFile, filename); data/libvirt-6.9.0/src/util/virauth.c:74:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(*path, R_OK) == 0) data/libvirt-6.9.0/src/util/virauth.c:82:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(*path, R_OK) == 0) data/libvirt-6.9.0/src/util/vircommand.c:869:9: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execv(binary, cmd->args); data/libvirt-6.9.0/src/util/virerror.c:1341:11: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(msgDetailBuf + n, errnoDetail); data/libvirt-6.9.0/src/util/virfile.c:1850:12: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return access(path, F_OK) == 0; data/libvirt-6.9.0/src/util/virfile.c:2096:16: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return access(path, mode); data/libvirt-6.9.0/src/util/virfile.c:2127:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(path, mode) < 0) data/libvirt-6.9.0/src/util/virfile.c:2787:12: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return access(path, mode); data/libvirt-6.9.0/src/util/virlog.c:207:26: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. bool have_journald = access("/run/systemd/journal/socket", W_OK) >= 0; data/libvirt-6.9.0/src/util/virsysinfo.c:162:34: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. virSysinfoSystemDefFree(def->system); data/libvirt-6.9.0/src/util/virsysinfo.c:211:32: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return !(def->bios || def->system || def->nbaseBoard > 0 || data/libvirt-6.9.0/src/util/virsysinfo.c:333:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (virSysinfoParsePPCSystem(outbuf, &ret->system) < 0) data/libvirt-6.9.0/src/util/virsysinfo.c:466:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (virSysinfoParseARMSystem(outbuf, &ret->system) < 0) data/libvirt-6.9.0/src/util/virsysinfo.c:632:49: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (virSysinfoParseS390System(outbuf, &ret->system) < 0) data/libvirt-6.9.0/src/util/virsysinfo.c:1237:48: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (virSysinfoParseX86System(outbuf, &ret->system) < 0) data/libvirt-6.9.0/src/util/virsysinfo.c:1527:38: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. virSysinfoSystemFormat(buf, def->system); data/libvirt-6.9.0/src/util/virsysinfo.c:1723:39: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!virSysinfoSystemIsEqual(src->system, dst->system)) data/libvirt-6.9.0/src/util/virsysinfo.c:1723:52: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (!virSysinfoSystemIsEqual(src->system, dst->system)) data/libvirt-6.9.0/src/util/virsysinfo.h:131:28: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. virSysinfoSystemDefPtr system; data/libvirt-6.9.0/src/util/virutil.c:452:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, prefix); data/libvirt-6.9.0/src/util/virutil.c:1901:21: [4] (misc) getpass: This function is obsolete and not portable. It was in SUSv2 but removed by POSIX.2. What it does exactly varies considerably between systems, particularly in where its prompt is displayed and where it gets its data (e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do exactly what you want. If you continue to use it, or write your own, be sure to zero the password as soon as possible to avoid leaving the cleartext password visible in the process' address space. return g_strdup(getpass("")); data/libvirt-6.9.0/tests/nssmock.c:50:24: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. VIR_MOCK_REAL_INIT(access); data/libvirt-6.9.0/tests/nssmock.c:114:1: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access(const char *path, int mode) data/libvirt-6.9.0/tests/qemucaps2xmlmock.c:30:12: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return access(path, F_OK) == 0; data/libvirt-6.9.0/tests/testutils.h:84:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, fmt "\n", ## __VA_ARGS__); \ data/libvirt-6.9.0/tests/testutils.h:90:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, fmt "\n", ## __VA_ARGS__); \ data/libvirt-6.9.0/tests/testutils.h:134:13: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execv(argv[0], argv); \ data/libvirt-6.9.0/tests/vircaps2xmltest.c:54:52: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. virFileWrapperAddPrefix("/sys/devices/system", system); data/libvirt-6.9.0/tests/vircaps2xmltest.c:81:14: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. VIR_FREE(system); data/libvirt-6.9.0/tests/vircgroupmock.c:308:24: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. VIR_MOCK_REAL_INIT(access); data/libvirt-6.9.0/tests/vircgroupmock.c:463:5: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. int access(const char *path, int mode) data/libvirt-6.9.0/tests/vircgrouptest.c:609:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, present ? \ data/libvirt-6.9.0/tests/virfilewrapper.c:56:24: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. VIR_MOCK_REAL_INIT(access); data/libvirt-6.9.0/tests/virfilewrapper.c:60:24: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. VIR_MOCK_REAL_INIT(execv); data/libvirt-6.9.0/tests/virfilewrapper.c:153:5: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. int access(const char *path, int mode) data/libvirt-6.9.0/tests/virfilewrapper.c:196:5: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. int execv(const char *path, char *const argv[]) data/libvirt-6.9.0/tests/virmockstathelpers.c:142:42: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define fdebug(msg, ...) do { if (debug) fprintf(stderr, msg, __VA_ARGS__); } while (0) data/libvirt-6.9.0/tests/virpcimock.c:56:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/libvirt-6.9.0/tests/virpcimock.c:355:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(buf, ADDR_STR_FMT, data/libvirt-6.9.0/tests/virpcimock.c:932:24: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. VIR_MOCK_REAL_INIT(access); data/libvirt-6.9.0/tests/virpcimock.c:1022:1: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. access(const char *path, int mode) data/libvirt-6.9.0/tests/virstringtest.c:449:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, \ data/libvirt-6.9.0/tests/virstringtest.c:455:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, \ data/libvirt-6.9.0/tests/virstringtest.c:461:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, \ data/libvirt-6.9.0/tests/virtestmock.c:50:24: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. VIR_MOCK_REAL_INIT(access); data/libvirt-6.9.0/tests/virtestmock.c:172:5: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. int access(const char *path, int mode) data/libvirt-6.9.0/tools/nss/libvirt_nss.h:43:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/libvirt-6.9.0/tools/nss/libvirt_nss.h:51:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/libvirt-6.9.0/tools/virsh-domain.c:10127:13: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execv(cmdargv[0], cmdargv); data/libvirt-6.9.0/tools/virt-host-validate-common.c:143:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(dev_name, F_OK) < 0) { data/libvirt-6.9.0/tools/virt-host-validate-common.c:160:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(dev_name, R_OK|W_OK) < 0) { data/libvirt-6.9.0/tools/virt-host-validate-common.c:181:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(nspath, F_OK) < 0) { data/libvirt-6.9.0/tools/virt-host-validate-common.c:353:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("/sys/firmware/acpi/tables/DMAR", F_OK) == 0) { data/libvirt-6.9.0/tools/virt-host-validate-common.c:365:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access("/sys/firmware/acpi/tables/IVRS", F_OK) == 0) { data/libvirt-6.9.0/tools/virt-login-shell-helper.c:386:13: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (execv(shcmd, (char *const*) shargv) < 0) { data/libvirt-6.9.0/tools/vsh.c:666:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stdout, fmt, opt->name); data/libvirt-6.9.0/examples/c/admin/logging.c:35:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, ":hpo:f:")) > 0) { data/libvirt-6.9.0/examples/c/domain/domtop.c:96:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((arg = getopt_long(argc, argv, "+:dhc:D:", opt, NULL)) != -1) { data/libvirt-6.9.0/examples/c/domain/suspend.c:86:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((arg = getopt_long(argc, argv, "+:dhc:s:", opt, NULL)) != -1) { data/libvirt-6.9.0/src/admin/libvirt-admin.c:165:27: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *defname = getenv("LIBVIRT_ADMIN_DEFAULT_URI"); data/libvirt-6.9.0/src/libvirt.c:835:27: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *defname = getenv("LIBVIRT_DEFAULT_URI"); data/libvirt-6.9.0/src/locking/lock_daemon.c:885:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "df:p:t:vVh", opts, &optidx); data/libvirt-6.9.0/src/logging/log_daemon.c:668:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "df:p:t:vVh", opts, &optidx); data/libvirt-6.9.0/src/lxc/lxc_controller.c:2500:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, "dn:v:p:m:c:s:h:S:N:I:U:", data/libvirt-6.9.0/src/network/leaseshelper.c:90:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *iaid = getenv("DNSMASQ_IAID"); data/libvirt-6.9.0/src/network/leaseshelper.c:91:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *clientid = getenv("DNSMASQ_CLIENT_ID"); data/libvirt-6.9.0/src/network/leaseshelper.c:92:29: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *interface = getenv("DNSMASQ_INTERFACE"); data/libvirt-6.9.0/src/network/leaseshelper.c:93:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *hostname = getenv("DNSMASQ_SUPPLIED_HOSTNAME"); data/libvirt-6.9.0/src/network/leaseshelper.c:134:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. !(interface = getenv("VIR_BRIDGE_NAME"))) { data/libvirt-6.9.0/src/network/leaseshelper.c:153:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. mac = getenv("DNSMASQ_MAC"); data/libvirt-6.9.0/src/network/leaseshelper.c:157:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. server_duid = g_strdup(getenv("DNSMASQ_SERVER_DUID")); data/libvirt-6.9.0/src/qemu/qemu_interop_config.c:117:30: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. xdgConfig = g_strdup(getenv("XDG_CONFIG_HOME")); data/libvirt-6.9.0/src/remote/remote_daemon.c:824:13: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. c = getopt_long(argc, argv, optstr, opts, &optidx); data/libvirt-6.9.0/src/remote/remote_driver.c:717:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("VIRTD_PATH") != NULL) { data/libvirt-6.9.0/src/remote/remote_sockets.c:229:33: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *autostart_str = getenv("LIBVIRT_AUTOSTART"); data/libvirt-6.9.0/src/rpc/virnetlibsshsession.c:174:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. dbgLevelStr = getenv("LIBVIRT_LIBSSH_DEBUG"); data/libvirt-6.9.0/src/rpc/virnettlscontext.c:1439:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((gnutlsdebug = getenv("LIBVIRT_GNUTLS_DEBUG")) != NULL) { data/libvirt-6.9.0/src/security/virt-aa-helper.c:749:25: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. if ((pathreal = realpath(pathdir, NULL)) == NULL) { data/libvirt-6.9.0/src/security/virt-aa-helper.c:1369:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((arg = getopt_long(argc, argv, "acdDhrRH:b:u:p:f:F:", opt, data/libvirt-6.9.0/src/util/virauth.c:45:27: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *authenv = getenv("LIBVIRT_AUTH_FILE"); data/libvirt-6.9.0/src/util/vircommand.c:1437:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. value = getenv(name); data/libvirt-6.9.0/src/util/virfile.c:1664:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. origpath = getenv("PATH"); data/libvirt-6.9.0/src/util/virfile.c:1723:36: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *envval = envname ? getenv(envname) : NULL; data/libvirt-6.9.0/src/util/virfile.c:1786:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LIBVIRT_DIR_OVERRIDE") != NULL) data/libvirt-6.9.0/src/util/virfile.c:3281:12: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. return realpath(path, NULL); /* exempt from syntax-check */ data/libvirt-6.9.0/src/util/virlease.c:212:31: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *exptime_tmp = getenv("DNSMASQ_LEASE_EXPIRES"); data/libvirt-6.9.0/src/util/virlease.c:218:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. hostname = getenv("DNSMASQ_OLD_HOSTNAME"); data/libvirt-6.9.0/src/util/virlog.c:1210:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. debugEnv = getenv("LIBVIRT_DEBUG"); data/libvirt-6.9.0/src/util/virlog.c:1213:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. debugEnv = getenv("LIBVIRT_LOG_FILTERS"); data/libvirt-6.9.0/src/util/virlog.c:1216:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. debugEnv = getenv("LIBVIRT_LOG_OUTPUTS"); data/libvirt-6.9.0/src/util/virsystemd.c:553:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!(path = getenv("NOTIFY_SOCKET"))) { data/libvirt-6.9.0/src/util/virsystemd.c:835:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!(pidstr = getenv("LISTEN_PID"))) { data/libvirt-6.9.0/src/util/virsystemd.c:851:19: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!(fdstr = getenv("LISTEN_FDS"))) { data/libvirt-6.9.0/src/util/virsystemd.c:902:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. fdnames = getenv("LISTEN_FDNAMES"); data/libvirt-6.9.0/src/util/virutil.c:560:21: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. return g_strdup(g_get_home_dir()); data/libvirt-6.9.0/src/util/virutil.c:1073:21: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. return g_strdup(g_get_home_dir()); data/libvirt-6.9.0/src/vbox/vbox_XPCOMCGlue.c:191:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *home = getenv("VBOX_APP_HOME"); data/libvirt-6.9.0/src/vbox/vbox_common.c:3534:51: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. graphics->data.desktop.display = g_strdup(getenv("DISPLAY")); data/libvirt-6.9.0/tests/eventtest.c:329:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *debugEnv = getenv("LIBVIRT_DEBUG"); data/libvirt-6.9.0/tests/fdstreamtest.c:333:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LIBVIRT_SKIP_CLEANUP") == NULL) data/libvirt-6.9.0/tests/qemucpumock.c:33:25: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *model = getenv("VIR_TEST_MOCK_FAKE_HOST_CPU"); data/libvirt-6.9.0/tests/qemuhotplugtest.c:899:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LIBVIRT_SKIP_CLEANUP") == NULL) data/libvirt-6.9.0/tests/qemumemlocktest.c:142:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LIBVIRT_SKIP_CLEANUP") == NULL) data/libvirt-6.9.0/tests/qemusecuritymock.c:231:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv(ENVVAR)) { \ data/libvirt-6.9.0/tests/qemusecuritymock.c:308:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv(ENVVAR)) data/libvirt-6.9.0/tests/qemusecuritymock.c:324:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv(ENVVAR)) { data/libvirt-6.9.0/tests/qemusecuritymock.c:348:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (fd == 42 && getenv(ENVVAR)) data/libvirt-6.9.0/tests/qemuxml2argvtest.c:3412:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LIBVIRT_SKIP_CLEANUP") == NULL) data/libvirt-6.9.0/tests/qemuxml2xmltest.c:1519:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LIBVIRT_SKIP_CLEANUP") == NULL) data/libvirt-6.9.0/tests/scsihosttest.c:280:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LIBVIRT_SKIP_CLEANUP") == NULL) data/libvirt-6.9.0/tests/securityselinuxhelper.c:98:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("FAKE_SELINUX_CONTEXT") == NULL) { data/libvirt-6.9.0/tests/securityselinuxhelper.c:103:25: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. *context = g_strdup(getenv("FAKE_SELINUX_CONTEXT")); data/libvirt-6.9.0/tests/securityselinuxhelper.c:123:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("FAKE_SELINUX_CONTEXT") == NULL) { data/libvirt-6.9.0/tests/securityselinuxhelper.c:128:25: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. *context = g_strdup(getenv("FAKE_SELINUX_CONTEXT")); data/libvirt-6.9.0/tests/securityselinuxhelper.c:212:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. return getenv("FAKE_SELINUX_DISABLED") == NULL; data/libvirt-6.9.0/tests/testutils.c:78:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((flagStr = getenv(name)) == NULL) data/libvirt-6.9.0/tests/testutils.c:125:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("VIR_TEST_MOCK_PROGNAME")) data/libvirt-6.9.0/tests/testutils.c:726:24: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *path = getenv("PATH"); data/libvirt-6.9.0/tests/testutils.c:761:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("VIR_TEST_FILE_ACCESS")) { data/libvirt-6.9.0/tests/testutils.c:816:10: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!getenv("LIBVIRT_DEBUG") && !virLogGetNbOutputs()) { data/libvirt-6.9.0/tests/testutils.c:828:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((testRange = getenv("VIR_TEST_RANGE")) != NULL) { data/libvirt-6.9.0/tests/testutils.h:124:31: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *preload = getenv(PRELOAD_VAR); \ data/libvirt-6.9.0/tests/vircgroupmock.c:320:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. mock = getenv("VIR_CGROUP_MOCK_MODE"); data/libvirt-6.9.0/tests/vircgroupmock.c:347:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!(newfakerootdir = getenv("LIBVIRT_FAKE_ROOT_DIR"))) { data/libvirt-6.9.0/tests/vircgroupmock.c:357:12: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. mock = getenv("VIR_CGROUP_MOCK_MODE"); data/libvirt-6.9.0/tests/vircgroupmock.c:419:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *filename = getenv("VIR_CGROUP_MOCK_FILENAME"); data/libvirt-6.9.0/tests/vircgrouptest.c:941:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LIBVIRT_SKIP_CLEANUP") == NULL) data/libvirt-6.9.0/tests/virfilemock.c:48:24: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. VIR_MOCK_REAL_INIT(realpath); data/libvirt-6.9.0/tests/virfilemock.c:59:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((mtab = getenv("LIBVIRT_MTAB"))) data/libvirt-6.9.0/tests/virfilemock.c:120:23: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. if (!(canonPath = realpath(path, NULL))) data/libvirt-6.9.0/tests/virfilemock.c:174:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((mtab = getenv("LIBVIRT_MTAB"))) data/libvirt-6.9.0/tests/virfilemock.c:182:1: [3] (buffer) realpath: This function does not protect against buffer overflows, and some implementations can overflow internally (CWE-120/CWE-785!). Ensure that the destination buffer is at least of size MAXPATHLEN, andto protect against implementation problems, the input argument should also be checked to ensure it is no larger than MAXPATHLEN. realpath(const char *path, char *resolved) data/libvirt-6.9.0/tests/virfilemock.c:187:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LIBVIRT_MTAB")) { data/libvirt-6.9.0/tests/virhashtest.c:303:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(9000); data/libvirt-6.9.0/tests/virhostdevtest.c:107:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!getenv("LIBVIRT_SKIP_CLEANUP")) data/libvirt-6.9.0/tests/virhostdevtest.c:624:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LIBVIRT_SKIP_CLEANUP") == NULL) data/libvirt-6.9.0/tests/virmockstathelpers.c:150:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. debug = getenv("VIR_MOCK_STAT_DEBUG"); data/libvirt-6.9.0/tests/virnetdaemontest.c:381:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("VIR_GENERATE_JSON")) { data/libvirt-6.9.0/tests/virnettlshelpers.c:436:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("VIRT_TEST_DEBUG_CERTS") == NULL) data/libvirt-6.9.0/tests/virpcimock.c:947:25: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!(fakerootdir = getenv("LIBVIRT_FAKE_ROOT_DIR"))) data/libvirt-6.9.0/tests/virpcitest.c:405:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LIBVIRT_SKIP_CLEANUP") == NULL) data/libvirt-6.9.0/tests/virportallocatormock.c:60:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LIBVIRT_TEST_IPV4ONLY") && domain == AF_INET6) { data/libvirt-6.9.0/tests/virportallocatormock.c:76:27: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (host_has_ipv6 && !getenv("LIBVIRT_TEST_IPV4ONLY")) { data/libvirt-6.9.0/tests/virscsitest.c:229:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("LIBVIRT_SKIP_CLEANUP") == NULL) data/libvirt-6.9.0/tests/virsystemdtest.c:65:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("FAIL_BAD_SERVICE")) { data/libvirt-6.9.0/tests/virsystemdtest.c:80:38: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. reply = g_variant_new("(s)", getenv("RESULT_SUPPORT")); data/libvirt-6.9.0/tests/virsystemdtest.c:89:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!getenv("FAIL_NO_SERVICE")) { data/libvirt-6.9.0/tests/virsystemdtest.c:103:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!getenv("FAIL_NO_SERVICE") && !getenv("FAIL_NOT_REGISTERED")) { data/libvirt-6.9.0/tests/virsystemdtest.c:103:44: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!getenv("FAIL_NO_SERVICE") && !getenv("FAIL_NOT_REGISTERED")) { data/libvirt-6.9.0/tests/virtestmock.c:59:28: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *testname = getenv("VIR_TEST_MOCK_TESTNAME"); data/libvirt-6.9.0/tests/virtestmock.c:62:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. progname = getenv("VIR_TEST_MOCK_PROGNAME"); data/libvirt-6.9.0/tests/virtestmock.c:67:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. output = getenv("VIR_TEST_FILE_ACCESS_OUTPUT"); data/libvirt-6.9.0/tools/virsh.c:658:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((arg = getopt_long(argc, argv, "+:c:d:e:hk:K:l:qrtvV", opt, &longindex)) != -1) { data/libvirt-6.9.0/tools/virsh.c:892:34: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. ctl->connname = g_strdup(getenv("VIRSH_DEFAULT_CONNECT_URI")); data/libvirt-6.9.0/tools/virt-admin.c:1297:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((arg = getopt_long(argc, argv, "+:c:d:hl:qvV", opt, &longindex)) != -1) { data/libvirt-6.9.0/tools/virt-host-validate.c:89:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt_long(argc, argv, "hvq", argOptions, NULL)) != -1) { data/libvirt-6.9.0/tools/virt-login-shell-helper.c:209:19: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((arg = getopt_long(argc, argv, "hVc:", opt, &longindex)) != -1) { data/libvirt-6.9.0/tools/virt-login-shell-helper.c:363:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. term = g_strdup(getenv("TERM")); data/libvirt-6.9.0/tools/virt-login-shell.c:44:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *term = getenv("TERM"); data/libvirt-6.9.0/tools/vsh.c:2344:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. tmpdir = getenv("TMPDIR"); data/libvirt-6.9.0/tools/vsh.c:2392:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. editor = getenv("VISUAL"); data/libvirt-6.9.0/tools/vsh.c:2394:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. editor = getenv("EDITOR"); data/libvirt-6.9.0/tools/vsh.c:2856:25: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((histsize_str = getenv(histsize_env))) { data/libvirt-6.9.0/tools/vsh.c:2972:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. debugEnv = getenv(env); data/libvirt-6.9.0/tools/vsh.c:2990:20: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. debugEnv = getenv(env); data/libvirt-6.9.0/examples/c/misc/event-test.c:774:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/examples/c/misc/event-test.c:789:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/include/libvirt/libvirt-domain.h:2125:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cpumap, VIR_GET_CPUMAP(cpumaps, maplen, vcpu), maplen) data/libvirt-6.9.0/include/libvirt/libvirt-host.h:96:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[VIR_SECURITY_LABEL_BUFLEN]; /* security label string */ data/libvirt-6.9.0/include/libvirt/libvirt-host.h:131:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char model[VIR_SECURITY_MODEL_BUFLEN]; /* security model string */ data/libvirt-6.9.0/include/libvirt/libvirt-host.h:132:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char doi[VIR_SECURITY_DOI_BUFLEN]; /* domain of interpretation */ data/libvirt-6.9.0/include/libvirt/libvirt-host.h:159:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char model[32]; /* string indicating the CPU model */ data/libvirt-6.9.0/include/libvirt/libvirt-host.h:249:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field[VIR_NODE_CPU_STATS_FIELD_LENGTH]; data/libvirt-6.9.0/include/libvirt/libvirt-host.h:311:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field[VIR_NODE_MEMORY_STATS_FIELD_LENGTH]; data/libvirt-6.9.0/src/access/viraccessdriverpolkit.c:185:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/access/viraccessdriverpolkit.c:225:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/access/viraccessdriverpolkit.c:247:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr1[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/access/viraccessdriverpolkit.c:248:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr2[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/access/viraccessdriverpolkit.c:289:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/access/viraccessdriverpolkit.c:330:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/access/viraccessdriverpolkit.c:408:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/access/viraccessdriverpolkit.c:430:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/bhyve/bhyve_command.c:49:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/bhyve/bhyve_driver.c:168:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/bhyve/bhyve_driver.c:770:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/bhyve/bhyve_process.c:128:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((logfd = open(logfile, O_WRONLY | O_APPEND | O_CREAT, data/libvirt-6.9.0/src/bhyve/bhyve_process.c:380:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[_POSIX2_LINE_MAX]; data/libvirt-6.9.0/src/bhyve/bhyve_process.c:481:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[_POSIX2_LINE_MAX]; data/libvirt-6.9.0/src/conf/capabilities.c:1065:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host_uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/capabilities.h:193:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char host_uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/conf/checkpoint_conf.c:522:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_addr.c:2242:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info->addr.usb.port, portpath, sizeof(portpath)); data/libvirt-6.9.0/src/conf/domain_audit.c:95:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_audit.c:271:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newMacstr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_audit.c:272:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oldMacstr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_audit.c:302:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_audit.c:303:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macstr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_audit.c:342:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_audit.c:475:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_audit.c:529:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_audit.c:592:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_audit.c:705:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_audit.c:752:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_audit.c:847:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_audit.c:875:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_audit.c:903:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_audit.c:947:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:6435:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macstr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:6483:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macstr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:8497:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN] = {0}; data/libvirt-6.9.0/src/conf/domain_conf.c:9035:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&def->info.addr.drive, &addr, sizeof(addr)); data/libvirt-6.9.0/src/conf/domain_conf.c:15636:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuidbuf[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:15637:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:15644:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(domUUID, uuidbuf, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/conf/domain_conf.c:17781:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mac[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:17975:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:18043:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:19481:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int val = virDomainFeatureTypeFromString((const char *)nodes[i]->name); data/libvirt-6.9.0/src/conf/domain_conf.c:19687:60: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. feature = virDomainHypervTypeFromString((const char *)nodes[i]->name); data/libvirt-6.9.0/src/conf/domain_conf.c:19792:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (STRNEQ((const char *)nodes[i]->name, "direct")) { data/libvirt-6.9.0/src/conf/domain_conf.c:19826:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. feature = virDomainKVMTypeFromString((const char *)nodes[i]->name); data/libvirt-6.9.0/src/conf/domain_conf.c:19874:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. feature = virDomainXenTypeFromString((const char *)nodes[i]->name); data/libvirt-6.9.0/src/conf/domain_conf.c:19975:68: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int val = virDomainProcessCapsFeatureTypeFromString((const char *)nodes[i]->name); data/libvirt-6.9.0/src/conf/domain_conf.c:20445:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. def->os.initargv[i] = g_strdup((const char *)nodes[i]->children->content); data/libvirt-6.9.0/src/conf/domain_conf.c:20471:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. def->os.initenv[i]->value = g_strdup((const char *)nodes[i]->children->content); data/libvirt-6.9.0/src/conf/domain_conf.c:23202:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char srcmac[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:23203:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dstmac[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:24383:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidsrc[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:24384:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuiddst[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:24401:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char guidsrc[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:24402:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char guiddst[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:26610:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:26843:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macstr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:26919:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:27581:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:28005:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:29945:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:29981:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char genidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:30656:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:31905:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wshortname[VIR_DOMAIN_SHORT_NAME_MAX + 1] = {0}; data/libvirt-6.9.0/src/conf/domain_conf.c:32096:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(port->owneruuid, dom->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/conf/domain_conf.c:32101:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&port->mac, &iface->mac, VIR_MAC_BUFLEN); data/libvirt-6.9.0/src/conf/domain_conf.c:32251:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(port->uuid, iface->data.network.portid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/conf/domain_conf.c:32258:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(port->owneruuid, dom->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/conf/domain_conf.c:32263:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&port->mac, &iface->mac, VIR_MAC_BUFLEN); data/libvirt-6.9.0/src/conf/domain_conf.c:32375:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.c:32376:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macstr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.h:268:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; /* mediated device's uuid string */ data/libvirt-6.9.0/src/conf/domain_conf.h:1046:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char portid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.h:1304:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *file[VIR_DOMAIN_SMARTCARD_NUM_CERTIFICATES]; data/libvirt-6.9.0/src/conf/domain_conf.h:1358:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char secretuuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.h:2326:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.h:2555:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.h:2557:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char genid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_conf.h:2891:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char macPrefix[VIR_MAC_PREFIX_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_event.c:574:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_event.c:2006:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_event.c:2126:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_event.c:2174:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/domain_event.c:2316:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/netdev_vport_profile_conf.c:252:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/netdev_vport_profile_conf.c:261:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/network_conf.c:2479:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/network_conf.c:2647:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/network_conf.c:2756:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/network_conf.h:265:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/conf/network_event.c:145:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/network_event.c:189:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/network_event.c:221:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/node_device_conf.c:173:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/node_device_conf.h:122:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/conf/nwfilter_conf.c:2787:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/nwfilter_conf.c:3047:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/nwfilter_conf.h:126:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char protocolID[10]; data/libvirt-6.9.0/src/conf/nwfilter_conf.h:133:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char setname[MAX_IPSET_NAME_LENGTH]; data/libvirt-6.9.0/src/conf/nwfilter_conf.h:537:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/conf/nwfilter_params.c:799:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (const char *)items[i].key, data/libvirt-6.9.0/src/conf/object_event.c:624:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(event->meta.uuid, uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/conf/object_event_private.h:30:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/conf/secret_conf.c:281:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/secret_conf.h:30:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/conf/secret_event.c:177:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/secret_event.c:221:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/secret_event.c:256:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/secret_event.c:288:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/snapshot_conf.c:496:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/snapshot_conf.c:731:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(snapdisk, existing, sizeof(*snapdisk)); data/libvirt-6.9.0/src/conf/storage_conf.c:1182:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/storage_conf.c:1705:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/storage_conf.h:257:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/conf/storage_event.c:177:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/storage_event.c:221:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/storage_event.c:253:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/storage_event.c:284:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virchrdev.c:135:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((lockfd = open(path, O_WRONLY | O_CREAT | O_EXCL, 00644)) < 0) { data/libvirt-6.9.0/src/conf/virdomainobjlist.c:141:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virdomainobjlist.c:245:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virdomainobjlist.c:285:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virdomainobjlist.c:379:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virdomainobjlist.c:544:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virdomainobjlist.c:1009:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virnetworkobj.c:286:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macStr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virnetworkobj.c:317:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macStr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virnetworkobj.c:367:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virnetworkobj.c:572:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virnetworkobj.c:798:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virnetworkobj.c:1627:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virnetworkobj.c:1659:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virnetworkobj.c:1679:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virnetworkobj.c:1870:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virnetworkportdef.c:339:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virnetworkportdef.c:340:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virnetworkportdef.c:440:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virnetworkportdef.c:466:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virnetworkportdef.h:48:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/conf/virnetworkportdef.h:50:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char owneruuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/conf/virnwfilterbindingdef.c:237:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virnwfilterbindingdef.c:238:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mac[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virnwfilterbindingdef.h:35:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char owneruuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/conf/virnwfilterobj.c:329:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virsecretobj.c:290:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virsecretobj.c:330:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virsecretobj.c:725:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virsecretobj.c:733:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, obj->value, obj->value_size); data/libvirt-6.9.0/src/conf/virsecretobj.c:754:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_value, value, value_size); data/libvirt-6.9.0/src/conf/virsecretobj.c:796:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virsecretobj.c:818:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(obj->base64File, O_RDONLY)) == -1) { data/libvirt-6.9.0/src/conf/virstorageobj.c:528:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virstorageobj.c:546:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virstorageobj.c:1086:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virstorageobj.c:1117:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/conf/virstorageobj.c:1569:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/cpu/cpu_arm.c:532:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *aarch64_cpu_flags[MAX_CPU_FLAGS] = { data/libvirt-6.9.0/src/datatypes.c:322:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ret->uuid[0]), uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/datatypes.c:345:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/datatypes.c:384:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ret->uuid[0]), uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/datatypes.c:407:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/datatypes.c:442:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ret->uuid[0]), uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/datatypes.c:465:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/datatypes.c:570:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ret->uuid[0]), uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/datatypes.c:598:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/datatypes.c:769:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ret->uuid[0]), uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/datatypes.c:796:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/datatypes.c:882:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(ret->uuid[0]), uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/datatypes.c:908:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/datatypes.h:386:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _uuidstr[VIR_UUID_STRING_BUFLEN]; \ data/libvirt-6.9.0/src/datatypes.h:607:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; /* the domain unique identifier */ data/libvirt-6.9.0/src/datatypes.h:619:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; /* the network unique identifier */ data/libvirt-6.9.0/src/datatypes.h:633:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; /* the network unique identifier */ data/libvirt-6.9.0/src/datatypes.h:662:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; /* the storage pool unique identifier */ data/libvirt-6.9.0/src/datatypes.h:718:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; /* the secret unique identifier */ data/libvirt-6.9.0/src/datatypes.h:775:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; /* the network filter unique identifier */ data/libvirt-6.9.0/src/esx/esx_driver.c:1398:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid_candidate[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/esx/esx_driver.c:1506:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/esx/esx_driver.c:4131:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_string[VIR_UUID_STRING_BUFLEN] = ""; data/libvirt-6.9.0/src/esx/esx_driver.c:4803:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/esx/esx_driver.c:5023:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_string[VIR_UUID_STRING_BUFLEN] = ""; data/libvirt-6.9.0/src/esx/esx_network_driver.c:131:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md5[VIR_CRYPTO_HASH_SIZE_MD5]; /* VIR_CRYPTO_HASH_SIZE_MD5 = VIR_UUID_BUFLEN = 16 */ data/libvirt-6.9.0/src/esx/esx_network_driver.c:132:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_string[VIR_UUID_STRING_BUFLEN] = ""; data/libvirt-6.9.0/src/esx/esx_network_driver.c:173:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md5[VIR_CRYPTO_HASH_SIZE_MD5]; /* VIR_CRYPTO_HASH_SIZE_MD5 = VIR_UUID_BUFLEN = 16 */ data/libvirt-6.9.0/src/esx/esx_network_driver.c:292:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md5[VIR_CRYPTO_HASH_SIZE_MD5]; /* VIR_CRYPTO_HASH_SIZE_MD5 = VIR_UUID_BUFLEN = 16 */ data/libvirt-6.9.0/src/esx/esx_storage_backend_iscsi.c:156:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md5[VIR_CRYPTO_HASH_SIZE_MD5]; data/libvirt-6.9.0/src/esx/esx_storage_backend_iscsi.c:212:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md5[VIR_CRYPTO_HASH_SIZE_MD5]; data/libvirt-6.9.0/src/esx/esx_storage_backend_iscsi.c:332:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(def.uuid, pool->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/esx/esx_storage_backend_iscsi.c:451:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md5[VIR_CRYPTO_HASH_SIZE_MD5]; data/libvirt-6.9.0/src/esx/esx_storage_backend_iscsi.c:452:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_string[VIR_UUID_STRING_BUFLEN] = ""; data/libvirt-6.9.0/src/esx/esx_storage_backend_iscsi.c:499:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md5[VIR_CRYPTO_HASH_SIZE_MD5]; data/libvirt-6.9.0/src/esx/esx_storage_backend_iscsi.c:500:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_string[VIR_UUID_STRING_BUFLEN] = ""; data/libvirt-6.9.0/src/esx/esx_storage_backend_iscsi.c:546:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md5[VIR_CRYPTO_HASH_SIZE_MD5]; data/libvirt-6.9.0/src/esx/esx_storage_backend_iscsi.c:547:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_string[VIR_UUID_STRING_BUFLEN] = ""; data/libvirt-6.9.0/src/esx/esx_storage_backend_iscsi.c:679:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md5[VIR_CRYPTO_HASH_SIZE_MD5]; data/libvirt-6.9.0/src/esx/esx_storage_backend_iscsi.c:680:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_string[VIR_UUID_STRING_BUFLEN] = ""; data/libvirt-6.9.0/src/esx/esx_storage_backend_vmfs.c:222:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md5[VIR_CRYPTO_HASH_SIZE_MD5]; data/libvirt-6.9.0/src/esx/esx_storage_backend_vmfs.c:294:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md5[VIR_CRYPTO_HASH_SIZE_MD5]; data/libvirt-6.9.0/src/esx/esx_storage_backend_vmfs.c:472:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(def.uuid, pool->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/esx/esx_storage_backend_vmfs.c:746:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key_candidate[VIR_UUID_STRING_BUFLEN] = ""; data/libvirt-6.9.0/src/esx/esx_storage_driver.c:172:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_string[VIR_UUID_STRING_BUFLEN] = ""; data/libvirt-6.9.0/src/esx/esx_stream.c:101:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(output, priv->buffer + priv->buffer_size - priv->buffer_used, data/libvirt-6.9.0/src/esx/esx_stream.c:123:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(priv->buffer + priv->buffer_used, input, input_used); data/libvirt-6.9.0/src/esx/esx_stream.c:143:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(priv->backlog + priv->backlog_used, input + input_used, data/libvirt-6.9.0/src/esx/esx_stream.c:290:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(priv->buffer, priv->backlog, priv->buffer_used); data/libvirt-6.9.0/src/esx/esx_util.c:333:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/esx/esx_vi.c:135:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, content, requested); data/libvirt-6.9.0/src/esx/esx_vi.c:186:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, info, size); data/libvirt-6.9.0/src/esx/esx_vi.c:2721:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_string[VIR_UUID_STRING_BUFLEN] = ""; data/libvirt-6.9.0/src/esx/esx_vi.c:4396:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *input[4] = { hostCpuIdInfo->eax, hostCpuIdInfo->ebx, data/libvirt-6.9.0/src/esx/esx_vi.c:4398:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *output[4] = { parsedHostCpuIdInfo->eax, parsedHostCpuIdInfo->ebx, data/libvirt-6.9.0/src/esx/esx_vi.c:4400:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *name[4] = { "eax", "ebx", "ecx", "edx" }; data/libvirt-6.9.0/src/esx/esx_vi.h:104:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eax[32]; data/libvirt-6.9.0/src/esx/esx_vi.h:105:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ebx[32]; data/libvirt-6.9.0/src/esx/esx_vi.h:106:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ecx[32]; data/libvirt-6.9.0/src/esx/esx_vi.h:107:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char edx[32]; data/libvirt-6.9.0/src/esx/esx_vi.h:120:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error[CURL_ERROR_SIZE]; data/libvirt-6.9.0/src/hyperv/hyperv_driver.c:854:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_string[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/hyperv/hyperv_driver.c:953:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/hyperv/hyperv_driver.c:1086:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_string[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/hyperv/hyperv_driver.c:1169:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_string[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/hyperv/hyperv_driver.c:1382:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_string[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/hyperv/hyperv_driver.c:1420:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_string[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/hyperv/hyperv_driver.c:1827:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_string[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/hyperv/hyperv_driver.c:1833:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keycodeStr[VIR_INT64_STR_BUFLEN]; data/libvirt-6.9.0/src/hyperv/hyperv_driver.c:1933:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_string[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/hyperv/hyperv_wmi.c:1262:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_string[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/hyperv/hyperv_wmi.c:1484:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/hyperv/hyperv_wmi.c:1513:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_string[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/hypervisor/virclosecallbacks.c:95:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/hypervisor/virclosecallbacks.c:145:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/hypervisor/virclosecallbacks.c:183:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/hypervisor/virclosecallbacks.c:207:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/hypervisor/virclosecallbacks.c:230:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/hypervisor/virclosecallbacks.c:255:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/hypervisor/virclosecallbacks.c:272:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data->list->entries[data->list->nentries - 1].uuid, data/libvirt-6.9.0/src/hypervisor/virclosecallbacks.c:328:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/hypervisor/virclosecallbacks.c:340:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/libvirt-domain.c:376:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/libvirt-domain.c:1671:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uuid, &domain->uuid[0], VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/libvirt-domain.c:5409:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stats, &stats2, size); data/libvirt-6.9.0/src/libvirt-domain.c:5554:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stats, &stats2, size); data/libvirt-6.9.0/src/libvirt-network.c:365:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/libvirt-network.c:734:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uuid, &network->uuid[0], VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/libvirt-network.c:1307:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/libvirt-network.c:1545:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uuid, &port->uuid[0], VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/libvirt-nwfilter.c:243:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/libvirt-nwfilter.c:330:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uuid, &nwfilter->uuid[0], VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/libvirt-secret.c:247:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/libvirt-secret.c:381:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uuid, &secret->uuid[0], VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/libvirt-secret.c:746:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/libvirt-storage.c:445:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/libvirt-storage.c:968:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uuid, &pool->uuid[0], VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/libvirt.c:113:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libvirt-6.9.0/src/libxl/libxl_conf.c:127:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/libxl/libxl_conf.c:421:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xlCPU[32]; data/libvirt-6.9.0/src/libxl/libxl_conf.c:506:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bootorder[VIR_DOMAIN_BOOT_LAST + 1]; data/libvirt-6.9.0/src/libxl/libxl_conf.h:164:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[sizeof(LIBXL_SAVE_MAGIC)-1]; data/libvirt-6.9.0/src/libxl/libxl_domain.c:1306:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vm_uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/libxl/libxl_domain.c:1307:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char def_uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/libxl/libxl_domain.c:1388:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/libxl/libxl_driver.c:306:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/libxl/libxl_driver.c:2631:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cpumap, vcpuinfo[i].cpumap.map, data/libvirt-6.9.0/src/libxl/libxl_driver.c:3406:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mac[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/libxl/libxl_driver.c:3542:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mac[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/libxl/libxl_driver.c:3873:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mac[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/libxl/libxl_driver.c:5303:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info, priv->job.current, sizeof(virDomainJobInfo)); data/libvirt-6.9.0/src/libxl/libxl_driver.c:6348:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/libxl/libxl_logger.c:67:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[VIR_TIME_STRING_BUFLEN]; data/libvirt-6.9.0/src/libxl/libxl_logger.c:161:34: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((logger.defaultLogFile = fopen(path, "a")) == NULL) data/libvirt-6.9.0/src/libxl/libxl_logger.c:198:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(logFile = fopen(path, "a"))) { data/libvirt-6.9.0/src/libxl/libxl_migration.c:58:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/libxl/libxl_migration.c:99:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mig->uuid, dom->def->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/libxl/libxl_migration.c:120:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/libxl/libxl_migration.c:659:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portstr[100]; data/libvirt-6.9.0/src/libxl/libxl_migration.c:1213:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portstr[100]; data/libvirt-6.9.0/src/libxl/xen_common.c:716:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vfb[MAX_VFB]; data/libvirt-6.9.0/src/libxl/xen_common.c:1145:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char model[10]; data/libvirt-6.9.0/src/libxl/xen_common.c:1146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[10]; data/libvirt-6.9.0/src/libxl/xen_common.c:1147:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip[128]; data/libvirt-6.9.0/src/libxl/xen_common.c:1148:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mac[18]; data/libvirt-6.9.0/src/libxl/xen_common.c:1149:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bridge[50]; data/libvirt-6.9.0/src/libxl/xen_common.c:1150:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vifname[50]; data/libvirt-6.9.0/src/libxl/xen_common.c:1151:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rate[50]; data/libvirt-6.9.0/src/libxl/xen_common.c:1379:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char model[10]; data/libvirt-6.9.0/src/libxl/xen_common.c:1678:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/libxl/xen_common.c:1884:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/libxl/xen_xl.c:465:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vtoken[64]; data/libvirt-6.9.0/src/libxl/xen_xl.c:894:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[8]; data/libvirt-6.9.0/src/libxl/xen_xl.c:895:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version[4]; data/libvirt-6.9.0/src/libxl/xen_xl.c:896:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ports[4]; data/libvirt-6.9.0/src/libxl/xen_xl.c:998:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bus[3]; data/libvirt-6.9.0/src/libxl/xen_xl.c:999:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char device[3]; data/libvirt-6.9.0/src/libxl/xen_xl.c:1079:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[10]; data/libvirt-6.9.0/src/libxl/xen_xl.c:1262:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char boot[VIR_DOMAIN_BOOT_LAST+1]; data/libvirt-6.9.0/src/libxl/xen_xm.c:475:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char boot[VIR_DOMAIN_BOOT_LAST+1]; data/libvirt-6.9.0/src/locking/domain_lock.c:136:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params[0].value.uuid, dom->def->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/locking/lock_daemon.c:555:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/locking/lock_daemon.h:37:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ownerUUID[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/locking/lock_daemon_dispatch.c:281:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(priv->ownerUUID, args->owner.uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/locking/lock_driver.h:94:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[16]; data/libvirt-6.9.0/src/locking/lock_driver_lockd.c:60:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/locking/lock_driver_lockd.c:148:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(args.owner.uuid, priv->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/locking/lock_driver_lockd.c:408:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(priv->uuid, params[i].value.uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/locking/lock_driver_sanlock.c:84:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char vm_uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/locking/lock_driver_sanlock.c:242:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_WRONLY|O_CREAT|O_EXCL, perms)) < 0) { data/libvirt-6.9.0/src/locking/lock_driver_sanlock.c:479:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(priv->vm_uuid, param->value.uuid, 16); data/libvirt-6.9.0/src/locking/lock_driver_sanlock.c:656:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(res->disks[0].path, O_WRONLY|O_CREAT|O_EXCL, 0600)) < 0) { data/libvirt-6.9.0/src/locking/lock_driver_sanlock.c:928:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/locking/lock_manager.c:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/logging/log_handler.c:56:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char domuuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/logging/log_handler.c:146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libvirt-6.9.0/src/logging/log_handler.c:395:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(file->domuuid, domuuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/logging/log_handler.c:437:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libvirt-6.9.0/src/logging/log_handler.c:614:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char domuuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/logging/log_manager.c:164:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(args.dom.uuid, domuuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/logging/log_manager.c:286:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(args.dom.uuid, domuuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/lxc/lxc_container.c:175:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/lxc/lxc_container.c:775:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mntbuf[1024]; data/libvirt-6.9.0/src/lxc/lxc_container.c:1091:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(fs->dst, O_WRONLY|O_CREAT|O_NOCTTY|O_NONBLOCK, 0666); data/libvirt-6.9.0/src/lxc/lxc_container.c:1141:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(src, O_RDONLY)) < 0) { data/libvirt-6.9.0/src/lxc/lxc_container.c:1238:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fp = fopen(fslist, "r"))) { data/libvirt-6.9.0/src/lxc/lxc_container.c:1996:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ttyfd = open(ttyPath, O_RDWR); data/libvirt-6.9.0/src/lxc/lxc_controller.c:91:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fromHostBuf[1024]; data/libvirt-6.9.0/src/lxc/lxc_controller.c:93:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fromContBuf[1024]; data/libvirt-6.9.0/src/lxc/lxc_controller.c:2065:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((*ttyprimary = open(ctrl->devptmx, O_RDWR|O_NOCTTY|O_NONBLOCK)) < 0) data/libvirt-6.9.0/src/lxc/lxc_domain.c:222:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (const char *)nodes[i]->name)) < 0) { data/libvirt-6.9.0/src/lxc/lxc_domain.h:53:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *ns_val[VIR_LXC_DOMAIN_NAMESPACE_LAST]; data/libvirt-6.9.0/src/lxc/lxc_driver.c:108:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/lxc/lxc_driver.c:250:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/lxc/lxc_driver.c:4942:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/lxc/lxc_fuse.c:108:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDONLY); data/libvirt-6.9.0/src/lxc/lxc_fuse.c:135:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(hostpath, "r"); data/libvirt-6.9.0/src/lxc/lxc_fuse.c:223:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, virBufferCurrentContent(new_meminfo), res); data/libvirt-6.9.0/src/lxc/lxc_process.c:400:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *nsInfoLocal[VIR_LXC_DOMAIN_NAMESPACE_LAST] = { data/libvirt-6.9.0/src/lxc/lxc_process.c:432:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_RDONLY)) < 0) { data/libvirt-6.9.0/src/lxc/lxc_process.c:449:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(path, O_RDONLY); data/libvirt-6.9.0/src/lxc/lxc_process.c:472:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDONLY); data/libvirt-6.9.0/src/lxc/lxc_process.c:1108:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(logfile, O_RDONLY)) < 0) { data/libvirt-6.9.0/src/lxc/lxc_process.c:1190:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ebuf[1024]; data/libvirt-6.9.0/src/lxc/lxc_process.c:1347:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((logfd = open(logfile, O_WRONLY | O_APPEND | O_CREAT, data/libvirt-6.9.0/src/lxc/lxc_process.c:1455:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out[1024]; data/libvirt-6.9.0/src/network/bridge_driver.c:306:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/network/bridge_driver.c:2857:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/network/bridge_driver.c:4216:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macStr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/network/bridge_driver.c:4845:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifmac[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/network/bridge_driver.c:5010:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifmac[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/network/bridge_driver.c:5093:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/network/bridge_driver.c:5197:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/network/bridge_driver_linux.c:245:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iface[17], dest[128], mask[128]; data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.c:130:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifkey[VIR_IFKEY_LEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.c:203:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char d_sname[64]; data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.c:204:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char d_file[128]; data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.c:234:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char packet[PCAP_PBUFSIZE]; data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.c:289:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char dhcp_magic[4] = { 99, 130, 83, 99 }; data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.c:1032:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pcap_errbuf[PCAP_ERRBUF_SIZE]; data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.c:1034:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.c:1142:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(job->packet, pep, len); data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.c:1541:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifkey[VIR_IFKEY_LEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.c:1689:37: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virNWFilterSnoopState.leaseFD = open(LEASEFILE, O_CREAT|O_RDWR|O_APPEND, data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.c:1823:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tfd = open(TMPLEASEFILE, O_CREAT|O_RDWR|O_TRUNC|O_EXCL, 0644); data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.c:1859:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[256], ifkey[VIR_IFKEY_LEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.c:1860:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipstr[INET_ADDRSTRLEN], srvstr[INET_ADDRSTRLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.c:1870:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(LEASEFILE, "r"); data/libvirt-6.9.0/src/nwfilter/nwfilter_driver.c:410:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:139:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char chainprefixes_host[3] = { data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:145:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char chainprefixes_host_temp[3] = { data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:359:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:360:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macmask[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:464:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chain[MAX_CHAINNAME_LENGTH]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:465:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chainPrefix[2] = { data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:496:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chain[MAX_CHAINNAME_LENGTH]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:497:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chainPrefix[2] = { data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:571:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chain[MAX_CHAINNAME_LENGTH]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:572:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chainPrefix[2] = { data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:644:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chain[MAX_CHAINNAME_LENGTH]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:645:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chainPrefix[2] = { data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:740:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpchain[MAX_CHAINNAME_LENGTH], chain[MAX_CHAINNAME_LENGTH]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:741:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpChainPrefix[2] = { data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:746:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chainPrefix[2] = { data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:779:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:817:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipaddr[INET6_ADDRSTRLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:818:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipaddralt[INET6_ADDRSTRLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:819:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char number[VIR_INT64_STR_BUFLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:964:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char number[VIR_INT64_STR_BUFLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:965:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[MAX_IPSET_NAME_LENGTH]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:1028:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portstr[20]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:1029:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portstralt[20]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:1146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chain[MAX_CHAINNAME_LENGTH]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:1147:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char number[VIR_INT64_STR_BUFLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:1148:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numberalt[VIR_INT64_STR_BUFLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:1543:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chainPrefix[2]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:1660:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chainPrefix[2]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:1778:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:1779:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipaddr[INET_ADDRSTRLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:1780:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipmask[INET_ADDRSTRLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:1781:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ipv6addr[INET6_ADDRSTRLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:1782:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char number[VIR_INT64_STR_BUFLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:1783:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numberalt[VIR_INT64_STR_BUFLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:1784:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char field[VIR_INT64_STR_BUFLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:1785:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fieldalt[VIR_INT64_STR_BUFLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:1786:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chain[MAX_CHAINNAME_LENGTH]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:2488:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chain[MAX_CHAINNAME_LENGTH]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:2503:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chain[MAX_CHAINNAME_LENGTH]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:2522:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chain[MAX_CHAINNAME_LENGTH]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:2563:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chain[MAX_CHAINNAME_LENGTH]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:2607:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rootchain[MAX_CHAINNAME_LENGTH], chain[MAX_CHAINNAME_LENGTH]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:2692:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rootchain[MAX_CHAINNAME_LENGTH]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:2725:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpchain[MAX_CHAINNAME_LENGTH], chain[MAX_CHAINNAME_LENGTH]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:2759:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newchain[MAX_CHAINNAME_LENGTH]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:2803:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rootchain[MAX_CHAINNAME_LENGTH]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:2805:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chains[3] = { data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:2854:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chain[MAX_CHAINNAME_LENGTH]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:2856:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr_str[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:2921:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chain_in [MAX_CHAINNAME_LENGTH], data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:2923:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr_str[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:3026:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chain_in [MAX_CHAINNAME_LENGTH], data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:3143:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1]; data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:3154:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(pathname, O_RDONLY); data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:3158:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[256]; data/libvirt-6.9.0/src/nwfilter/nwfilter_gentech_driver.c:681:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vmmacaddr[VIR_MAC_STRING_BUFLEN] = {0}; data/libvirt-6.9.0/src/nwfilter/nwfilter_learnipaddr.c:123:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifname[IF_NAMESIZE]; data/libvirt-6.9.0/src/nwfilter/nwfilter_learnipaddr.c:384:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[PCAP_ERRBUF_SIZE] = {0}; data/libvirt-6.9.0/src/nwfilter/nwfilter_learnipaddr.c:398:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/openvz/openvz_conf.c:236:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cpy_temp[32]; data/libvirt-6.9.0/src/openvz/openvz_conf.c:490:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/openvz/openvz_conf.c:621:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(conf_file, "r"); data/libvirt-6.9.0/src/openvz/openvz_conf.c:624:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). temp_fd = open(temp_file, O_WRONLY | O_CREAT | O_TRUNC, 0644); data/libvirt-6.9.0/src/openvz/openvz_conf.c:695:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(conf_file, "r"); data/libvirt-6.9.0/src/openvz/openvz_conf.c:759:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(from_path, "r"); data/libvirt-6.9.0/src/openvz/openvz_conf.c:762:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). copy_fd = open(to_path, O_WRONLY | O_CREAT | O_TRUNC, 0644); data/libvirt-6.9.0/src/openvz/openvz_conf.c:907:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(conf_file, "r"); data/libvirt-6.9.0/src/openvz/openvz_conf.c:949:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/openvz/openvz_conf.c:963:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(conf_file, "a"); /* append */ data/libvirt-6.9.0/src/openvz/openvz_conf.c:986:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/openvz/openvz_driver.c:86:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/openvz/openvz_driver.c:678:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/openvz/openvz_driver.c:680:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host_macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/openvz/openvz_driver.c:1179:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_vcpus[32]; data/libvirt-6.9.0/src/openvz/openvz_driver.c:1367:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/libvirt-6.9.0/src/openvz/openvz_driver.c:1420:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vpsname[32]; data/libvirt-6.9.0/src/openvz/openvz_driver.c:1421:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/libvirt-6.9.0/src/openvz/openvz_driver.c:1482:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen("/proc/vz/vestat", "r")) == NULL) data/libvirt-6.9.0/src/openvz/openvz_driver.c:1532:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str_mem[16]; data/libvirt-6.9.0/src/qemu/qemu_agent.c:2337:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char param_name[VIR_TYPED_PARAM_FIELD_LENGTH]; data/libvirt-6.9.0/src/qemu/qemu_capabilities.c:3250:47: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (virStringListHasString((const char **)entries, needle)) data/libvirt-6.9.0/src/qemu/qemu_capabilities.c:3264:47: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (virStringListHasString((const char **)entries, needle)) data/libvirt-6.9.0/src/qemu/qemu_command.c:3241:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_command.c:3276:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_command.c:3299:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_command.c:5778:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char guid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_command.c:9116:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((*tpmfd = open(tpmdev, O_RDWR)) < 0) { data/libvirt-6.9.0/src/qemu/qemu_command.c:9122:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((*cancelfd = open(cancel_path, O_WRONLY)) < 0) { data/libvirt-6.9.0/src/qemu/qemu_command.c:9714:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_dbus.c:244:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[1024] = { 0 }; data/libvirt-6.9.0/src/qemu/qemu_domain.c:307:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_domain.c:420:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_WRONLY|O_TRUNC|O_CREAT, 0600)) < 0) { data/libvirt-6.9.0/src/qemu/qemu_domain.c:493:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_RDONLY)) < 0) { data/libvirt-6.9.0/src/qemu/qemu_domain.c:4359:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macstr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_domain.c:6061:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_domain.c:6231:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ctxt->writefd = open(ctxt->path, O_WRONLY | O_CREAT | O_APPEND, S_IRUSR | S_IWUSR)) < 0) { data/libvirt-6.9.0/src/qemu/qemu_domain.c:6254:33: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ctxt->readfd = open(ctxt->path, O_RDONLY)) < 0) { data/libvirt-6.9.0/src/qemu/qemu_domain.c:6398:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((writefd = open(path, O_WRONLY | O_CREAT | O_APPEND, S_IRUSR | S_IWUSR)) < 0) { data/libvirt-6.9.0/src/qemu/qemu_domain.c:6464:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_domain.c:6817:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_domain.c:10915:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, oflags & ~O_CREAT)) < 0) { data/libvirt-6.9.0/src/qemu/qemu_domainjob.c:132:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, info, sizeof(*info)); data/libvirt-6.9.0/src/qemu/qemu_driver.c:1441:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). pidinfo = fopen(proc, "r"); data/libvirt-6.9.0/src/qemu/qemu_driver.c:1586:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_driver.c:3737:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newMacStr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_driver.c:3760:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macstr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_driver.c:3795:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macstr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_driver.c:4257:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ipv6[0], &info->subnet_prefix, sizeof(info->subnet_prefix)); data/libvirt-6.9.0/src/qemu/qemu_driver.c:4258:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ipv6[2], &info->interface_id, sizeof(info->interface_id)); data/libvirt-6.9.0/src/qemu/qemu_driver.c:4525:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramField[VIR_TYPED_PARAM_FIELD_LENGTH] = ""; data/libvirt-6.9.0/src/qemu/qemu_driver.c:5176:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char paramField[VIR_TYPED_PARAM_FIELD_LENGTH] = ""; data/libvirt-6.9.0/src/qemu/qemu_driver.c:6335:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vm_uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_driver.c:6336:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char def_uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_driver.c:10345:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newBandwidth->in, data/libvirt-6.9.0/src/qemu/qemu_driver.c:10353:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newBandwidth->out, data/libvirt-6.9.0/src/qemu/qemu_driver.c:10363:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifmac[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_driver.c:10678:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, tmpbuf, size); data/libvirt-6.9.0/src/qemu/qemu_driver.c:13738:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_driver.c:17248:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_driver.c:19891:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char param_name[VIR_TYPED_PARAM_FIELD_LENGTH]; data/libvirt-6.9.0/src/qemu/qemu_hotplug.c:3541:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char oldmac[VIR_MAC_STRING_BUFLEN], newmac[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_interface.c:653:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(net->data.vdpa.devicepath, O_RDWR)) < 0) { data/libvirt-6.9.0/src/qemu/qemu_interface.c:762:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). vhostfd[i] = open(vhostnet_path, O_RDWR); data/libvirt-6.9.0/src/qemu/qemu_migration_cookie.c:267:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char localHostUUID[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_migration_cookie.c:286:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mig->uuid, def->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/qemu/qemu_migration_cookie.c:287:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mig->localHostuuid, localHostUUID, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/qemu/qemu_migration_cookie.c:767:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_migration_cookie.c:768:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostuuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_migration_cookie.c:1146:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localdomuuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_migration_cookie.h:115:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char localHostuuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_migration_cookie.h:116:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char remoteHostuuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_migration_cookie.h:121:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_monitor.c:385:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char control[CMSG_SPACE(sizeof(int))]; data/libvirt-6.9.0/src/qemu/qemu_monitor.c:407:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(CMSG_DATA(cmsg), &fd, sizeof(int)); data/libvirt-6.9.0/src/qemu/qemu_process.c:2989:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[1024] = { 0 }; data/libvirt-6.9.0/src/qemu/qemu_process.c:3078:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(dev->source->data.file.path, data/libvirt-6.9.0/src/qemu/qemu_process.c:4520:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libvirt-6.9.0/src/qemu/qemu_process.c:6616:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(vsock_path, O_RDWR)) < 0) { data/libvirt-6.9.0/src/qemu/qemu_process.c:8569:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, src, sizeof(*data)); data/libvirt-6.9.0/src/qemu/qemu_saveimage.h:40:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[sizeof(QEMU_SAVE_MAGIC)-1]; data/libvirt-6.9.0/src/qemu/qemu_slirp.c:203:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macstr[VIR_MAC_STRING_BUFLEN] = ""; data/libvirt-6.9.0/src/qemu/qemu_tpm.c:191:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_tpm.c:416:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/qemu/qemu_virtiofs.c:202:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((logfd = open(logpath, O_WRONLY | O_CREAT | O_APPEND, S_IRUSR | S_IWUSR)) < 0) { data/libvirt-6.9.0/src/remote/remote_daemon.c:655:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:170:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(def.uuid, dom->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:196:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(def.uuid, net->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:222:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(def.uuid, pool->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:272:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(def.uuid, secret->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:299:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(def.uuid, dom->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:3005:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. dst->cpumap.cpumap_val = (char *)info[i]->cpumap; data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:3848:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret->data.data_val, serverout, serveroutlen); data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:3943:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret->data.data_val, serverout, serveroutlen); data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:7239:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dom_dst->uuid, dom_src->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:7246:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(net_dst->uuid, net_src->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:7253:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(port_dst->net.uuid, port_src->net->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:7254:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(port_dst->uuid, port_src->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:7269:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pool_dst->uuid, pool_src->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:7289:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(secret_dst->uuid, secret_src->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:7298:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nwfilter_dst->uuid, nwfilter_src->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/remote/remote_driver.c:2291:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info_ret[i]->cpumap, src->cpumap.cpumap_val, data/libvirt-6.9.0/src/remote/remote_driver.c:2600:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(args2.uuid, domain->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/remote/remote_driver.c:2731:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, ret.buffer.buffer_val, size); data/libvirt-6.9.0/src/remote/remote_driver.c:2782:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, ret.buffer.buffer_val, size); data/libvirt-6.9.0/src/remote/remote_driver.c:6739:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*cpumap, ret.cpumap.cpumap_val, ret.cpumap.cpumap_len); data/libvirt-6.9.0/src/remote/remote_driver.c:7379:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(counts, ret.counts.counts_val, ret.counts.counts_len * sizeof(*counts)); data/libvirt-6.9.0/src/remote/remote_driver.c:8123:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dom_dst->uuid, dom_src->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/remote/remote_driver.c:8130:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(net_dst->uuid, net_src->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/remote/remote_driver.c:8137:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(port_dst->net.uuid, port_src->net->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/remote/remote_driver.c:8138:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(port_dst->uuid, port_src->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/remote/remote_driver.c:8153:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pool_dst->uuid, pool_src->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/remote/remote_driver.c:8167:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(secret_dst->uuid, secret_src->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/remote/remote_driver.c:8182:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nwfilter_dst->uuid, nwfilter_src->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/rpc/virnetclient.c:945:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1]; data/libvirt-6.9.0/src/rpc/virnetclient.c:1172:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(thecall->msg->buffer, client->msg.buffer, client->msg.bufferLength); data/libvirt-6.9.0/src/rpc/virnetclient.c:1173:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&thecall->msg->header, &client->msg.header, sizeof(client->msg.header)); data/libvirt-6.9.0/src/rpc/virnetclientstream.c:343:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tmp_msg->header, &msg->header, sizeof(msg->header)); data/libvirt-6.9.0/src/rpc/virnetclientstream.c:617:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + (nbytes - want), msg->buffer + msg->bufferOffset, len); data/libvirt-6.9.0/src/rpc/virnetlibsshsession.c:105:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rbuf[VIR_NET_LIBSSH_BUFFER_SIZE]; data/libvirt-6.9.0/src/rpc/virnetlibsshsession.c:1277:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, data/libvirt-6.9.0/src/rpc/virnetmessage.c:463:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->buffer + msg->bufferOffset, data, len); data/libvirt-6.9.0/src/rpc/virnetsocket.c:399:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr.data.sa, runp->ai_addr, runp->ai_addrlen); data/libvirt-6.9.0/src/rpc/virnetsocket.c:712:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((lockfd = open(lockpath, O_RDWR | O_CREAT, 0600)) < 0 || data/libvirt-6.9.0/src/rpc/virnetsocket.c:1906:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, sock->saslDecoded + sock->saslDecodedOffset, len); data/libvirt-6.9.0/src/rpc/virnetsshsession.c:110:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rbuf[VIR_NET_SSH_BUFFER_SIZE]; data/libvirt-6.9.0/src/rpc/virnetsshsession.c:257:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *prompt = (char *)askcred[i].prompt; data/libvirt-6.9.0/src/rpc/virnetsshsession.c:1333:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, data/libvirt-6.9.0/src/rpc/virnettlscontext.c:984:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dname[256]; data/libvirt-6.9.0/src/secret/secret_driver.c:92:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/secret/secret_driver.c:156:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/security/security_apparmor.c:215:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/security/security_dac.c:1108:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *paths[2] = { data->src, data->dst }; data/libvirt-6.9.0/src/security/security_driver.h:167:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). virSecurityDriverOpen open; data/libvirt-6.9.0/src/security/security_manager.c:100:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (drv->open(mgr) < 0) data/libvirt-6.9.0/src/security/security_manager.c:1392:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(p, O_RDWR)) < 0) { data/libvirt-6.9.0/src/security/security_selinux.c:1952:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *paths[2] = { data->src, data->dst }; data/libvirt-6.9.0/src/security/virt-aa-helper.c:58:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[PROFILE_NAME_SIZE]; /* UUID of vm */ data/libvirt-6.9.0/src/security/virt-aa-helper.c:150:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flag[3]; data/libvirt-6.9.0/src/security/virt-aa-helper.c:236:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(include_file, O_CREAT | O_TRUNC | O_WRONLY, 0644)) == -1) { data/libvirt-6.9.0/src/security/virt-aa-helper.c:344:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(profile, O_CREAT | O_EXCL | O_WRONLY, 0644)) == -1) { data/libvirt-6.9.0/src/security/virt-aa-helper.c:393:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rawuuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/security/virt-aa-helper.c:915:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/storage/storage_backend_fs.c:246:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libvirt-6.9.0/src/storage/storage_backend_fs.c:249:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((mtab = fopen(_PATH_MOUNTED, "r")) == NULL) { data/libvirt-6.9.0/src/storage/storage_backend_gluster.c:316:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char padding[MAX(1, 256 - (int)(sizeof(struct dirent) data/libvirt-6.9.0/src/storage/storage_backend_rbd.c:304:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/storage/storage_backend_scsi.c:50:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pool_uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/storage/storage_backend_scsi.c:66:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_WRONLY); data/libvirt-6.9.0/src/storage/storage_backend_scsi.c:333:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cbdata->pool_uuid, def->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/storage/storage_backend_vstorage.c:92:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libvirt-6.9.0/src/storage/storage_backend_vstorage.c:97:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((mtab = fopen(_PATH_MOUNTED, "r")) == NULL) { data/libvirt-6.9.0/src/storage/storage_driver.c:455:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/storage/storage_driver.c:1964:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buildvoldef, voldef, sizeof(*voldef)); data/libvirt-6.9.0/src/storage/storage_driver.c:2044:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/storage/storage_driver.c:2144:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(shadowvol, voldef, sizeof(*voldef)); data/libvirt-6.9.0/src/storage/storage_util.c:140:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((inputfd = open(inputvol->target.path, O_RDONLY)) < 0) { data/libvirt-6.9.0/src/storage/storage_util.c:261:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(vol->target.path, O_RDWR)) < 0) { data/libvirt-6.9.0/src/storage/storage_util.c:1479:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[1024]; data/libvirt-6.9.0/src/storage/storage_util.c:2588:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDWR); data/libvirt-6.9.0/src/storage/storage_util.c:3560:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(def->target.path, O_RDONLY)) < 0) { data/libvirt-6.9.0/src/storage/storage_util.c:3859:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char typestr[3]; data/libvirt-6.9.0/src/storage/storage_util.c:3867:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). typefile = fopen(type_path, "r"); data/libvirt-6.9.0/src/storage/storage_util.c:3974:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devicepattern[64]; data/libvirt-6.9.0/src/storage/storage_util.c:4083:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/test/test_driver.c:320:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cpu_cells, privconn->cells[i].cpus, data/libvirt-6.9.0/src/test/test_driver.c:644:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/test/test_driver.c:1566:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info, &privconn->nodeInfo, sizeof(virNodeInfo)); data/libvirt-6.9.0/src/test/test_driver.c:2196:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_CREAT|O_TRUNC|O_WRONLY, S_IRUSR|S_IWUSR)) < 0) { data/libvirt-6.9.0/src/test/test_driver.c:2259:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[15]; data/libvirt-6.9.0/src/test/test_driver.c:2265:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_RDONLY)) < 0) { data/libvirt-6.9.0/src/test/test_driver.c:2505:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(to, O_CREAT|O_TRUNC|O_WRONLY, S_IRUSR|S_IWUSR)) < 0) { data/libvirt-6.9.0/src/test/test_driver.c:4499:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&freeze, priv->frozen, 2); data/libvirt-6.9.0/src/test/test_driver.c:4521:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(priv->frozen, &freeze, 2); data/libvirt-6.9.0/src/test/test_driver.c:4559:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&freeze, priv->frozen, 2); data/libvirt-6.9.0/src/test/test_driver.c:4581:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(priv->frozen, &freeze, 2); data/libvirt-6.9.0/src/test/test_driver.c:5045:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/test/test_driver.c:5156:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/test/test_driver.c:6078:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/test/test_driver.c:7989:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *) buffer)[i] = b++; data/libvirt-6.9.0/src/test/test_driver.c:8374:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/viralloc.c:211:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*(char**)ptrptr + (size * at), newelems, size * add); data/libvirt-6.9.0/src/util/virarptable.c:133:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifmac[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virarptable.c:136:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(macaddr.addr, addr, VIR_MAC_BUFLEN); data/libvirt-6.9.0/src/util/virbitmap.c:642:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->map, src->map, src->map_len * sizeof(src->map[0])); data/libvirt-6.9.0/src/util/vircgroup.c:142:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fp = fopen("/proc/cgroups", "r"))) { data/libvirt-6.9.0/src/util/vircgroup.c:224:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[CGROUP_MAX_VAL]; data/libvirt-6.9.0/src/util/vircgroup.c:228:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mounts = fopen("/proc/mounts", "r"); data/libvirt-6.9.0/src/util/vircgroup.c:281:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/libvirt-6.9.0/src/util/vircgroup.c:293:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mapping = fopen(procfile, "r"); data/libvirt-6.9.0/src/util/vircgroup.c:2404:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fp = fopen(keypath, "r"))) { data/libvirt-6.9.0/src/util/vircgroupv1.c:69:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[CGROUP_MAX_VAL]; data/libvirt-6.9.0/src/util/vircgroupv1.c:74:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(mounts = fopen("/proc/mounts", "r"))) data/libvirt-6.9.0/src/util/vircgroupv2.c:66:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[CGROUP_MAX_VAL]; data/libvirt-6.9.0/src/util/vircgroupv2.c:68:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(mounts = fopen("/proc/mounts", "r"))) data/libvirt-6.9.0/src/util/vircgroupv2devices.c:51:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cgroupfd = open(group->unified.mountPoint, O_RDONLY); data/libvirt-6.9.0/src/util/vircgroupv2devices.c:298:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cgroupfd = open(path, O_RDONLY); data/libvirt-6.9.0/src/util/vircgroupv2devices.c:376:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cgroupfd = open(path, O_RDONLY); data/libvirt-6.9.0/src/util/vircommand.c:353:33: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (*null == -1 && (*null = open("/dev/null", O_RDWR|O_CLOEXEC)) < 0) { data/libvirt-6.9.0/src/util/vircommand.c:2237:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[1024]; data/libvirt-6.9.0/src/util/vircommand.c:2269:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*buf + *len, data, done); data/libvirt-6.9.0/src/util/virconf.c:1427:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_WRONLY | O_CREAT | O_TRUNC, S_IRUSR | S_IWUSR); data/libvirt-6.9.0/src/util/virconf.c:1484:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(memory, content, use); data/libvirt-6.9.0/src/util/vircrypto.c:81:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[VIR_CRYPTO_LARGEST_DIGEST_SIZE]; data/libvirt-6.9.0/src/util/vircrypto.c:170:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ciphertext, data, datalen); data/libvirt-6.9.0/src/util/virdaemon.c:62:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((stdinfd = open("/dev/null", O_RDONLY)) < 0) data/libvirt-6.9.0/src/util/virdaemon.c:64:29: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((stdoutfd = open("/dev/null", O_WRONLY)) < 0) data/libvirt-6.9.0/src/util/virdevmapper.c:106:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*buf, dm, sizeof(struct dm_ioctl)); data/libvirt-6.9.0/src/util/virdevmapper.c:113:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dm, *buf, sizeof(struct dm_ioctl)); data/libvirt-6.9.0/src/util/virdevmapper.c:135:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((controlFD = open(CONTROL_PATH, O_RDWR)) < 0) { data/libvirt-6.9.0/src/util/virdnsmasq.c:179:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(f = fopen(tmp, "w"))) { data/libvirt-6.9.0/src/util/virdnsmasq.c:181:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(f = fopen(path, "w"))) { data/libvirt-6.9.0/src/util/virdnsmasq.c:379:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(f = fopen(tmp, "w"))) { data/libvirt-6.9.0/src/util/virdnsmasq.c:381:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(f = fopen(path, "w"))) { data/libvirt-6.9.0/src/util/virebtables.c:143:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virebtables.c:166:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virerror.c:1283:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errorMessage[VIR_ERROR_MAX_LENGTH]; data/libvirt-6.9.0/src/util/virerror.c:1322:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msgDetailBuf[VIR_ERROR_MAX_LENGTH]; data/libvirt-6.9.0/src/util/virerror.c:1339:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msgDetailBuf + n, ": "); data/libvirt-6.9.0/src/util/virfdstream.c:848:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, bytes, nbytes); data/libvirt-6.9.0/src/util/virfdstream.c:953:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bytes, data/libvirt-6.9.0/src/util/virfdstream.c:1268:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, oflags, mode); data/libvirt-6.9.0/src/util/virfdstream.c:1270:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, oflags); data/libvirt-6.9.0/src/util/virfile.c:501:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(newfile, O_WRONLY | O_CREAT | O_TRUNC, mode)) < 0) { data/libvirt-6.9.0/src/util/virfile.c:566:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_WRONLY | O_CREAT, mode)) < 0) { data/libvirt-6.9.0/src/util/virfile.c:636:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ctl_fd = open("/dev/loop-control", O_RDWR)) < 0) { data/libvirt-6.9.0/src/util/virfile.c:657:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((*fd = open(looppath, O_RDWR)) < 0) { data/libvirt-6.9.0/src/util/virfile.c:694:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(looppath, O_RDWR)) < 0) { data/libvirt-6.9.0/src/util/virfile.c:776:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fsfd = open(file, O_RDWR)) < 0) { data/libvirt-6.9.0/src/util/virfile.c:1234:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mntbuf[1024]; data/libvirt-6.9.0/src/util/virfile.c:1370:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDONLY); data/libvirt-6.9.0/src/util/virfile.c:1413:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDONLY); data/libvirt-6.9.0/src/util/virfile.c:1435:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDONLY); data/libvirt-6.9.0/src/util/virfile.c:1458:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(file, O_RDONLY); data/libvirt-6.9.0/src/util/virfile.c:1481:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_WRONLY|O_TRUNC|O_CREAT, mode); data/libvirt-6.9.0/src/util/virfile.c:1483:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_WRONLY|O_TRUNC); data/libvirt-6.9.0/src/util/virfile.c:1936:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_RDONLY | O_NONBLOCK)) < 0) data/libvirt-6.9.0/src/util/virfile.c:1977:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mntbuf[1024]; data/libvirt-6.9.0/src/util/virfile.c:2239:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, openflags, mode)) < 0) { data/libvirt-6.9.0/src/util/virfile.c:2383:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, openflags, mode)) < 0) { data/libvirt-6.9.0/src/util/virfile.c:3349:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mntbuf[1024]; data/libvirt-6.9.0/src/util/virfile.c:3570:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mntbuf[1024]; data/libvirt-6.9.0/src/util/virfile.c:4505:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, O_RDONLY|O_NONBLOCK|O_LARGEFILE); data/libvirt-6.9.0/src/util/virhashcode.c:43:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&r, &p[i * size], size); data/libvirt-6.9.0/src/util/virhostcpu.c:573:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/libvirt-6.9.0/src/util/virhostcpu.c:791:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/libvirt-6.9.0/src/util/virhostcpu.c:794:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cpu_header[4 + VIR_INT64_STR_BUFLEN]; data/libvirt-6.9.0/src/util/virhostcpu.c:810:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(cpu_header, "cpu "); data/libvirt-6.9.0/src/util/virhostcpu.c:915:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *cpuinfo = fopen(CPUINFO_PATH, "r"); data/libvirt-6.9.0/src/util/virhostcpu.c:989:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *procstat = fopen(PROCSTAT_PATH, "r"); data/libvirt-6.9.0/src/util/virhostcpu.c:1151:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((kvmfd = open(KVM_DEVICE, O_RDONLY)) < 0) { data/libvirt-6.9.0/src/util/virhostcpu.c:1194:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(KVM_DEVICE, O_RDONLY)) < 0) { data/libvirt-6.9.0/src/util/virhostcpu.c:1292:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(KVM_DEVICE, O_RDONLY)) < 0) { data/libvirt-6.9.0/src/util/virhostcpu.c:1319:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(MSR_DEVICE, O_RDONLY)) < 0) { data/libvirt-6.9.0/src/util/virhostcpu.c:1363:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((kvmFd = open(KVM_DEVICE, O_RDONLY)) < 0) { data/libvirt-6.9.0/src/util/virhostcpu.c:1523:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(cpuinfo = fopen(CPUINFO_PATH, "r"))) { data/libvirt-6.9.0/src/util/virhostmem.c:150:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/libvirt-6.9.0/src/util/virhostmem.c:151:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char meminfo_hdr[VIR_NODE_MEMORY_STATS_FIELD_LENGTH + 1]; data/libvirt-6.9.0/src/util/virhostmem.c:285:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). meminfo = fopen(meminfo_path, "r"); data/libvirt-6.9.0/src/util/virinitctl.c:69:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gen_id[8]; /* Beats me.. telnetd uses "fe" */ data/libvirt-6.9.0/src/util/virinitctl.c:70:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tty_id[16]; /* Tty name minus /dev/tty */ data/libvirt-6.9.0/src/util/virinitctl.c:71:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[VIR_INITCTL_RQ_HLEN]; /* Hostname */ data/libvirt-6.9.0/src/util/virinitctl.c:72:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char term_type[16]; /* Terminal type */ data/libvirt-6.9.0/src/util/virinitctl.c:75:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exec_name[128]; /* Program to execute */ data/libvirt-6.9.0/src/util/virinitctl.c:76:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reserved[128]; /* For future expansion. */ data/libvirt-6.9.0/src/util/virinitctl.c:94:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[368]; data/libvirt-6.9.0/src/util/virinitctl.c:145:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(fifo, open_flags)) < 0) { data/libvirt-6.9.0/src/util/virinitctl.c:155:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(fifo, open_flags)) >= 0) data/libvirt-6.9.0/src/util/viriptables.c:184:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portstr[32]; data/libvirt-6.9.0/src/util/viriptables.c:209:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portstr[32]; data/libvirt-6.9.0/src/util/viriptables.c:1081:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portstr[32]; data/libvirt-6.9.0/src/util/virkeycode.c:37:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char **virKeymapNames[VIR_KEYCODE_SET_LAST] = { data/libvirt-6.9.0/src/util/virlockspace.c:135:28: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((res->fd = open(res->path, O_RDWR|O_CREAT, 0600)) < 0) { data/libvirt-6.9.0/src/util/virlockspace.c:188:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((res->fd = open(res->path, O_RDWR)) < 0) { data/libvirt-6.9.0/src/util/virlog.c:510:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[VIR_TIME_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virlog.c:692:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(file, O_CREAT | O_APPEND | O_WRONLY, S_IRUSR | S_IWUSR); data/libvirt-6.9.0/src/util/virlog.c:830:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char (*bufs)[JOURNAL_BUF_SIZE], (*bufs_end)[JOURNAL_BUF_SIZE]; data/libvirt-6.9.0/src/util/virlog.c:849:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->bufs[0], &nstr, sizeof(nstr)); data/libvirt-6.9.0/src/util/virlog.c:919:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char iov_bufs[NUM_FIELDS][JOURNAL_BUF_SIZE]; data/libvirt-6.9.0/src/util/virlog.c:990:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(CMSG_DATA(cmsg), &buffd, sizeof(int)); data/libvirt-6.9.0/src/util/virlog.c:1324:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret->match + 1, match, mlen); data/libvirt-6.9.0/src/util/virmacaddr.c:28:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char virMacAddrBroadcastAddrRaw[VIR_MAC_BUFLEN] = data/libvirt-6.9.0/src/util/virmacaddr.c:88:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char mac2[VIR_MAC_BUFLEN]) data/libvirt-6.9.0/src/util/virmacaddr.c:103:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, sizeof(*src)); data/libvirt-6.9.0/src/util/virmacaddr.c:114:52: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. virMacAddrSetRaw(virMacAddrPtr dst, const unsigned char src[VIR_MAC_BUFLEN]) data/libvirt-6.9.0/src/util/virmacaddr.c:116:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->addr, src, VIR_MAC_BUFLEN); data/libvirt-6.9.0/src/util/virmacaddr.c:127:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. virMacAddrGetRaw(const virMacAddr *src, unsigned char dst[VIR_MAC_BUFLEN]) data/libvirt-6.9.0/src/util/virmacaddr.c:129:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src->addr, VIR_MAC_BUFLEN); data/libvirt-6.9.0/src/util/virmacaddr.c:220:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void virMacAddrGenerate(const unsigned char prefix[VIR_MAC_PREFIX_BUFLEN], data/libvirt-6.9.0/src/util/virmacaddr.c:245:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. virMacAddrIsBroadcastRaw(const unsigned char s[VIR_MAC_BUFLEN]) data/libvirt-6.9.0/src/util/virmacaddr.h:34:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char addr[VIR_MAC_BUFLEN]; data/libvirt-6.9.0/src/util/virmacaddr.h:47:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char s[VIR_MAC_BUFLEN]); data/libvirt-6.9.0/src/util/virmacaddr.h:49:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void virMacAddrSetRaw(virMacAddrPtr dst, const unsigned char s[VIR_MAC_BUFLEN]); data/libvirt-6.9.0/src/util/virmacaddr.h:50:55: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void virMacAddrGetRaw(const virMacAddr *src, unsigned char dst[VIR_MAC_BUFLEN]); data/libvirt-6.9.0/src/util/virmacaddr.h:53:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void virMacAddrGenerate(const unsigned char prefix[VIR_MAC_PREFIX_BUFLEN], data/libvirt-6.9.0/src/util/virmacaddr.h:62:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. bool virMacAddrIsBroadcastRaw(const unsigned char s[VIR_MAC_BUFLEN]); data/libvirt-6.9.0/src/util/virnetdev.c:112:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[VIR_MCAST_NAME_LEN]; data/libvirt-6.9.0/src/util/virnetdev.c:246:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macstr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdev.c:296:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mac[VIR_MAC_STRING_BUFLEN + 1] = ":"; data/libvirt-6.9.0/src/util/virnetdev.c:306:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ifr.ifr_addr.sa_data, sdl.sdl_data, VIR_MAC_BUFLEN); data/libvirt-6.9.0/src/util/virnetdev.c:811:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[IFNAMSIZ]; data/libvirt-6.9.0/src/util/virnetdev.c:1534:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macstr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdev.c:1849:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char MACStr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdev.c:2181:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char MACStr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdev.c:2572:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macstr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdev.c:2617:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macstr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevbandwidth.c:107:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ifmac[VIR_MAC_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevbandwidth.c:108:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *mac[2] = {NULL, NULL}; data/libvirt-6.9.0/src/util/virnetdevbandwidth.c:455:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((*dest)->in, src->in, sizeof(*src->in)); data/libvirt-6.9.0/src/util/virnetdevbandwidth.c:460:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((*dest)->out, src->out, sizeof(*src->out)); data/libvirt-6.9.0/src/util/virnetdevbandwidth.c:540:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifmacStr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevbridge.c:217:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char valuestr[VIR_INT64_STR_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevip.c:559:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char route[33], flags[9], iface[9]; data/libvirt-6.9.0/src/util/virnetdevip.c:655:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr->data.inet4, &ifr.ifr_addr, addr->len); data/libvirt-6.9.0/src/util/virnetdevip.c:709:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr->data.inet6, ifa->ifa_addr, addr->len); data/libvirt-6.9.0/src/util/virnetdevip.c:713:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr->data.inet4, ifa->ifa_addr, addr->len); data/libvirt-6.9.0/src/util/virnetdevmacvlan.c:244:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macstr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevmacvlan.c:303:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(tapname, O_RDWR)) >= 0) { data/libvirt-6.9.0/src/util/virnetdevmacvlan.c:411:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char vmuuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevmacvlan.c:479:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevmacvlan.c:582:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ifname = (char *)RTA_DATA(tb[IFLA_IFNAME]); data/libvirt-6.9.0/src/util/virnetdevmacvlan.c:613:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char *) RTA_DATA(tb3[IFLA_PORT_PROFILE])); data/libvirt-6.9.0/src/util/virnetdevmacvlan.c:633:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char instance[INSTANCE_STRLEN + 2]; data/libvirt-6.9.0/src/util/virnetdevmacvlan.c:636:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. uuid = (unsigned char *) data/libvirt-6.9.0/src/util/virnetdevmacvlan.c:732:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(calld->virtPortProfile, virtPortProfile, sizeof(*virtPortProfile)); data/libvirt-6.9.0/src/util/virnetdevmidonet.c:44:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char virtportuuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevmidonet.c:78:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char virtportuuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevopenvswitch.c:132:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddrstr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevopenvswitch.c:133:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ifuuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevopenvswitch.c:134:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vmuuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevtap.c:283:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(tunpath, O_RDWR)) < 0) { data/libvirt-6.9.0/src/util/virnetdevtap.c:357:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(tunpath, O_RDWR)) < 0) { data/libvirt-6.9.0/src/util/virnetdevtap.c:456:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((*tapfd = open(dev_path, O_RDWR)) < 0) { data/libvirt-6.9.0/src/util/virnetdevtap.c:792:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[256], *colon; data/libvirt-6.9.0/src/util/virnetdevtap.c:800:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen("/proc/net/dev", "r"); data/libvirt-6.9.0/src/util/virnetdevvlan.c:91:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->tag, src->tag, src->nTags * sizeof(*src->tag)); data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:133:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*dst, src, sizeof(*src)); data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:351:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char origuuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:352:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char modsuuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:371:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char origuuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:372:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char modsuuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:467:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(LLDPAD_PID_FILE, O_RDONLY); data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:469:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[10]; data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:563:41: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (unsigned char *) data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:572:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char instanceIdStr[VIR_UUID_STRING_BUFLEN] = "(none)"; data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:588:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN] = "(none)"; data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:598:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. virUUIDFormat((unsigned char *) data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:657:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macStr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:658:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostUUIDStr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:659:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char instanceUUIDStr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:1051:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char physdev_ifname[IFNAMSIZ] = { 0, }; data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:1113:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hostuuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:1237:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidStr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:1238:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macStr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:1304:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macStr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevvportprofile.h:65:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char instanceID[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/util/virnetdevvportprofile.h:70:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char profileID[LIBVIRT_IFLA_VF_PORT_PROFILE_MAX]; data/libvirt-6.9.0/src/util/virnetdevvportprofile.h:73:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char interfaceID[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/util/virpci.c:69:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[PCI_ID_LEN]; /* product vendor */ data/libvirt-6.9.0/src/util/virpci.c:278:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(dev->path, readonly ? O_RDONLY : O_RDWR); data/libvirt-6.9.0/src/util/virpci.c:1334:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, sizeof(*src)); data/libvirt-6.9.0/src/util/virpidfile.c:59:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pidstr[VIR_INT64_STR_BUFLEN]; data/libvirt-6.9.0/src/util/virpidfile.c:61:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(pidfile, data/libvirt-6.9.0/src/util/virpidfile.c:112:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pidstr[VIR_INT64_STR_BUFLEN]; data/libvirt-6.9.0/src/util/virpidfile.c:117:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_RDONLY)) < 0) { data/libvirt-6.9.0/src/util/virpidfile.c:335:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pidstr[VIR_INT64_STR_BUFLEN]; data/libvirt-6.9.0/src/util/virpidfile.c:342:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_WRONLY|O_CREAT, 0644)) < 0) { data/libvirt-6.9.0/src/util/virprocess.c:674:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(nsfile, O_RDONLY)) >= 0) { data/libvirt-6.9.0/src/util/virprocess.c:1093:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_RDONLY)) < 0) { data/libvirt-6.9.0/src/util/virprocess.c:1147:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[VIR_ERROR_MAX_LENGTH]; data/libvirt-6.9.0/src/util/virprocess.c:1149:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str1[VIR_ERROR_MAX_LENGTH]; data/libvirt-6.9.0/src/util/virprocess.c:1150:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str2[VIR_ERROR_MAX_LENGTH]; data/libvirt-6.9.0/src/util/virprocess.c:1151:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str3[VIR_ERROR_MAX_LENGTH]; data/libvirt-6.9.0/src/util/virprocess.c:1158:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bindata[sizeof(errorData)]; data/libvirt-6.9.0/src/util/virprocess.c:1249:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bin->bindata, buf, sizeof(*bin)); data/libvirt-6.9.0/src/util/virresctrl.c:461:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(SYSFS_RESCTRL_PATH, O_RDONLY | O_CLOEXEC); data/libvirt-6.9.0/src/util/virresctrl.c:943:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((*controls)[*ncontrols - 1], &i_type->control, sizeof(i_type->control)); data/libvirt-6.9.0/src/util/virrotatingfile.c:110:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((entry->fd = open(path, O_CREAT|O_APPEND|O_WRONLY|O_CLOEXEC, mode)) < 0) { data/libvirt-6.9.0/src/util/virrotatingfile.c:152:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((entry->fd = open(path, O_RDONLY|O_CLOEXEC)) < 0) { data/libvirt-6.9.0/src/util/virscsivhost.c:90:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). *vhostfd = open(VHOST_SCSI_DEVICE, O_RDWR); data/libvirt-6.9.0/src/util/virsecret.c:57:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst->u.uuid, src->u.uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/util/virsecret.c:112:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virsecret.c:173:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/virsecret.h:44:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/util/virsocket.c:393:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[CMSG_SPACE(sizeof(fd))]; data/libvirt-6.9.0/src/util/virsocket.c:411:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(CMSG_DATA(cmsg), &fd, sizeof(fd)); data/libvirt-6.9.0/src/util/virsocket.c:434:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[CMSG_SPACE(sizeof(fd))]; data/libvirt-6.9.0/src/util/virsocket.c:458:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(CMSG_DATA(cmsg), &fd, sizeof(fd)); data/libvirt-6.9.0/src/util/virsocketaddr.c:33:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char virSocketAddrIPv4[4]; data/libvirt-6.9.0/src/util/virsocketaddr.c:37:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char virSocketAddrIPv6Nibbles[32]; data/libvirt-6.9.0/src/util/virsocketaddr.c:152:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr->data.stor, res->ai_addr, len); data/libvirt-6.9.0/src/util/virsocketaddr.c:198:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&addr->data.stor, res->ai_addr, len); data/libvirt-6.9.0/src/util/virsocketaddr.c:328:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr->data.inet6.sin6_addr.s6_addr, val, 4 * sizeof(*val)); data/libvirt-6.9.0/src/util/virsocketaddr.c:465:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[NI_MAXHOST], port[NI_MAXSERV]; data/libvirt-6.9.0/src/util/virstorageencryption.c:386:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/urandom", O_RDONLY); data/libvirt-6.9.0/src/util/virstoragefile.c:524:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, buf + offset, len); data/libvirt-6.9.0/src/util/virstoragefile.c:578:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*res, buf + offset, size); data/libvirt-6.9.0/src/util/virstoragefile.c:617:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(desc, buf + 0x200, len); data/libvirt-6.9.0/src/util/virstoragefile.c:670:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*res, buf + offset, size); data/libvirt-6.9.0/src/util/virstoragefile.c:1242:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(path, O_RDWR)) < 0) { data/libvirt-6.9.0/src/util/virstoragefile.c:2269:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, src, sizeof(*src)); data/libvirt-6.9.0/src/util/virstring.c:706:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, n); data/libvirt-6.9.0/src/util/virsystemd.c:62:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char hextable[16] = "0123456789abcdef"; data/libvirt-6.9.0/src/util/virsystemd.c:564:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(un.sun_path, path, strlen(path)); data/libvirt-6.9.0/src/util/virtypedparam.c:74:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sorted, params, sizeof(*params) * nparams); data/libvirt-6.9.0/src/util/virusb.c:49:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[USB_ADDR_LEN]; /* domain:bus:slot.function */ data/libvirt-6.9.0/src/util/virusb.c:50:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[USB_ID_LEN]; /* product vendor */ data/libvirt-6.9.0/src/util/viruuid.c:40:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char host_uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/util/viruuid.c:224:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dmiuuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/util/viruuid.c:265:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uuid, host_uuid, sizeof(host_uuid)); data/libvirt-6.9.0/src/util/viruuid.h:34:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _uuidstr[VIR_UUID_STRING_BUFLEN]; \ data/libvirt-6.9.0/src/util/virxml.c:676:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*list, obj->nodesetval->nodeTab, ret * sizeof(xmlNodePtr)); data/libvirt-6.9.0/src/vbox/vbox_common.c:786:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_common.c:860:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char iid_as_uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_common.c:932:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_common.c:1306:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddr[VIR_MAC_STRING_BUFLEN] = {0}; data/libvirt-6.9.0/src/vbox/vbox_common.c:1307:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macaddrvbox[VIR_MAC_STRING_BUFLEN - 5] = {0}; data/libvirt-6.9.0/src/vbox/vbox_common.c:1779:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vendorId[40] = {0}; data/libvirt-6.9.0/src/vbox/vbox_common.c:1781:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char productId[40] = {0}; data/libvirt-6.9.0/src/vbox/vbox_common.c:1867:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_common.c:2218:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN] = {0}; data/libvirt-6.9.0/src/vbox/vbox_common.c:2325:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_common.c:4020:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(def->uuid, dom->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/vbox/vbox_common.c:4572:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char snapshotUuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_common.c:4586:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidtmp[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_common.c:6117:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_common.c:6148:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(defdom->uuid, dom->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/vbox/vbox_common.c:6231:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(defdom->uuid, dom->uuid, VIR_UUID_BUFLEN); data/libvirt-6.9.0/src/vbox/vbox_common.c:7454:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_common.c:7666:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_network.c:309:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_network.c:380:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_storage.c:77:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_storage.c:220:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_storage.c:221:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[VIR_UUID_STRING_BUFLEN] = ""; data/libvirt-6.9.0/src/vbox/vbox_storage.c:256:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_storage.c:326:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_storage.c:327:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[VIR_UUID_STRING_BUFLEN] = ""; data/libvirt-6.9.0/src/vbox/vbox_storage.c:405:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_storage.c:406:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char key[VIR_UUID_STRING_BUFLEN] = ""; data/libvirt-6.9.0/src/vbox/vbox_storage.c:508:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_storage.c:662:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_storage.c:717:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_storage.c:809:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_tmpl.c:165:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char utf8[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_tmpl.c:178:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid1[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_tmpl.c:179:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid2[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vbox/vbox_tmpl.c:215:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[24]; data/libvirt-6.9.0/src/vmware/vmware_conf.c:470:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/libvirt-6.9.0/src/vmware/vmware_conf.c:478:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((logFile = fopen(logFilePath, "r")) == NULL) data/libvirt-6.9.0/src/vmware/vmware_driver.c:68:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/vmx/vmx.c:2041:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char present_name[32]; data/libvirt-6.9.0/src/vmx/vmx.c:2042:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char virtualDev_name[32]; data/libvirt-6.9.0/src/vmx/vmx.c:2109:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char present_name[32]; data/libvirt-6.9.0/src/vmx/vmx.c:2164:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char present_name[32] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2167:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char startConnected_name[32] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2170:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char deviceType_name[32] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2173:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char clientDevice_name[32] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2176:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileType_name[32] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2179:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName_name[32] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2182:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char writeThrough_name[32] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2185:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mode_name[32] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2582:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2584:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char present_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2587:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char enabled_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2590:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostPath_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2593:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char guestName_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2596:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char writeAccess_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2670:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2672:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char present_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2675:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char startConnected_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2678:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char connectionType_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2681:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char addressType_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2684:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char generatedAddress_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2687:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char checkMACAddress_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2690:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char address_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2693:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char virtualDev_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2696:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char features_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2699:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vnet_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2702:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char networkName_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2901:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2903:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char present_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2906:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char startConnected_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2909:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileType_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2912:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:2915:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char network_endPoint_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:3083:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:3085:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char present_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:3088:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char startConnected_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:3091:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileType_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:3094:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName_name[48] = ""; data/libvirt-6.9.0/src/vmx/vmx.c:3226:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char zero[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vmx/vmx.c:3898:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mac_string[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/vz/vz_driver.c:580:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/vz/vz_driver.c:774:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/vz/vz_driver.c:2255:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/vz/vz_driver.c:2742:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/vz/vz_driver.c:2763:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char fakeuuid[VIR_UUID_BUFLEN] = { 0 }; data/libvirt-6.9.0/src/vz/vz_driver.c:3486:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char param_name[VIR_TYPED_PARAM_FIELD_LENGTH]; data/libvirt-6.9.0/src/vz/vz_driver.c:3553:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char param_name[VIR_TYPED_PARAM_FIELD_LENGTH]; data/libvirt-6.9.0/src/vz/vz_driver.c:3594:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char param_name[VIR_TYPED_PARAM_FIELD_LENGTH]; data/libvirt-6.9.0/src/vz/vz_sdk.c:354:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char session_uuid[VIR_UUID_STRING_BRACED_BUFLEN]; data/libvirt-6.9.0/src/vz/vz_sdk.c:458:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BRACED_BUFLEN]; data/libvirt-6.9.0/src/vz/vz_sdk.c:1022:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macstr[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/vz/vz_sdk.c:1822:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BRACED_BUFLEN]; data/libvirt-6.9.0/src/vz/vz_sdk.c:2247:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BRACED_BUFLEN]; data/libvirt-6.9.0/src/vz/vz_sdk.c:2248:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/src/vz/vz_sdk.c:3242:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macstr[PRL_MAC_STRING_BUFNAME]; data/libvirt-6.9.0/src/vz/vz_sdk.c:3378:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char adapterMac[PRL_MAC_STRING_BUFNAME]; data/libvirt-6.9.0/src/vz/vz_sdk.c:3379:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expectedMac[PRL_MAC_STRING_BUFNAME]; data/libvirt-6.9.0/src/vz/vz_sdk.c:3380:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char virMac[VIR_MAC_STRING_BUFLEN]; data/libvirt-6.9.0/src/vz/vz_sdk.c:3884:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BRACED_BUFLEN]; data/libvirt-6.9.0/src/vz/vz_sdk.c:4801:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BRACED_BUFLEN]; data/libvirt-6.9.0/src/vz/vz_utils.c:77:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/src/vz/vz_utils.h:44:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; \ data/libvirt-6.9.0/src/vz/vz_utils.h:71:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char session_uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/tests/bhyveargv2xmlmock.c:12:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. virMacAddrGenerate(const unsigned char prefix[VIR_MAC_PREFIX_BUFLEN], data/libvirt-6.9.0/tests/bhyvexml2argvmock.c:11:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void virMacAddrGenerate(const unsigned char prefix[VIR_MAC_PREFIX_BUFLEN], data/libvirt-6.9.0/tests/commandhelper.c:66:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *log = fopen(abs_builddir "/commandhelper.log", "w"); data/libvirt-6.9.0/tests/commandhelper.c:72:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *buffers[3] = {NULL, NULL, NULL}; data/libvirt-6.9.0/tests/commandhelper.c:77:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libvirt-6.9.0/tests/commandhelper.c:151:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(cwd, ".../commanddata"); data/libvirt-6.9.0/tests/commandhelper.c:218:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffers[i] + buflen[i], buf, got); data/libvirt-6.9.0/tests/commandtest.c:574:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(abs_builddir "/commandhelper.log", data/libvirt-6.9.0/tests/commandtest.c:1020:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(abs_builddir "/commandhelper.log", data/libvirt-6.9.0/tests/commandtest.c:1210:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open("/dev/null", O_RDONLY)) < 0 || data/libvirt-6.9.0/tests/esxutilstest.c:131:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. dateTime.value = (char *)times[i].dateTime; data/libvirt-6.9.0/tests/fdstreamtest.c:65:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(file, O_CREAT|O_WRONLY|O_EXCL, 0600)) < 0) data/libvirt-6.9.0/tests/fdstreamtest.c:241:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(file, O_RDONLY)) < 0) data/libvirt-6.9.0/tests/nssmock.c:48:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). VIR_MOCK_REAL_INIT(open); data/libvirt-6.9.0/tests/nssmock.c:69:1: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(const char *path, int flags, ...) data/libvirt-6.9.0/tests/nsstest.c:44:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUF_SIZE] = { 0 }; data/libvirt-6.9.0/tests/qemuagenttest.c:977:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char param_name[VIR_TYPED_PARAM_FIELD_LENGTH]; data/libvirt-6.9.0/tests/qemuhotplugmock.c:116:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open("/dev/null", O_RDONLY); data/libvirt-6.9.0/tests/qemumonitortestutils.c:125:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(test->outgoing + test->outgoingLength, response, want); data/libvirt-6.9.0/tests/qemumonitortestutils.c:126:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(test->outgoing + test->outgoingLength + want, "\r\n", 2); data/libvirt-6.9.0/tests/qemusecuritymock.c:107:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). VIR_MOCK_REAL_INIT(open); data/libvirt-6.9.0/tests/qemusecuritymock.c:318:1: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(const char *path, int flags, ...) data/libvirt-6.9.0/tests/qemuxml2argvtest.c:59:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/tests/qemuxml2argvtest.c:102:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char fakeUUID[VIR_UUID_BUFLEN] = "fakeuuid"; data/libvirt-6.9.0/tests/scsihosttest.c:111:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(unique_id_path, O_CREAT|O_WRONLY, 0444)) < 0) { data/libvirt-6.9.0/tests/securityselinuxlabeltest.c:114:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fp = fopen(path, "r"))) data/libvirt-6.9.0/tests/testutils.c:196:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(file, "r"); data/libvirt-6.9.0/tests/testutils.c:1076:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char virtTestCounterStr[128]; data/libvirt-6.9.0/tests/testutilsqemu.c:25:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *qemu_emulators[VIR_ARCH_LAST] = { data/libvirt-6.9.0/tests/testutilsqemu.c:78:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *const *qemu_machines[VIR_ARCH_LAST] = { data/libvirt-6.9.0/tests/testutilsqemu.c:90:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *const *kvm_machines[VIR_ARCH_LAST] = { data/libvirt-6.9.0/tests/testutilsqemu.c:102:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *qemu_default_ram_id[VIR_ARCH_LAST] = { data/libvirt-6.9.0/tests/testutilsqemu.c:184:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. nmachines = g_strv_length((char **)kvm_machines[emu_arch]); data/libvirt-6.9.0/tests/utiltest.c:310:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *values[2]; data/libvirt-6.9.0/tests/virbitmaptest.c:446:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[108] = {0x00,}; data/libvirt-6.9.0/tests/vircgroupmock.c:307:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). VIR_MOCK_REAL_INIT(fopen); data/libvirt-6.9.0/tests/vircgroupmock.c:310:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). VIR_MOCK_REAL_INIT(open); data/libvirt-6.9.0/tests/vircgroupmock.c:414:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fopen(const char *path, const char *mode) data/libvirt-6.9.0/tests/vircgroupmock.c:557:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open(const char *path, int flags, ...) data/libvirt-6.9.0/tests/vircgrouptest.c:119:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *mountsSmall[VIR_CGROUP_CONTROLLER_LAST] = { data/libvirt-6.9.0/tests/vircgrouptest.c:129:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *mountsFull[VIR_CGROUP_CONTROLLER_LAST] = { data/libvirt-6.9.0/tests/vircgrouptest.c:139:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *mountsAllInOne[VIR_CGROUP_CONTROLLER_LAST] = { data/libvirt-6.9.0/tests/vircgrouptest.c:150:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *links[VIR_CGROUP_CONTROLLER_LAST] = { data/libvirt-6.9.0/tests/vircgrouptest.c:161:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *linksAllInOne[VIR_CGROUP_CONTROLLER_LAST] = { data/libvirt-6.9.0/tests/vircgrouptest.c:227:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *placement[VIR_CGROUP_CONTROLLER_LAST] = { data/libvirt-6.9.0/tests/vircgrouptest.c:263:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *placementSmall[VIR_CGROUP_CONTROLLER_LAST] = { data/libvirt-6.9.0/tests/vircgrouptest.c:273:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *placementFull[VIR_CGROUP_CONTROLLER_LAST] = { data/libvirt-6.9.0/tests/vircgrouptest.c:332:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *placementFull[VIR_CGROUP_CONTROLLER_LAST] = { data/libvirt-6.9.0/tests/vircgrouptest.c:377:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *placementFull[VIR_CGROUP_CONTROLLER_LAST] = { data/libvirt-6.9.0/tests/vircgrouptest.c:430:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *placement[VIR_CGROUP_CONTROLLER_LAST] = { data/libvirt-6.9.0/tests/vircgrouptest.c:461:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *placement[VIR_CGROUP_CONTROLLER_LAST] = { data/libvirt-6.9.0/tests/vircgrouptest.c:502:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *placement[VIR_CGROUP_CONTROLLER_LAST] = { data/libvirt-6.9.0/tests/vircgrouptest.c:537:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *empty[VIR_CGROUP_CONTROLLER_LAST] = { 0 }; data/libvirt-6.9.0/tests/vircgrouptest.c:558:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *empty[VIR_CGROUP_CONTROLLER_LAST] = { 0 }; data/libvirt-6.9.0/tests/vircgrouptest.c:559:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *mounts[VIR_CGROUP_CONTROLLER_LAST] = { data/libvirt-6.9.0/tests/vircgrouptest.c:565:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *placement[VIR_CGROUP_CONTROLLER_LAST] = { data/libvirt-6.9.0/tests/vircryptotest.c:170:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&secretdata, "letmein", 7); data/libvirt-6.9.0/tests/virfilemock.c:108:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mntbuf[1024]; data/libvirt-6.9.0/tests/virfilewrapper.c:55:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). VIR_MOCK_REAL_INIT(fopen); data/libvirt-6.9.0/tests/virfilewrapper.c:58:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). VIR_MOCK_REAL_INIT(open); data/libvirt-6.9.0/tests/virfilewrapper.c:144:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fopen(const char *path, const char *mode) data/libvirt-6.9.0/tests/virfilewrapper.c:166:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open(const char *path, int flags, ...) data/libvirt-6.9.0/tests/virhostcputest.c:38:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). cpuinfo = fopen(cpuinfofile, "r"); data/libvirt-6.9.0/tests/virhostcputest.c:119:21: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(cpustat = fopen(cpustatfile, "r"))) { data/libvirt-6.9.0/tests/virhostcputest.c:211:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(f = fopen(cpuinfo, "r"))) { data/libvirt-6.9.0/tests/virnetmessagetest.c:106:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->buffer, input_buf, msg->bufferLength); data/libvirt-6.9.0/tests/virnetmessagetest.c:132:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->buffer, input_buf, msg->bufferLength); data/libvirt-6.9.0/tests/virnetmessagetest.c:335:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->buffer, input_buffer, msg->bufferLength); data/libvirt-6.9.0/tests/virnetmessagetest.c:354:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg->buffer, input_buffer, msg->bufferLength); data/libvirt-6.9.0/tests/virnetsockettest.c:187:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portstr[100]; data/libvirt-6.9.0/tests/virnetsockettest.c:398:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/libvirt-6.9.0/tests/virnetsockettest.c:426:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/libvirt-6.9.0/tests/virnetsockettest.c:467:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libvirt-6.9.0/tests/virnettlshelpers.c:145:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[1024*1024]; data/libvirt-6.9.0/tests/virnettlshelpers.c:147:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char serial[5] = { 1, 2, 3, 4, 0 }; data/libvirt-6.9.0/tests/virnettlshelpers.c:296:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[2]; data/libvirt-6.9.0/tests/virnettlshelpers.c:401:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[1024*1024]; data/libvirt-6.9.0/tests/virnettlshelpers.c:404:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(filename, O_WRONLY|O_CREAT, 0600)) < 0) { data/libvirt-6.9.0/tests/virnumamock.c:146:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*pages_size, pages_def, sizeof(pages_def)); data/libvirt-6.9.0/tests/virpcimock.c:401:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[256]; data/libvirt-6.9.0/tests/virpcimock.c:446:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[256]; data/libvirt-6.9.0/tests/virpcimock.c:470:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dev, data, sizeof(*dev)); data/libvirt-6.9.0/tests/virpcimock.c:567:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[32]; data/libvirt-6.9.0/tests/virpcimock.c:760:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[32]; data/libvirt-6.9.0/tests/virpcimock.c:933:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). VIR_MOCK_REAL_INIT(open); data/libvirt-6.9.0/tests/virpcimock.c:1046:1: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(const char *path, int flags, ...) data/libvirt-6.9.0/tests/virrotatingfiletest.c:127:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libvirt-6.9.0/tests/virrotatingfiletest.c:132:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_WRONLY|O_CREAT|O_TRUNC, 0700); data/libvirt-6.9.0/tests/virrotatingfiletest.c:171:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/libvirt-6.9.0/tests/virrotatingfiletest.c:214:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/libvirt-6.9.0/tests/virrotatingfiletest.c:257:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/libvirt-6.9.0/tests/virrotatingfiletest.c:300:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/libvirt-6.9.0/tests/virrotatingfiletest.c:343:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/libvirt-6.9.0/tests/virrotatingfiletest.c:388:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/libvirt-6.9.0/tests/virrotatingfiletest.c:431:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/libvirt-6.9.0/tests/virrotatingfiletest.c:564:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/libvirt-6.9.0/tests/virrotatingfiletest.c:596:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[768]; data/libvirt-6.9.0/tests/virrotatingfiletest.c:628:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[600]; data/libvirt-6.9.0/tests/virrotatingfiletest.c:660:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[600]; data/libvirt-6.9.0/tests/virsystemdtest.c:119:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN] = { data/libvirt-6.9.0/tests/virsystemdtest.c:152:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN] = { data/libvirt-6.9.0/tests/virsystemdtest.c:185:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN] = { data/libvirt-6.9.0/tests/virsystemdtest.c:219:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN] = { data/libvirt-6.9.0/tests/virsystemdtest.c:253:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN] = { data/libvirt-6.9.0/tests/virsystemdtest.c:288:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN] = { data/libvirt-6.9.0/tests/virsystemdtest.c:398:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *results[4] = {"yes", "no", "na", "challenge"}; data/libvirt-6.9.0/tests/virsystemdtest.c:506:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nfdstr[VIR_INT64_STR_BUFLEN]; data/libvirt-6.9.0/tests/virsystemdtest.c:507:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pidstr[VIR_INT64_STR_BUFLEN]; data/libvirt-6.9.0/tests/virsystemdtest.c:635:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/tests/virtestmock.c:48:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). VIR_MOCK_REAL_INIT(open); data/libvirt-6.9.0/tests/virtestmock.c:49:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). VIR_MOCK_REAL_INIT(fopen); data/libvirt-6.9.0/tests/virtestmock.c:141:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open(const char *path, int flags, ...) data/libvirt-6.9.0/tests/virtestmock.c:162:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fopen(const char *path, const char *mode) data/libvirt-6.9.0/tests/virusbmock.c:78:5: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int open(const char *pathname, int flags, ...) data/libvirt-6.9.0/tools/nss/libvirt_nss.c:308:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r_name, name, nameLen + 1); data/libvirt-6.9.0/tools/nss/libvirt_nss.c:319:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r_addr_next, addr[i].addr, alen); data/libvirt-6.9.0/tools/nss/libvirt_nss.c:414:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r_name, name, nameLen + 1); data/libvirt-6.9.0/tools/nss/libvirt_nss.c:429:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r_tuple->addr, addr[i].addr, FAMILY_ADDRESS_SIZE(family)); data/libvirt-6.9.0/tools/nss/libvirt_nss.c:469:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024] = { 0 }; data/libvirt-6.9.0/tools/nss/libvirt_nss.c:488:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[NI_MAXHOST]; data/libvirt-6.9.0/tools/nss/libvirt_nss.c:489:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char port[NI_MAXSERV]; data/libvirt-6.9.0/tools/nss/libvirt_nss.c:494:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sa.sin.sin_addr.s_addr, data/libvirt-6.9.0/tools/nss/libvirt_nss.c:500:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sa.sin6.sin6_addr.s6_addr, data/libvirt-6.9.0/tools/nss/libvirt_nss.h:40:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ebuf[1024]; \ data/libvirt-6.9.0/tools/nss/libvirt_nss_leases.c:80:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char addr[16]; data/libvirt-6.9.0/tools/nss/libvirt_nss_leases.c:100:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sa, res->ai_addr, res->ai_addrlen); data/libvirt-6.9.0/tools/nss/libvirt_nss_leases.c:104:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr, &sa.sin.sin_addr, sizeof(sa.sin.sin_addr)); data/libvirt-6.9.0/tools/nss/libvirt_nss_leases.c:106:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr, &sa.sin6.sin6_addr, sizeof(sa.sin6.sin6_addr)); data/libvirt-6.9.0/tools/nss/libvirt_nss_leases.c:147:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((*tmpAddress)[*ntmpAddress].addr, data/libvirt-6.9.0/tools/nss/libvirt_nss_leases.c:151:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((*tmpAddress)[*ntmpAddress].addr, data/libvirt-6.9.0/tools/nss/libvirt_nss_leases.c:381:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/libvirt-6.9.0/tools/nss/libvirt_nss_leases.c:385:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(file, O_RDONLY)) < 0) { data/libvirt-6.9.0/tools/nss/libvirt_nss_leases.h:26:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char addr[16]; data/libvirt-6.9.0/tools/nss/libvirt_nss_macs.c:231:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/libvirt-6.9.0/tools/nss/libvirt_nss_macs.c:235:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(file, O_RDONLY)) < 0) { data/libvirt-6.9.0/tools/virsh-completer-domain.c:114:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-completer-domain.c:246:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macstr[VIR_MAC_STRING_BUFLEN] = ""; data/libvirt-6.9.0/tools/virsh-completer-network.c:114:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-completer-network.c:161:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-completer-secret.c:53:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-completer.c:117:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (virStringListHasString((const char **)inputList, options[i])) data/libvirt-6.9.0/tools/virsh-domain-monitor.c:826:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char macstr[VIR_MAC_STRING_BUFLEN] = ""; data/libvirt-6.9.0/tools/virsh-domain-monitor.c:1291:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *str, uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-domain-monitor.c:1950:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-domain-monitor.c:1955:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id_buf[VIR_INT64_STR_BUFLEN]; data/libvirt-6.9.0/tools/virsh-domain.c:5657:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(file, O_WRONLY|O_CREAT|O_EXCL, 0666)) < 0) { data/libvirt-6.9.0/tools/virsh-domain.c:5659:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (fd = open(file, O_WRONLY|O_TRUNC, 0666)) < 0) { data/libvirt-6.9.0/tools/virsh-domain.c:9728:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[VIR_TIME_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-domain.c:10503:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-domain.c:13187:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[VIR_TIME_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-network.c:392:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-network.c:713:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-network.c:1090:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-network.c:1223:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[VIR_TIME_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-network.c:1517:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-network.c:1613:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuidstr[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-network.c:1646:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuida[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/tools/virsh-network.c:1647:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuidb[VIR_UUID_BUFLEN]; data/libvirt-6.9.0/tools/virsh-network.c:1756:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-nodedev.c:800:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[VIR_TIME_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-nodedev.c:829:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[VIR_TIME_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-nwfilter.c:355:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-pool.c:1334:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_str[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-pool.c:1588:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-pool.c:1804:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-pool.c:1932:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[VIR_TIME_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-pool.c:1963:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[VIR_TIME_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-secret.c:84:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-secret.c:389:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_sa[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-secret.c:390:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid_sb[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-secret.c:586:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-secret.c:653:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-secret.c:660:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[VIR_TIME_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-secret.c:683:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-secret.c:691:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char timestamp[VIR_TIME_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virsh-volume.c:694:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(file, O_RDONLY)) < 0) { data/libvirt-6.9.0/tools/virsh-volume.c:820:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(file, O_WRONLY|O_CREAT|O_EXCL, 0666)) < 0) { data/libvirt-6.9.0/tools/virsh-volume.c:822:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (fd = open(file, O_WRONLY|O_TRUNC, 0666)) < 0) { data/libvirt-6.9.0/tools/virsh-volume.c:1595:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uuid[VIR_UUID_STRING_BUFLEN]; data/libvirt-6.9.0/tools/virt-host-validate-common.c:175:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nspath[100]; data/libvirt-6.9.0/tools/virt-host-validate-common.c:196:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fp = fopen("/proc/cpuinfo", "r"))) data/libvirt-6.9.0/tools/virt-host-validate-common.c:202:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/libvirt-6.9.0/tools/virt-host-validate-common.c:422:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(fp = fopen("/proc/modules", "r"))) data/libvirt-6.9.0/tools/virt-host-validate-common.c:426:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/libvirt-6.9.0/tools/virt-login-shell.c:36:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uidstr[VIR_INT64_STR_BUFLEN]; data/libvirt-6.9.0/tools/virt-login-shell.c:37:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gidstr[VIR_INT64_STR_BUFLEN]; data/libvirt-6.9.0/tools/virt-login-shell.c:38:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * newargv[6]; data/libvirt-6.9.0/tools/vsh-table.c:257:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, p, len); data/libvirt-6.9.0/tools/vsh.c:607:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/libvirt-6.9.0/tools/vsh.c:2150:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ctl->log_fd = open(ctl->logfile, LOGFILE_FLAGS, FILE_MODE)) < 0) { data/libvirt-6.9.0/tools/vsh.c:2935:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/libvirt-6.9.0/examples/c/domain/domtop.c:305:9: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(milliseconds * 1000); /* usleep expects microseconds */ data/libvirt-6.9.0/examples/c/misc/openauth.c:177:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cred[i].resultlen = strlen(cred[i].result); data/libvirt-6.9.0/examples/c/misc/openauth.c:186:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cred[i].resultlen = strlen(cred[i].result); data/libvirt-6.9.0/src/bhyve/bhyve_parse_command.c:49:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(command); data/libvirt-6.9.0/src/bhyve/bhyve_parse_command.c:309:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). last = strlen(chr->source->data.nmdm.master) - 1; data/libvirt-6.9.0/src/bhyve/bhyve_parse_command.c:608:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). param += strlen("rfb="); data/libvirt-6.9.0/src/bhyve/bhyve_parse_command.c:627:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). param += strlen("w="); data/libvirt-6.9.0/src/bhyve/bhyve_parse_command.c:637:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). param += strlen("h="); data/libvirt-6.9.0/src/bhyve/bhyve_parse_command.c:647:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). param += strlen("password="); data/libvirt-6.9.0/src/conf/cpu_conf.c:515:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vendor_id) != VIR_CPU_VENDOR_ID_LENGTH) { data/libvirt-6.9.0/src/conf/domain_conf.c:6344:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SERIAL_CHANNEL_NAME_CHARS) < strlen(src_def->data.spiceport.channel)) { data/libvirt-6.9.0/src/conf/domain_conf.c:7462:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(loadparm) > 8) { data/libvirt-6.9.0/src/conf/domain_conf.c:7468:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(loadparm); i++) { data/libvirt-6.9.0/src/conf/domain_conf.c:7919:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(aliasStr, USER_ALIAS_CHARS) == strlen(aliasStr))) data/libvirt-6.9.0/src/conf/domain_conf.c:10557:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(target, target+6, strlen(target)-5); data/libvirt-6.9.0/src/conf/domain_conf.c:10634:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vendor) > VENDOR_LEN) { data/libvirt-6.9.0/src/conf/domain_conf.c:10650:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(product) > PRODUCT_LEN) { data/libvirt-6.9.0/src/conf/domain_conf.c:16443:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(s) == 1) data/libvirt-6.9.0/src/conf/domain_conf.c:19762:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(def->hyperv_vendor_id) > VIR_DOMAIN_HYPERV_VENDOR_ID_MAX) { data/libvirt-6.9.0/src/conf/domain_conf.c:31320:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(model, NET_MODEL_CHARS) < strlen(model)) { data/libvirt-6.9.0/src/conf/domain_conf.c:31914:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len == strlen(def->name)) { data/libvirt-6.9.0/src/conf/network_conf.c:794:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(def->service) > DNS_RECORD_LENGTH_SRV) { data/libvirt-6.9.0/src/conf/network_conf.c:801:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(def->service, SERVICE_CHARS) < strlen(def->service)) { data/libvirt-6.9.0/src/conf/network_conf.c:818:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strspn(def->protocol, PROTOCOL_CHARS) < strlen(def->protocol)) { data/libvirt-6.9.0/src/conf/network_conf.c:900:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcspn(def->name, bad) != strlen(def->name)) { data/libvirt-6.9.0/src/conf/nwfilter_conf.c:783:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(int_map[j].val))) { data/libvirt-6.9.0/src/conf/nwfilter_conf.c:785:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i += strlen(int_map[j].val); data/libvirt-6.9.0/src/conf/nwfilter_conf.c:2533:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(chainname) > MAX_CHAIN_SUFFIX_SIZE) { data/libvirt-6.9.0/src/conf/nwfilter_params.c:690:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (value[strspn(value, VALID_VARVALUE)] == 0) && (strlen(value) != 0); data/libvirt-6.9.0/src/conf/virchrdev.c:154:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (safewrite(lockfd, pidStr, strlen(pidStr)) < 0) { data/libvirt-6.9.0/src/cpu/cpu_ppc64.c:74:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cpu->model[strlen("POWERx")] = 0; data/libvirt-6.9.0/src/cpu/cpu_ppc64.c:96:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !(tmp = (char *) host_model + strlen("POWER")) || data/libvirt-6.9.0/src/cpu/cpu_ppc64.c:107:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). !(tmp = (char *) compat_mode + strlen("power")) || data/libvirt-6.9.0/src/cpu/cpu_x86.c:664:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(vendor) != VENDOR_STRING_LENGTH) { data/libvirt-6.9.0/src/esx/esx_driver.c:302:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(hostMount->mountInfo->path); data/libvirt-6.9.0/src/esx/esx_driver.c:515:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(uuid_string) > 0) { data/libvirt-6.9.0/src/esx/esx_driver.c:1140:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!hostName || strlen(hostName) < 1) { data/libvirt-6.9.0/src/esx/esx_driver.c:1146:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!domainName || strlen(domainName) < 1) { data/libvirt-6.9.0/src/esx/esx_driver.c:1255:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(ptr, ptr + 1, strlen(ptr + 1) + 1); data/libvirt-6.9.0/src/esx/esx_driver.c:1258:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(ptr, ptr + 3, strlen(ptr + 3) + 1); data/libvirt-6.9.0/src/esx/esx_driver.c:1261:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(ptr, ptr + 4, strlen(ptr + 4) + 1); data/libvirt-6.9.0/src/esx/esx_interface_driver.c:202:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(physicalNic->spec->ip->ipAddress) > 0 && data/libvirt-6.9.0/src/esx/esx_interface_driver.c:203:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(physicalNic->spec->ip->subnetMask) > 0) { data/libvirt-6.9.0/src/esx/esx_storage_backend_vmfs.c:630:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(directoryAndFileName); data/libvirt-6.9.0/src/esx/esx_storage_backend_vmfs.c:795:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(directoryAndFileName); data/libvirt-6.9.0/src/esx/esx_storage_backend_vmfs.c:937:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(unescapedDirectoryName) + 1); data/libvirt-6.9.0/src/esx/esx_storage_backend_vmfs.c:1150:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(unescapedDirectoryName) + 1); data/libvirt-6.9.0/src/esx/esx_vi.c:127:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). available = strlen(content); data/libvirt-6.9.0/src/esx/esx_vi.c:441:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). curl_easy_setopt(curl->handle, CURLOPT_INFILESIZE, strlen(content)); data/libvirt-6.9.0/src/esx/esx_vi.c:1261:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). curl_easy_setopt(ctx->curl->handle, CURLOPT_POSTFIELDSIZE, strlen(request)); data/libvirt-6.9.0/src/esx/esx_vi.c:1770:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). currentSelectSetName += strlen(currentSelectSetName) + 1; data/libvirt-6.9.0/src/esx/esx_vi.c:3420:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(directoryName); data/libvirt-6.9.0/src/esx/esx_vi.c:4408:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(input[r]) != expectedLength) { data/libvirt-6.9.0/src/esx/esx_vi_types.c:1177:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value += strlen(value) + 1; data/libvirt-6.9.0/src/hyperv/hyperv_driver.c:723:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(tmp, tmp + 1, strlen(tmp + 1) + 1); data/libvirt-6.9.0/src/hyperv/hyperv_driver.c:726:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(tmp, tmp + 3, strlen(tmp + 3) + 1); data/libvirt-6.9.0/src/hyperv/hyperv_driver.c:729:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(tmp, tmp + 4, strlen(tmp + 4) + 1); data/libvirt-6.9.0/src/hypervisor/domain_driver.c:58:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(virBufferCurrentContent(buf)) >= 64) data/libvirt-6.9.0/src/hypervisor/virhostdev.c:188:21: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask(077); data/libvirt-6.9.0/src/hypervisor/virhostdev.c:191:13: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/libvirt-6.9.0/src/hypervisor/virhostdev.c:197:9: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/libvirt-6.9.0/src/interface/interface_backend_udev.c:565:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(entry->d_name) >= 5) { data/libvirt-6.9.0/src/interface/interface_backend_udev.c:668:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tmp_str) < 2) { data/libvirt-6.9.0/src/interface/interface_backend_udev.c:698:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tmp_str) < 2) { data/libvirt-6.9.0/src/interface/interface_backend_udev.c:767:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!tmp_str || strlen(tmp_str) < 2) { data/libvirt-6.9.0/src/interface/interface_backend_udev.c:928:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). vid_pos += strlen(vid_prefix); data/libvirt-6.9.0/src/interface/interface_backend_udev.c:944:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dev_pos += strlen(dev_prefix); data/libvirt-6.9.0/src/internal.h:83:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define STRPREFIX(a, b) (strncmp(a, b, strlen(b)) == 0) data/libvirt-6.9.0/src/internal.h:84:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define STRCASEPREFIX(a, b) (g_ascii_strncasecmp(a, b, strlen(b)) == 0) data/libvirt-6.9.0/src/internal.h:85:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define STRSKIP(a, b) (STRPREFIX(a, b) ? (a) + strlen(b) : NULL) data/libvirt-6.9.0/src/libvirt-lxc.c:216:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen((char *) ctx) >= VIR_SECURITY_LABEL_BUFLEN) { data/libvirt-6.9.0/src/libvirt.c:146:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/libvirt-6.9.0/src/libvirt.c:150:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) > 0) data/libvirt-6.9.0/src/libvirt.c:172:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cred[i].resultlen = strlen(cred[i].result); data/libvirt-6.9.0/src/libvirt.c:988:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(ret->uri->scheme)) { data/libvirt-6.9.0/src/libxl/libxl_conf.c:188:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(def->seclabels[0]->label), data/libvirt-6.9.0/src/libxl/libxl_domain.c:1461:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (uint8_t *)dom_xml, strlen(dom_xml) + 1)) { data/libvirt-6.9.0/src/libxl/libxl_driver.c:1844:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xml_len = strlen(xml) + 1; data/libvirt-6.9.0/src/libxl/libxl_driver.c:5385:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && chrused == strlen(virtpath))) data/libvirt-6.9.0/src/libxl/libxl_migration.c:138:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *cookieoutlen = strlen(*cookieout) + 1; data/libvirt-6.9.0/src/libxl/libxl_migration.c:872:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nbytes = read(data->srcFD, buffer, TUNNEL_SEND_BUF_SIZE); data/libvirt-6.9.0/src/libxl/xen_common.c:1172:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = nextkey ? (nextkey - data) : strlen(data); data/libvirt-6.9.0/src/libxl/xen_common.c:1180:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = nextkey ? (nextkey - data) : strlen(data); data/libvirt-6.9.0/src/libxl/xen_common.c:1188:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = nextkey ? (nextkey - data) : strlen(data); data/libvirt-6.9.0/src/libxl/xen_common.c:1192:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = nextkey ? (nextkey - data) : strlen(data); data/libvirt-6.9.0/src/libxl/xen_common.c:1200:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = nextkey ? (nextkey - data) : strlen(data); data/libvirt-6.9.0/src/libxl/xen_common.c:1208:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = nextkey ? (nextkey - data) : strlen(data); data/libvirt-6.9.0/src/libxl/xen_common.c:1216:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = nextkey ? (nextkey - data) : strlen(data); data/libvirt-6.9.0/src/libxl/xen_common.c:1223:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = nextkey ? (nextkey - data) : strlen(data); data/libvirt-6.9.0/src/libxl/xen_common.c:1389:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(offset); data/libvirt-6.9.0/src/libxl/xen_xl.c:917:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = nextkey ? (nextkey - data) : strlen(data); data/libvirt-6.9.0/src/libxl/xen_xl.c:925:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = nextkey ? (nextkey - data) : strlen(data); data/libvirt-6.9.0/src/libxl/xen_xl.c:935:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = nextkey ? (nextkey - data) : strlen(data); data/libvirt-6.9.0/src/libxl/xen_xl.c:1019:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = nextkey ? (nextkey - data) : strlen(data); data/libvirt-6.9.0/src/libxl/xen_xl.c:1027:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = nextkey ? (nextkey - data) : strlen(data); data/libvirt-6.9.0/src/libxl/xen_xl.c:1095:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = nextkey ? (nextkey - data) : strlen(data); data/libvirt-6.9.0/src/libxl/xen_xl.c:1102:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = nextkey ? (nextkey - data) : strlen(data); data/libvirt-6.9.0/src/libxl/xen_xl.c:1106:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = nextkey ? (nextkey - data) : strlen(data); data/libvirt-6.9.0/src/locking/lock_daemon.c:604:21: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask(077); data/libvirt-6.9.0/src/locking/lock_daemon.c:606:13: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/libvirt-6.9.0/src/locking/lock_daemon.c:609:9: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/libvirt-6.9.0/src/locking/lock_daemon.c:1008:21: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask(022); data/libvirt-6.9.0/src/locking/lock_daemon.c:1010:21: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask(077); data/libvirt-6.9.0/src/locking/lock_daemon.c:1016:9: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/libvirt-6.9.0/src/locking/lock_daemon.c:1019:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/libvirt-6.9.0/src/locking/lock_driver_sanlock.c:839:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(path) >= SANLK_HELPER_PATH_LEN) { data/libvirt-6.9.0/src/locking/lock_driver_sanlock.c:845:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(args) >= SANLK_HELPER_ARGS_LEN) { data/libvirt-6.9.0/src/locking/lock_driver_sanlock.c:944:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MIN(strlen(priv->vm_name), SANLK_NAME_LEN - 1), data/libvirt-6.9.0/src/logging/log_daemon.c:409:21: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask(077); data/libvirt-6.9.0/src/logging/log_daemon.c:411:13: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/libvirt-6.9.0/src/logging/log_daemon.c:414:9: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/libvirt-6.9.0/src/logging/log_daemon.c:790:21: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask(022); data/libvirt-6.9.0/src/logging/log_daemon.c:792:21: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask(077); data/libvirt-6.9.0/src/logging/log_daemon.c:798:9: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/libvirt-6.9.0/src/logging/log_daemon.c:801:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/libvirt-6.9.0/src/logging/log_handler.c:163:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(fd, buf, sizeof(buf)); data/libvirt-6.9.0/src/logging/log_handler.c:458:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(file->pipefd, buf, sizeof(buf)); data/libvirt-6.9.0/src/logging/log_handler.c:596:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (virRotatingFileWriterAppend(writer, message, strlen(message)) < 0) data/libvirt-6.9.0/src/lxc/lxc_container.c:1911:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) > 0 && name[0] == '-') data/libvirt-6.9.0/src/lxc/lxc_container.c:1914:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (sethostname(hostname, strlen(hostname)) < 0) { data/libvirt-6.9.0/src/lxc/lxc_container.c:1985:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tty += strlen("/dev/pts/"); data/libvirt-6.9.0/src/lxc/lxc_controller.c:1221:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). done = read(fd, buf + *len, avail); data/libvirt-6.9.0/src/lxc/lxc_fuse.c:220:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). res = strlen(virBufferCurrentContent(new_meminfo)); data/libvirt-6.9.0/src/lxc/lxc_process.c:1385:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (safewrite(logfd, timestamp, strlen(timestamp)) < 0 || data/libvirt-6.9.0/src/lxc/lxc_process.c:1386:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). safewrite(logfd, START_POSTFIX, strlen(START_POSTFIX)) < 0) { data/libvirt-6.9.0/src/network/bridge_driver.c:491:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(brname) + sizeof(dummyNicSuffix) > IFNAMSIZ) { data/libvirt-6.9.0/src/network/bridge_driver.c:501:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). brname, brname + strlen(brname) - 3, data/libvirt-6.9.0/src/network/bridge_driver_linux.c:257:15: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. num = sscanf(cur, "%16s %127s %*s %*s %*s %*s %*s %127s", data/libvirt-6.9.0/src/node_device/node_device_udev.c:308:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(def->name); i++) { data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.c:551:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (ifkey == NULL || strlen(ifkey) != VIR_IFKEY_LEN - 1) { data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.c:556:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ifkey ? strlen(ifkey) : 0); data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.c:1711:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(lbuf); data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.c:1873:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (line[strlen(line)-1] != '\n') { data/libvirt-6.9.0/src/nwfilter/nwfilter_dhcpsnoop.c:1881:13: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(line, "%u %54s %15s %15s", &ipl.timeout, data/libvirt-6.9.0/src/nwfilter/nwfilter_ebiptables_driver.c:3156:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, buffer, 1) == 1) { data/libvirt-6.9.0/src/openvz/openvz_conf.c:303:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } while (p < token + strlen(token)); data/libvirt-6.9.0/src/openvz/openvz_conf.c:632:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(STRPREFIX(line, param) && line[strlen(param)] == '=')) { data/libvirt-6.9.0/src/openvz/openvz_conf.c:633:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (safewrite(temp_fd, line, strlen(line)) != data/libvirt-6.9.0/src/openvz/openvz_conf.c:634:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(line)) data/libvirt-6.9.0/src/openvz/openvz_conf.c:639:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (safewrite(temp_fd, param, strlen(param)) < 0 || data/libvirt-6.9.0/src/openvz/openvz_conf.c:641:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). safewrite(temp_fd, value, strlen(value)) < 0 || data/libvirt-6.9.0/src/openvz/openvz_conf.c:772:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bytes_read = strlen(line); data/libvirt-6.9.0/src/openvz/openvz_conf.c:875:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((rc = read(fd, &c, 1)) == 1) { data/libvirt-6.9.0/src/openvz/openvz_util.c:77:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(output); data/libvirt-6.9.0/src/qemu/qemu_agent.c:347:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(LINE_ENDING); i++) data/libvirt-6.9.0/src/qemu/qemu_agent.c:351:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). used += got + strlen(LINE_ENDING); data/libvirt-6.9.0/src/qemu/qemu_agent.c:470:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). got = read(agent->fd, data/libvirt-6.9.0/src/qemu/qemu_agent.c:918:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sync_msg.txLength = strlen(sync_msg.txBuffer); data/libvirt-6.9.0/src/qemu/qemu_agent.c:1101:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg.txLength = strlen(msg.txBuffer); data/libvirt-6.9.0/src/qemu/qemu_agent.c:2282:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(password)); data/libvirt-6.9.0/src/qemu/qemu_alias.c:47:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (virStrToLong_i(info->alias + strlen(prefix), NULL, 10, &idx) < 0) data/libvirt-6.9.0/src/qemu/qemu_alias.c:722:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dev_name += strlen(QEMU_DRIVE_HOST_PREFIX); data/libvirt-6.9.0/src/qemu/qemu_block.c:44:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(nn) >= qemuBlockNodeNameBufSize) { data/libvirt-6.9.0/src/qemu/qemu_domain.c:1283:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (uint8_t *) cookies, strlen(cookies)); data/libvirt-6.9.0/src/qemu/qemu_domain.c:3266:95: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(envname, "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789_") != strlen(envname)) { data/libvirt-6.9.0/src/qemu/qemu_domain.c:6297:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (safewrite(ctxt->writefd, message, strlen(message)) < 0) { data/libvirt-6.9.0/src/qemu/qemu_domain.c:6331:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(buf); data/libvirt-6.9.0/src/qemu/qemu_domain.c:6404:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (safewrite(writefd, message, strlen(message)) < 0) data/libvirt-6.9.0/src/qemu/qemu_driver.c:5973:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p) >= VIR_SECURITY_MODEL_BUFLEN-1) { data/libvirt-6.9.0/src/qemu/qemu_driver.c:5982:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(p) >= VIR_SECURITY_DOI_BUFLEN-1) { data/libvirt-6.9.0/src/qemu/qemu_migration_cookie.c:170:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pemdatum.size = strlen(pemdata); data/libvirt-6.9.0/src/qemu/qemu_monitor.c:492:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). got = read(mon->fd, data/libvirt-6.9.0/src/qemu/qemu_monitor_json.c:277:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). used += got + strlen(LINE_ENDING); data/libvirt-6.9.0/src/qemu/qemu_monitor_json.c:627:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = start + strlen(str); data/libvirt-6.9.0/src/qemu/qemu_monitor_json.c:4501:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). entry->ptyPath = g_strdup(type + strlen("pty:")); data/libvirt-6.9.0/src/qemu/qemu_monitor_json.c:8299:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (virStrToLong_ui(tmp + strlen("iothread"), data/libvirt-6.9.0/src/qemu/qemu_monitor_text.c:62:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(reply); data/libvirt-6.9.0/src/qemu/qemu_namespace.c:74:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char *suffix = mountpoint + strlen(QEMU_DEVPREFIX); data/libvirt-6.9.0/src/qemu/qemu_namespace.c:91:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). off = strlen(path) - strlen(suffix); data/libvirt-6.9.0/src/qemu/qemu_namespace.c:91:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). off = strlen(path) - strlen(suffix); data/libvirt-6.9.0/src/qemu/qemu_process.c:2143:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). max -= strlen(msgprefix); data/libvirt-6.9.0/src/qemu/qemu_process.c:2145:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). max -= strlen(_("%s: %s")) - 4; data/libvirt-6.9.0/src/qemu/qemu_saveimage.c:150:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). xml_len = strlen(data->xml) + 1; data/libvirt-6.9.0/src/qemu/qemu_saveimage.c:152:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cookie_len = strlen(data->cookie) + 1; data/libvirt-6.9.0/src/qemu/qemu_shim.c:96:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ignore_value(read(fd, &c, 1)); data/libvirt-6.9.0/src/qemu/qemu_validate.c:2290:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(value, QEMU_SERIAL_PARAM_ACCEPTED_CHARS) != strlen(value)) { data/libvirt-6.9.0/src/remote/remote_daemon.c:989:21: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask(022); data/libvirt-6.9.0/src/remote/remote_daemon.c:991:21: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask(077); data/libvirt-6.9.0/src/remote/remote_daemon.c:999:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:2649:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret->label.label_len = strlen(seclabel->label) + 1; data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:2694:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t label_len = strlen(seclabels[i].label) + 1; data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:2731:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret->model.model_len = strlen(secmodel.model) + 1; data/libvirt-6.9.0/src/remote/remote_daemon_dispatch.c:2735:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret->doi.doi_len = strlen(secmodel.doi) + 1; data/libvirt-6.9.0/src/remote/remote_driver.c:2336:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ret.label.label_val) >= sizeof(seclabel->label)) { data/libvirt-6.9.0/src/remote/remote_driver.c:2380:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cur->label.label_val) >= sizeof((*seclabels)->label)) { data/libvirt-6.9.0/src/remote/remote_driver.c:2452:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ret.model.model_val) >= sizeof(secmodel->model)) { data/libvirt-6.9.0/src/remote/remote_driver.c:2461:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ret.doi.doi_val) >= sizeof(secmodel->doi)) { data/libvirt-6.9.0/src/remote/remote_driver.c:3918:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). state->interact[ninteract].len = strlen(value); data/libvirt-6.9.0/src/remote/remote_ssh_helper.c:188:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). got = read(fd, data/libvirt-6.9.0/src/rpc/virnetlibsshsession.c:260:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(str); data/libvirt-6.9.0/src/rpc/virnetsocket.c:512:15: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). oldmask = umask(~mask); data/libvirt-6.9.0/src/rpc/virnetsocket.c:515:9: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(oldmask); data/libvirt-6.9.0/src/rpc/virnetsocket.c:521:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(oldmask); data/libvirt-6.9.0/src/rpc/virnetsocket.c:1662:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read(sock->fd, buf, len); data/libvirt-6.9.0/src/rpc/virnetsocket.c:1780:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(sock->fd, buf, len); data/libvirt-6.9.0/src/rpc/virnetsocket.c:1792:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t elen = strlen(errout); data/libvirt-6.9.0/src/rpc/virnetsshsession.c:420:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(vir_libssh2_key_comment), data/libvirt-6.9.0/src/rpc/virnetsshsession.c:830:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(sess->auths[0]->username)); data/libvirt-6.9.0/src/rpc/virnettlscontext.c:496:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data.size = strlen(buf); data/libvirt-6.9.0/src/rpc/virnettlscontext.c:534:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). data.size = strlen(buf); data/libvirt-6.9.0/src/security/security_selinux.c:1212:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen((char *)ctx) >= VIR_SECURITY_LABEL_BUFLEN) { data/libvirt-6.9.0/src/security/virt-aa-helper.c:223:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = strlen(pcontent); data/libvirt-6.9.0/src/security/virt-aa-helper.c:323:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = tlen + strlen(replace_name) - strlen(template_name) + 1; data/libvirt-6.9.0/src/security/virt-aa-helper.c:323:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = tlen + strlen(replace_name) - strlen(template_name) + 1; data/libvirt-6.9.0/src/security/virt-aa-helper.c:326:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen += strlen(replace_files) - strlen(template_end); data/libvirt-6.9.0/src/security/virt-aa-helper.c:326:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen += strlen(replace_files) - strlen(template_end); data/libvirt-6.9.0/src/security/virt-aa-helper.c:395:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(uuid) != PROFILE_NAME_SIZE - 1) data/libvirt-6.9.0/src/security/virt-aa-helper.c:401:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (virUUIDParse(uuid + strlen(AA_PREFIX), rawuuid) < 0) data/libvirt-6.9.0/src/security/virt-aa-helper.c:414:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) == 0) data/libvirt-6.9.0/src/security/virt-aa-helper.c:417:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcspn(name, bad) != strlen(name)) data/libvirt-6.9.0/src/security/virt-aa-helper.c:429:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) < strlen(arr[i])) data/libvirt-6.9.0/src/security/virt-aa-helper.c:429:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(str) < strlen(arr[i])) data/libvirt-6.9.0/src/security/virt-aa-helper.c:744:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(pathdir) == 1) { data/libvirt-6.9.0/src/security/virt-aa-helper.c:748:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pathtmp = g_strdup(path + strlen(pathdir)); data/libvirt-6.9.0/src/security/virt-aa-helper.c:779:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (tmp[strlen(tmp) - 1] == '/') data/libvirt-6.9.0/src/security/virt-aa-helper.c:780:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp[strlen(tmp) - 1] = '\0'; data/libvirt-6.9.0/src/security/virt-aa-helper.c:1400:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(optarg) > PROFILE_NAME_SIZE - 1) data/libvirt-6.9.0/src/storage/parthelper.c:90:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (g_ascii_isdigit(path[strlen(path)-1]) || devmap_partsep) data/libvirt-6.9.0/src/storage/parthelper.c:100:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_ascii_isdigit(canonical_path[strlen(canonical_path)-1]) ? "p" : ""; data/libvirt-6.9.0/src/storage/storage_backend_disk.c:120:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(tmp, tmp + 1, strlen(tmp)); data/libvirt-6.9.0/src/storage/storage_backend_disk.c:123:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(tmp, tmp + 1, strlen(tmp)); data/libvirt-6.9.0/src/storage/storage_backend_disk.c:822:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). part_num = dev_name + strlen(srcname); data/libvirt-6.9.0/src/storage/storage_backend_logical.c:164:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). regex = g_new0(char, nextents * (strlen(regex_unit) + 1) + 1); data/libvirt-6.9.0/src/storage/storage_backend_logical.c:168:9: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(regex, ","); data/libvirt-6.9.0/src/storage/storage_backend_rbd.c:655:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name += strlen(name) + 1; data/libvirt-6.9.0/src/storage/storage_util.c:3203:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). start += strlen("Partition Table: "); data/libvirt-6.9.0/src/storage/storage_util.c:3819:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(lun_dirent->d_name) == 5) { data/libvirt-6.9.0/src/test/test_driver.c:755:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int totalLen = baseLen + strlen(filename) + 1; data/libvirt-6.9.0/src/test/test_driver.c:2210:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(xml); data/libvirt-6.9.0/src/util/glibcompat.c:123:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(start, start+i, strlen(start+i) + 1); data/libvirt-6.9.0/src/util/glibcompat.c:134:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(p, p+1, strlen(p+1)+1); data/libvirt-6.9.0/src/util/glibcompat.c:146:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(p, q, strlen(q)+1); data/libvirt-6.9.0/src/util/glibcompat.c:164:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(p, q, strlen(q) + 1); data/libvirt-6.9.0/src/util/iohelper.c:117:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((got = read(fdin, buf, buflen)) < 0 && data/libvirt-6.9.0/src/util/viralloc.c:346:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). virDispose(strptr, strlen(*strptr), sizeof(char), NULL); data/libvirt-6.9.0/src/util/virarch.c:215:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ut.machine) == 4 && data/libvirt-6.9.0/src/util/virbitmap.c:312:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(tmp); data/libvirt-6.9.0/src/util/virbitmap.c:1073:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(string); data/libvirt-6.9.0/src/util/virbuffer.c:361:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/libvirt-6.9.0/src/util/virbuffer.c:503:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/libvirt-6.9.0/src/util/virbuffer.c:572:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/libvirt-6.9.0/src/util/virbuffer.c:655:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/libvirt-6.9.0/src/util/vircgroup.c:175:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(line); data/libvirt-6.9.0/src/util/vircgroupv1.c:271:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int typeLen = strlen(typeStr); data/libvirt-6.9.0/src/util/vircgroupv1.c:280:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(tmp); data/libvirt-6.9.0/src/util/vircgroupv1.c:1052:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p1 += strlen(value_names[i]); data/libvirt-6.9.0/src/util/vircgroupv1.c:1073:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p2 += strlen(value_names[i]); data/libvirt-6.9.0/src/util/vircgroupv1.c:1161:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (virStrToLong_ll(p1 + strlen(value_names[i]), &p1, 10, bytes_ptrs[i]) < 0) { data/libvirt-6.9.0/src/util/vircgroupv1.c:1164:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value_names[i], p1 + strlen(value_names[i])); data/libvirt-6.9.0/src/util/vircgroupv1.c:1175:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (virStrToLong_ll(p2 + strlen(value_names[i]), &p2, 10, requests_ptrs[i]) < 0) { data/libvirt-6.9.0/src/util/vircgroupv1.c:1178:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value_names[i], p2 + strlen(value_names[i])); data/libvirt-6.9.0/src/util/vircgroupv2.c:666:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp += strlen("default "); data/libvirt-6.9.0/src/util/vircgroupv2.c:723:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p1 += strlen(value_names[i]); data/libvirt-6.9.0/src/util/vircgroupv2.c:796:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p1 += strlen(value_names[i]); data/libvirt-6.9.0/src/util/vircgroupv2.c:931:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp += strlen(name); data/libvirt-6.9.0/src/util/vircgroupv2.c:1000:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp += strlen(name); data/libvirt-6.9.0/src/util/vircgroupv2.c:1069:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp += strlen(name); data/libvirt-6.9.0/src/util/vircgroupv2.c:1138:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp += strlen(name); data/libvirt-6.9.0/src/util/vircgroupv2.c:1619:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp += strlen("usage_usec "); data/libvirt-6.9.0/src/util/vircgroupv2.c:1653:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp += strlen("user_usec "); data/libvirt-6.9.0/src/util/vircgroupv2.c:1666:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp += strlen("system_usec "); data/libvirt-6.9.0/src/util/vircommand.c:714:9: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(cmd->mask); data/libvirt-6.9.0/src/util/vircommand.c:2046:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (safewrite(logfd, cmd->env[i], strlen(cmd->env[i])) < 0) data/libvirt-6.9.0/src/util/vircommand.c:2052:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (safewrite(logfd, cmd->args[i], strlen(cmd->args[i])) < 0) data/libvirt-6.9.0/src/util/vircommand.c:2176:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inlen = strlen(cmd->inbuf); data/libvirt-6.9.0/src/util/vircommand.c:2251:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). done = read(fds[i].fd, data, sizeof(data)); data/libvirt-6.9.0/src/util/vircommand.h:78:48: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). void virCommandSetUmask(virCommandPtr cmd, int umask); data/libvirt-6.9.0/src/util/virconf.c:769:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(memory); data/libvirt-6.9.0/src/util/vircrypto.c:64:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rc = gnutls_hash_fast(hashinfo[hash].algorithm, input, strlen(input), output); data/libvirt-6.9.0/src/util/virdaemon.c:240:25: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask(077); data/libvirt-6.9.0/src/util/virdaemon.c:242:17: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/libvirt-6.9.0/src/util/virdaemon.c:245:13: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/libvirt-6.9.0/src/util/virdnsmasq.c:675:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/libvirt-6.9.0/src/util/virerror.c:663:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(err->message); data/libvirt-6.9.0/src/util/virerror.c:1337:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(errnoDetail); data/libvirt-6.9.0/src/util/virfdstream.c:967:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(fdst->fd, bytes, nbytes); data/libvirt-6.9.0/src/util/virfile.c:545:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (safewrite(fd, data, strlen(data)) < 0) data/libvirt-6.9.0/src/util/virfile.c:770:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(file), LO_NAME_SIZE) < 0) { data/libvirt-6.9.0/src/util/virfile.c:1045:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t r = read(fd, buf, count); data/libvirt-6.9.0/src/util/virfile.c:1487:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (safewrite(fd, str, strlen(str)) < 0) { data/libvirt-6.9.0/src/util/virfile.c:1996:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mntent.mnt_dir[strlen(prefix)] == '/'))) data/libvirt-6.9.0/src/util/virfile.c:3374:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(mb.mnt_dir); data/libvirt-6.9.0/src/util/virfile.c:3546:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c += strlen(HUGEPAGESIZE_STR); data/libvirt-6.9.0/src/util/virfile.c:4366:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (setxattr(path, name, value, strlen(value), 0) < 0) { data/libvirt-6.9.0/src/util/virhash.c:82:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32_t value = virHashCodeGen(name, strlen(name), table->seed); data/libvirt-6.9.0/src/util/virhash.c:674:10: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. bool equal; data/libvirt-6.9.0/src/util/virhash.c:715:17: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return data.equal; data/libvirt-6.9.0/src/util/virhostcpu.c:527:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str += strlen(prefix); data/libvirt-6.9.0/src/util/virjson.c:167:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(key) < 3) { data/libvirt-6.9.0/src/util/virjson.c:1843:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(jsonstring); data/libvirt-6.9.0/src/util/virjson.c:1860:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(jsonstring)); data/libvirt-6.9.0/src/util/virjson.c:1910:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(object->data.object.pairs[i].key)) data/libvirt-6.9.0/src/util/virjson.c:1932:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(object->data.string)) != yajl_gen_status_ok) data/libvirt-6.9.0/src/util/virjson.c:1938:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(object->data.number)) != yajl_gen_status_ok) data/libvirt-6.9.0/src/util/virlease.c:228:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (exptime[strlen(exptime) - 1] == ' ') data/libvirt-6.9.0/src/util/virlease.c:229:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). exptime[strlen(exptime) - 1] = '\0'; data/libvirt-6.9.0/src/util/virlog.c:178:21: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). old_umask = umask(077); data/libvirt-6.9.0/src/util/virlog.c:180:13: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/libvirt-6.9.0/src/util/virlog.c:183:9: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(old_umask); data/libvirt-6.9.0/src/util/virlog.c:663:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ignore_value(safewrite(fd, msg, strlen(msg))); data/libvirt-6.9.0/src/util/virlog.c:822:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define IOVEC_SET_STRING(iov, str) IOVEC_SET(iov, str, strlen(str)) data/libvirt-6.9.0/src/util/virlog.c:848:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nstr = htole64(strlen(value)); data/libvirt-6.9.0/src/util/virlog.c:956:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mh.msg_namelen = offsetof(struct sockaddr_un, sun_path) + strlen(sa.sun_path); data/libvirt-6.9.0/src/util/virlog.c:1308:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t mlen = strlen(match); data/libvirt-6.9.0/src/util/virnetdev.c:1558:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nla_put(nl_msg, IFLA_IFNAME, strlen(ifname)+1, ifname) < 0) data/libvirt-6.9.0/src/util/virnetdev.c:3188:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (nla_put(nl_msg, DEVLINK_ATTR_BUS_NAME, strlen("pci")+1, "pci") < 0 || data/libvirt-6.9.0/src/util/virnetdev.c:3189:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nla_put(nl_msg, DEVLINK_ATTR_DEV_NAME, strlen(pci_name)+1, pci_name) < 0) { data/libvirt-6.9.0/src/util/virnetdevip.c:568:15: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. num = sscanf(cur, "%32s %*s %*s %*s %*s %*s %*s %*s %8s %8s", data/libvirt-6.9.0/src/util/virnetdevmacvlan.c:84:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(VIR_NET_GENERATED_MACVTAP_PREFIX); data/libvirt-6.9.0/src/util/virnetdevmacvlan.c:87:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(VIR_NET_GENERATED_MACVLAN_PREFIX); data/libvirt-6.9.0/src/util/virnetdevmacvlan.c:157:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). maxIDd = pow(10, IFNAMSIZ - 1 - strlen(prefix)); data/libvirt-6.9.0/src/util/virnetdevopenvswitch.c:245:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(*migrate); data/libvirt-6.9.0/src/util/virnetdevtap.c:83:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). idstr = name + strlen(VIR_NET_GENERATED_TAP_PREFIX); data/libvirt-6.9.0/src/util/virnetdevtap.c:203:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). double maxIDd = pow(10, IFNAMSIZ - 1 - strlen(VIR_NET_GENERATED_TAP_PREFIX)); data/libvirt-6.9.0/src/util/virnetdevtap.c:807:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ifname_len = strlen(ifname); data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:702:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nla_put(nl_msg, IFLA_IFNAME, strlen(ifname)+1, ifname) < 0) data/libvirt-6.9.0/src/util/virnetdevvportprofile.c:756:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (nla_put(nl_msg, IFLA_PORT_PROFILE, strlen(profileId) + 1, data/libvirt-6.9.0/src/util/virnetlink.c:407:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (nla_put(nl_msg, IFLA_IFNAME, strlen(ifname)+1, ifname) < 0) data/libvirt-6.9.0/src/util/virnetlink.c:523:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). NETLINK_MSG_PUT(nl_msg, IFLA_IFNAME, (strlen(ifname) + 1), ifname); data/libvirt-6.9.0/src/util/virnetlink.c:526:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). NETLINK_MSG_PUT(nl_msg, IFLA_INFO_KIND, (strlen(type) + 1), type); data/libvirt-6.9.0/src/util/virnetlink.c:624:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (nla_put(nl_msg, IFLA_IFNAME, strlen(ifname)+1, ifname) < 0) data/libvirt-6.9.0/src/util/virnuma.c:785:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). page_name += strlen(HUGEPAGES_PREFIX); data/libvirt-6.9.0/src/util/virpidfile.c:70:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (safewrite(fd, pidstr, strlen(pidstr)) < 0) { data/libvirt-6.9.0/src/util/virpidfile.c:195:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t deletedTextLen = strlen(deletedText); data/libvirt-6.9.0/src/util/virpidfile.c:250:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). procLinkLen = strlen(procLink); data/libvirt-6.9.0/src/util/virpidfile.c:402:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (safewrite(fd, pidstr, strlen(pidstr)) < 0) { data/libvirt-6.9.0/src/util/virscsi.c:94:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). virStrToLong_ui(adapter + strlen("scsi_host"), data/libvirt-6.9.0/src/util/virscsihost.c:193:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). adapter_name += strlen("scsi_host"); data/libvirt-6.9.0/src/util/virscsihost.c:195:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). adapter_name += strlen("fc_host"); data/libvirt-6.9.0/src/util/virscsihost.c:197:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). adapter_name += strlen("host"); data/libvirt-6.9.0/src/util/virstorageencryption.c:396:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((r = read(fd, dest + i, 1)) == -1 && errno == EINTR) data/libvirt-6.9.0/src/util/virstoragefile.c:624:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). start += strlen(prefix); data/libvirt-6.9.0/src/util/virstoragefile.c:694:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mlen = strlen(magic); data/libvirt-6.9.0/src/util/virstoragefile.c:1325:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(*key, tmp, strlen(tmp)+1); data/libvirt-6.9.0/src/util/virstoragefile.c:1463:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). serial += strlen(ID_SERIAL); data/libvirt-6.9.0/src/util/virstoragefile.c:1464:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). port += strlen(ID_TARGET_PORT); data/libvirt-6.9.0/src/util/virstoragefile.c:2196:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(val); data/libvirt-6.9.0/src/util/virstoragefile.c:2932:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rbdstr += strlen("rbd:"); data/libvirt-6.9.0/src/util/virstoragefile.c:2986:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). authdef->username = g_strdup(p + strlen("id=")); data/libvirt-6.9.0/src/util/virstoragefile.c:2998:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). h = p + strlen("mon_host="); data/libvirt-6.9.0/src/util/virstoragefile.c:3018:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). src->configFile = g_strdup(p + strlen("conf=")); data/libvirt-6.9.0/src/util/virstoragefile.c:3048:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). src->path = g_strdup(export_name + strlen(":exportname=")); data/libvirt-6.9.0/src/util/virstring.c:87:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t delimlen = strlen(delim); data/libvirt-6.9.0/src/util/virstring.c:323:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strings[i] + strlen(prefix); data/libvirt-6.9.0/src/util/virstring.c:604:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(radix) > 1) data/libvirt-6.9.0/src/util/virstring.c:605:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(tmp + 1, tmp + strlen(radix), strlen(*strp) - (tmp - *strp)); data/libvirt-6.9.0/src/util/virstring.c:605:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(tmp + 1, tmp + strlen(radix), strlen(*strp) - (tmp - *strp)); data/libvirt-6.9.0/src/util/virstring.c:694:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t src_len = strlen(src); data/libvirt-6.9.0/src/util/virstring.c:786:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = str + strlen(str); data/libvirt-6.9.0/src/util/virstring.c:815:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *endp = s + strlen(s); data/libvirt-6.9.0/src/util/virstring.c:1019:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t oldneedlelen = strlen(oldneedle); data/libvirt-6.9.0/src/util/virstring.c:1020:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t newneedlelen = strlen(newneedle); data/libvirt-6.9.0/src/util/virstring.c:1046:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(str); data/libvirt-6.9.0/src/util/virstring.c:1047:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int suffixlen = strlen(suffix); data/libvirt-6.9.0/src/util/virstring.c:1059:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(str); data/libvirt-6.9.0/src/util/virstring.c:1060:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int suffixlen = strlen(suffix); data/libvirt-6.9.0/src/util/virstring.c:1072:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(str); data/libvirt-6.9.0/src/util/virstring.c:1073:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int suffixlen = strlen(suffix); data/libvirt-6.9.0/src/util/virstring.c:1091:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int filelen = strlen(file); data/libvirt-6.9.0/src/util/virstring.c:1092:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int namelen = strlen(name); data/libvirt-6.9.0/src/util/virstring.c:1093:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int suffixlen = strlen(suffix); data/libvirt-6.9.0/src/util/virstring.c:1118:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/libvirt-6.9.0/src/util/virstring.c:1172:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/libvirt-6.9.0/src/util/virstring.c:1198:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/libvirt-6.9.0/src/util/virstring.c:1225:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cap = g_new0(char, strlen(src) + 1); data/libvirt-6.9.0/src/util/virstring.c:1284:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(str); data/libvirt-6.9.0/src/util/virsysinfo.c:485:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = start + strlen(start); data/libvirt-6.9.0/src/util/virsysinfo.c:1116:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). base += strlen("Processor Information"); data/libvirt-6.9.0/src/util/virsysinfo.c:1212:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). base += strlen("Memory Device"); data/libvirt-6.9.0/src/util/virsystemd.c:545:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). .iov_len = strlen(msg), data/libvirt-6.9.0/src/util/virsystemd.c:559:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(path) > sizeof(un.sun_path)) { data/libvirt-6.9.0/src/util/virsystemd.c:564:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(un.sun_path, path, strlen(path)); data/libvirt-6.9.0/src/util/virsystemd.c:568:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mh.msg_namelen = offsetof(struct sockaddr_un, sun_path) + strlen(path); data/libvirt-6.9.0/src/util/viruri.c:83:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = query + strlen(query); data/libvirt-6.9.0/src/util/viruri.c:310:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). alias_len = strlen(alias); data/libvirt-6.9.0/src/util/virutil.c:378:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ptr = name + strlen(drive_prefix[i]); data/libvirt-6.9.0/src/util/virutil.c:448:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). offset = strlen(prefix); data/libvirt-6.9.0/src/util/virvhba.c:136:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen("0x"); data/libvirt-6.9.0/src/util/virvhba.c:175:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = entry->d_name + strlen("host"); data/libvirt-6.9.0/src/util/virvhba.c:211:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(max_vports) >= strlen(vports)) || data/libvirt-6.9.0/src/util/virvhba.c:211:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(max_vports) >= strlen(vports)) || data/libvirt-6.9.0/src/util/virvhba.c:212:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((strlen(max_vports) == strlen(vports)) && data/libvirt-6.9.0/src/util/virvhba.c:212:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((strlen(max_vports) == strlen(vports)) && data/libvirt-6.9.0/src/util/virvhba.c:337:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = buf + strlen("0x"); data/libvirt-6.9.0/src/util/virxml.c:102:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (value != NULL && strlen(value) >= maxlen) { data/libvirt-6.9.0/src/util/virxml.c:879:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(prologue); data/libvirt-6.9.0/src/util/virxml.c:883:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(cmd); data/libvirt-6.9.0/src/util/virxml.c:891:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name); data/libvirt-6.9.0/src/util/virxml.c:896:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(epilogue); data/libvirt-6.9.0/src/util/virxml.c:920:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (safewrite(fd, data->xml, strlen(data->xml)) < 0) data/libvirt-6.9.0/src/vbox/vbox_common.c:2114:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(valueDisplayUtf8) == 0) data/libvirt-6.9.0/src/vbox/vbox_snapshot_conf.c:414:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(snapshot->hardware), data/libvirt-6.9.0/src/vbox/vbox_snapshot_conf.c:426:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(snapshot->storageController), data/libvirt-6.9.0/src/vbox/vbox_snapshot_conf.c:1114:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(machine->mediaRegistry->otherMedia[i]), data/libvirt-6.9.0/src/vbox/vbox_snapshot_conf.c:1138:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(machine->hardware), data/libvirt-6.9.0/src/vbox/vbox_snapshot_conf.c:1151:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(machine->extraData), data/libvirt-6.9.0/src/vbox/vbox_snapshot_conf.c:1164:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (int)strlen(machine->storageController), data/libvirt-6.9.0/src/vmware/vmware_conf.c:493:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp += strlen(" pid="); data/libvirt-6.9.0/src/vmx/vmx.c:781:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(input = xmlBufferCreateStatic((char *)string, strlen(string))) || data/libvirt-6.9.0/src/vz/vz_driver.c:2782:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *cookieoutlen = strlen(*cookieout) + 1; data/libvirt-6.9.0/src/vz/vz_sdk.c:500:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp[strlen(tmp) - 1] = '\0'; data/libvirt-6.9.0/src/vz/vz_sdk.c:1466:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(buf) == 0) { data/libvirt-6.9.0/src/vz/vz_utils.c:171:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sVer = sVer + strlen(searchStr); data/libvirt-6.9.0/tests/commandhelper.c:139:13: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(100*1000); data/libvirt-6.9.0/tests/commandhelper.c:149:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cwd) > strlen(".../commanddata") && data/libvirt-6.9.0/tests/commandhelper.c:149:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(cwd) > strlen(".../commanddata") && data/libvirt-6.9.0/tests/commandhelper.c:150:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). STREQ(cwd + strlen(cwd) - strlen("/commanddata"), "/commanddata")) data/libvirt-6.9.0/tests/commandhelper.c:150:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). STREQ(cwd + strlen(cwd) - strlen("/commanddata"), "/commanddata")) data/libvirt-6.9.0/tests/commandhelper.c:155:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). noprivateprefix = cwd + strlen("/private"); data/libvirt-6.9.0/tests/commandhelper.c:164:34: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). fprintf(log, "UMASK:%04o\n", umask(0)); data/libvirt-6.9.0/tests/commandhelper.c:169:9: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(100*1000); data/libvirt-6.9.0/tests/commandhelper.c:206:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). got = read(fds[i].fd, buf, sizeof(buf)); data/libvirt-6.9.0/tests/commandtest.c:1195:5: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). umask(022); data/libvirt-6.9.0/tests/cputest.c:1013:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(log) > 0) \ data/libvirt-6.9.0/tests/eventtest.c:133:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, &one, 1) != 1) { data/libvirt-6.9.0/tests/networkxml2firewalltest.c:117:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actual += strlen(baseargs); data/libvirt-6.9.0/tests/nssmock.c:60:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path + strlen(LEASEDIR)); data/libvirt-6.9.0/tests/nwfilterxml2firewalltest.c:316:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(commonRules[i]); data/libvirt-6.9.0/tests/nwfilterxml2firewalltest.c:318:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(tmp, tmp + len, (strlen(tmp) + 1) - len); data/libvirt-6.9.0/tests/qemumonitortestutils.c:113:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t want = strlen(response) + 2; data/libvirt-6.9.0/tests/qemuxml2argvtest.c:50:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *value_size = strlen(secret); data/libvirt-6.9.0/tests/securityselinuxhelper.c:160:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). constr, strlen(constr), 0); data/libvirt-6.9.0/tests/securityselinuxlabeltest.c:70:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(con_value), 0); data/libvirt-6.9.0/tests/testutils.c:221:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(tmp); data/libvirt-6.9.0/tests/testutils.c:378:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). expectEnd = expect + (strlen(expect)-1); data/libvirt-6.9.0/tests/testutils.c:380:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). actualEnd = actual + (strlen(actual)-1); data/libvirt-6.9.0/tests/testutils.c:586:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t filecontentLen = strlen(filecontent); data/libvirt-6.9.0/tests/testutils.c:587:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t cmpcontentLen = strlen(cmpcontent); data/libvirt-6.9.0/tests/testutils.c:893:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). movelen = lineEnd ? lineEnd - movestart : strlen(movestart); data/libvirt-6.9.0/tests/testutils.c:1096:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). virtTestCounterPrefixEndOffset = virtTestCounterStr + strlen(virtTestCounterStr); data/libvirt-6.9.0/tests/testutilsqemu.c:787:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). capsfile[strlen(capsfile) - 3] = '\0'; data/libvirt-6.9.0/tests/virauthconfigtest.c:122:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (!(config = virAuthConfigNewData("auth.conf", confdata, strlen(confdata)))) data/libvirt-6.9.0/tests/vircgroupmock.c:86:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(fd, value, strlen(value)) != strlen(value)) data/libvirt-6.9.0/tests/vircgroupmock.c:86:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (write(fd, value, strlen(value)) != strlen(value)) data/libvirt-6.9.0/tests/vircgroupmock.c:107:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). controller = path + strlen(fakesysfscgroupdir) + 1; data/libvirt-6.9.0/tests/vircgroupmock.c:476:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path + strlen(SYSFS_CGROUP_PREFIX)) < 0) { data/libvirt-6.9.0/tests/vircgroupmock.c:525:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path + strlen(SYSFS_CGROUP_PREFIX)) < 0) data/libvirt-6.9.0/tests/vircgroupmock.c:545:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path + strlen(SYSFS_CGROUP_PREFIX)) < 0) { data/libvirt-6.9.0/tests/vircgroupmock.c:578:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path + strlen(SYSFS_CGROUP_PREFIX)) < 0) { data/libvirt-6.9.0/tests/virnetmessagetest.c:493:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (virNetMessageEncodePayloadRaw(msg, stream, strlen(stream)) < 0) data/libvirt-6.9.0/tests/virnettlshelpers.c:62:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const gnutls_datum_t data = { (unsigned char *)PRIVATE_KEY, strlen(PRIVATE_KEY) }; data/libvirt-6.9.0/tests/virnettlshelpers.c:174:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). req->country, strlen(req->country))) < 0) { data/libvirt-6.9.0/tests/virnettlshelpers.c:181:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). req->cn, strlen(req->cn))) < 0) { data/libvirt-6.9.0/tests/virnettlshelpers.c:194:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(req->altname1), data/libvirt-6.9.0/tests/virnettlshelpers.c:203:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(req->altname2), data/libvirt-6.9.0/tests/virnettlssessiontest.c:64:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read(*fd, buf, len); data/libvirt-6.9.0/tests/virpcimock.c:182:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(value); data/libvirt-6.9.0/tests/virpcimock.c:269:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path + strlen(SYSFS_PCI_PREFIX)); data/libvirt-6.9.0/tests/virrotatingfiletest.c:501:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). virRotatingFileWriterAppend(file, buf, strlen(buf)); data/libvirt-6.9.0/tests/virrotatingfiletest.c:543:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). virRotatingFileWriterAppend(file, buf, strlen(buf)); data/libvirt-6.9.0/tests/virshtest.c:55:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memmove(start, end, strlen(end)+1); data/libvirt-6.9.0/tests/virstringtest.c:60:21: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (streq_rv != equal) { data/libvirt-6.9.0/tests/virstringtest.c:63:23: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. (int) equal, (int) streq_rv); data/libvirt-6.9.0/tests/virstringtest.c:67:22: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (strneq_rv == equal) { data/libvirt-6.9.0/tests/virstringtest.c:70:23: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. (int) equal, (int) strneq_rv); data/libvirt-6.9.0/tests/virstringtest.c:436:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(data->str) - strlen(data->suffix)); data/libvirt-6.9.0/tests/virstringtest.c:436:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(data->str) - strlen(data->suffix)); data/libvirt-6.9.0/tools/nss/libvirt_nss.c:133:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t dlen = strlen(entry->d_name); data/libvirt-6.9.0/tools/nss/libvirt_nss.c:291:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameLen = strlen(name); data/libvirt-6.9.0/tools/nss/libvirt_nss.c:399:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nameLen = strlen(name); data/libvirt-6.9.0/tools/nss/libvirt_nss_leases.c:397:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rv = read(fd, line, sizeof(line)); data/libvirt-6.9.0/tools/nss/libvirt_nss_macs.c:247:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rv = read(fd, line, sizeof(line)); data/libvirt-6.9.0/tools/virsh-checkpoint.c:171:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). checkpoint = array[i] + strlen("checkpoint="); data/libvirt-6.9.0/tools/virsh-checkpoint.c:173:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bitmap = array[i] + strlen("bitmap="); data/libvirt-6.9.0/tools/virsh-console.c:262:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). got = read(fd, data/libvirt-6.9.0/tools/virsh-domain.c:8585:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(desc) > 0) data/libvirt-6.9.0/tools/virsh-network.c:86:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((flags & VIRSH_BYUUID) && strlen(n) == VIR_UUID_STRING_BUFLEN-1) { data/libvirt-6.9.0/tools/virsh-nwfilter.c:50:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((flags & VIRSH_BYUUID) && strlen(n) == VIR_UUID_STRING_BUFLEN-1) { data/libvirt-6.9.0/tools/virsh-pool.c:173:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((flags & VIRSH_BYUUID) && strlen(n) == VIR_UUID_STRING_BUFLEN-1) { data/libvirt-6.9.0/tools/virsh-secret.c:256:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). file_len = strlen(file_buf); data/libvirt-6.9.0/tools/virsh-snapshot.c:237:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snapshot = array[i] + strlen("snapshot="); data/libvirt-6.9.0/tools/virsh-snapshot.c:239:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). file = array[i] + strlen("file="); data/libvirt-6.9.0/tools/virsh-snapshot.c:279:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). snapshot = array[i] + strlen("snapshot="); data/libvirt-6.9.0/tools/virsh-snapshot.c:281:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). driver = array[i] + strlen("driver="); data/libvirt-6.9.0/tools/virsh-snapshot.c:283:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stype = array[i] + strlen("stype="); data/libvirt-6.9.0/tools/virsh-snapshot.c:285:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). file = array[i] + strlen("file="); data/libvirt-6.9.0/tools/virsh-util.c:50:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(name) == VIR_UUID_STRING_BUFLEN-1) { data/libvirt-6.9.0/tools/virsh.c:677:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(optarg); data/libvirt-6.9.0/tools/virt-host-validate-common.c:223:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line[strlen(line) - 1] = '\0'; data/libvirt-6.9.0/tools/vsh-table.c:209:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t sz = s ? strlen(s) : 0; data/libvirt-6.9.0/tools/vsh.c:130:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(str_copied); data/libvirt-6.9.0/tools/vsh.c:2100:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((rv = read(ctl->eventPipe[0], &buf, 1)) < 0 && errno == EINTR); data/libvirt-6.9.0/tools/vsh.c:2212:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/libvirt-6.9.0/tools/vsh.c:2291:29: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = g_ascii_tolower(getchar()); data/libvirt-6.9.0/tools/vsh.c:2355:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (safewrite(fd, doc, strlen(doc)) == -1) { data/libvirt-6.9.0/tools/vsh.c:2406:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(editor, ACCEPTED_CHARS) != strlen(editor)) { data/libvirt-6.9.0/tools/vsh.c:2407:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strspn(filename, ACCEPTED_CHARS) != strlen(filename)) { data/libvirt-6.9.0/tools/vsh.c:2546:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(text); data/libvirt-6.9.0/tools/vsh.c:2592:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(text); data/libvirt-6.9.0/tools/vsh.c:2637:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name_len = strlen(name); data/libvirt-6.9.0/tools/vsh.c:2944:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(r); data/libvirt-6.9.0/tools/vsh.c:3389:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rl_point = strlen(rl_line_buffer); ANALYSIS SUMMARY: Hits = 1927 Lines analyzed = 793051 in approximately 19.76 seconds (40137 lines/second) Physical Source Lines of Code (SLOC) = 568368 Hits@level = [0] 918 [1] 492 [2] 1142 [3] 109 [4] 145 [5] 39 Hits@level+ = [0+] 2845 [1+] 1927 [2+] 1435 [3+] 293 [4+] 184 [5+] 39 Hits/KSLOC@level+ = [0+] 5.00556 [1+] 3.39041 [2+] 2.52477 [3+] 0.515511 [4+] 0.323734 [5+] 0.0686175 Symlinks skipped = 881 (--allowlink overrides but see doc for security issue) Dot directories skipped = 3 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.