Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libzstd-1.4.5+dfsg/contrib/diagnose_corruption/check_flipped_bits.c
Examining data/libzstd-1.4.5+dfsg/contrib/gen_html/gen_html.cpp
Examining data/libzstd-1.4.5+dfsg/contrib/largeNbDicts/largeNbDicts.c
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/fs/btrfs/zstd.c
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/fs/squashfs/zstd_wrapper.c
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/include/linux/xxhash.h
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/include/linux/zstd.h
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/xxhash.c
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/bitstream.h
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/compress.c
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/decompress.c
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/entropy_common.c
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/error_private.h
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/fse.h
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/fse_compress.c
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/fse_decompress.c
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/huf.h
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/huf_compress.c
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/huf_decompress.c
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/mem.h
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/zstd_common.c
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/zstd_internal.h
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/zstd_opt.h
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/test/DecompressCrash.c
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/test/RoundTripCrash.c
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/test/UserlandTest.cpp
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/test/XXHashUserlandTest.cpp
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/test/include/asm/unaligned.h
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/test/include/linux/compiler.h
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/test/include/linux/errno.h
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/test/include/linux/kernel.h
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/test/include/linux/math64.h
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/test/include/linux/module.h
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/test/include/linux/string.h
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/test/include/linux/types.h
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/xxhash_test.c
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/zstd_compress_test.c
Examining data/libzstd-1.4.5+dfsg/contrib/linux-kernel/zstd_decompress_test.c
Examining data/libzstd-1.4.5+dfsg/contrib/match_finders/zstd_edist.c
Examining data/libzstd-1.4.5+dfsg/contrib/match_finders/zstd_edist.h
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/ErrorHolder.h
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/Logging.h
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/Options.h
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/Pzstd.cpp
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/Pzstd.h
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/SkippableFrame.cpp
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/SkippableFrame.h
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/main.cpp
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/test/OptionsTest.cpp
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/test/PzstdTest.cpp
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/test/RoundTrip.h
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/test/RoundTripTest.cpp
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/utils/Buffer.h
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/utils/FileSystem.h
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/utils/Likely.h
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/utils/Range.h
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/utils/ResourcePool.h
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/utils/ScopeGuard.h
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/utils/ThreadPool.h
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/utils/WorkQueue.h
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/utils/test/BufferTest.cpp
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/utils/test/RangeTest.cpp
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/utils/test/ResourcePoolTest.cpp
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/utils/test/ScopeGuardTest.cpp
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/utils/test/ThreadPoolTest.cpp
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/utils/test/WorkQueueTest.cpp
Examining data/libzstd-1.4.5+dfsg/contrib/pzstd/Options.cpp
Examining data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/parallel_compression.c
Examining data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/parallel_processing.c
Examining data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/seekable_compression.c
Examining data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/seekable_decompression.c
Examining data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/seekable_decompression_mem.c
Examining data/libzstd-1.4.5+dfsg/contrib/seekable_format/zstd_seekable.h
Examining data/libzstd-1.4.5+dfsg/contrib/seekable_format/zstdseek_compress.c
Examining data/libzstd-1.4.5+dfsg/contrib/seekable_format/zstdseek_decompress.c
Examining data/libzstd-1.4.5+dfsg/contrib/single_file_libs/examples/emscripten.c
Examining data/libzstd-1.4.5+dfsg/contrib/single_file_libs/examples/roundtrip.c
Examining data/libzstd-1.4.5+dfsg/contrib/single_file_libs/examples/simple.c
Examining data/libzstd-1.4.5+dfsg/contrib/single_file_libs/zstd-in.c
Examining data/libzstd-1.4.5+dfsg/contrib/single_file_libs/zstddeclib-in.c
Examining data/libzstd-1.4.5+dfsg/doc/educational_decoder/harness.c
Examining data/libzstd-1.4.5+dfsg/doc/educational_decoder/zstd_decompress.c
Examining data/libzstd-1.4.5+dfsg/doc/educational_decoder/zstd_decompress.h
Examining data/libzstd-1.4.5+dfsg/examples/common.h
Examining data/libzstd-1.4.5+dfsg/examples/dictionary_compression.c
Examining data/libzstd-1.4.5+dfsg/examples/dictionary_decompression.c
Examining data/libzstd-1.4.5+dfsg/examples/multiple_simple_compression.c
Examining data/libzstd-1.4.5+dfsg/examples/multiple_streaming_compression.c
Examining data/libzstd-1.4.5+dfsg/examples/simple_compression.c
Examining data/libzstd-1.4.5+dfsg/examples/simple_decompression.c
Examining data/libzstd-1.4.5+dfsg/examples/streaming_compression.c
Examining data/libzstd-1.4.5+dfsg/examples/streaming_decompression.c
Examining data/libzstd-1.4.5+dfsg/examples/streaming_memory_usage.c
Examining data/libzstd-1.4.5+dfsg/lib/common/bitstream.h
Examining data/libzstd-1.4.5+dfsg/lib/common/compiler.h
Examining data/libzstd-1.4.5+dfsg/lib/common/cpu.h
Examining data/libzstd-1.4.5+dfsg/lib/common/debug.c
Examining data/libzstd-1.4.5+dfsg/lib/common/debug.h
Examining data/libzstd-1.4.5+dfsg/lib/common/entropy_common.c
Examining data/libzstd-1.4.5+dfsg/lib/common/error_private.c
Examining data/libzstd-1.4.5+dfsg/lib/common/error_private.h
Examining data/libzstd-1.4.5+dfsg/lib/common/fse.h
Examining data/libzstd-1.4.5+dfsg/lib/common/fse_decompress.c
Examining data/libzstd-1.4.5+dfsg/lib/common/huf.h
Examining data/libzstd-1.4.5+dfsg/lib/common/mem.h
Examining data/libzstd-1.4.5+dfsg/lib/common/pool.c
Examining data/libzstd-1.4.5+dfsg/lib/common/pool.h
Examining data/libzstd-1.4.5+dfsg/lib/common/threading.c
Examining data/libzstd-1.4.5+dfsg/lib/common/threading.h
Examining data/libzstd-1.4.5+dfsg/lib/common/xxhash.c
Examining data/libzstd-1.4.5+dfsg/lib/common/xxhash.h
Examining data/libzstd-1.4.5+dfsg/lib/common/zstd_common.c
Examining data/libzstd-1.4.5+dfsg/lib/common/zstd_errors.h
Examining data/libzstd-1.4.5+dfsg/lib/common/zstd_internal.h
Examining data/libzstd-1.4.5+dfsg/lib/compress/fse_compress.c
Examining data/libzstd-1.4.5+dfsg/lib/compress/hist.c
Examining data/libzstd-1.4.5+dfsg/lib/compress/hist.h
Examining data/libzstd-1.4.5+dfsg/lib/compress/huf_compress.c
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress.c
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress_internal.h
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress_literals.c
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress_literals.h
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress_sequences.c
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress_sequences.h
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress_superblock.c
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress_superblock.h
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstd_cwksp.h
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstd_double_fast.c
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstd_double_fast.h
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstd_fast.c
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstd_fast.h
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstd_lazy.c
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstd_lazy.h
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstd_ldm.c
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstd_ldm.h
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstd_opt.c
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstd_opt.h
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstdmt_compress.c
Examining data/libzstd-1.4.5+dfsg/lib/compress/zstdmt_compress.h
Examining data/libzstd-1.4.5+dfsg/lib/decompress/huf_decompress.c
Examining data/libzstd-1.4.5+dfsg/lib/decompress/zstd_ddict.c
Examining data/libzstd-1.4.5+dfsg/lib/decompress/zstd_ddict.h
Examining data/libzstd-1.4.5+dfsg/lib/decompress/zstd_decompress.c
Examining data/libzstd-1.4.5+dfsg/lib/decompress/zstd_decompress_block.c
Examining data/libzstd-1.4.5+dfsg/lib/decompress/zstd_decompress_block.h
Examining data/libzstd-1.4.5+dfsg/lib/decompress/zstd_decompress_internal.h
Examining data/libzstd-1.4.5+dfsg/lib/deprecated/zbuff.h
Examining data/libzstd-1.4.5+dfsg/lib/deprecated/zbuff_common.c
Examining data/libzstd-1.4.5+dfsg/lib/deprecated/zbuff_compress.c
Examining data/libzstd-1.4.5+dfsg/lib/deprecated/zbuff_decompress.c
Examining data/libzstd-1.4.5+dfsg/lib/dictBuilder/cover.c
Examining data/libzstd-1.4.5+dfsg/lib/dictBuilder/cover.h
Examining data/libzstd-1.4.5+dfsg/lib/dictBuilder/divsufsort.c
Examining data/libzstd-1.4.5+dfsg/lib/dictBuilder/divsufsort.h
Examining data/libzstd-1.4.5+dfsg/lib/dictBuilder/fastcover.c
Examining data/libzstd-1.4.5+dfsg/lib/dictBuilder/zdict.c
Examining data/libzstd-1.4.5+dfsg/lib/dictBuilder/zdict.h
Examining data/libzstd-1.4.5+dfsg/lib/legacy/zstd_legacy.h
Examining data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v01.c
Examining data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v01.h
Examining data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v02.c
Examining data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v02.h
Examining data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v03.c
Examining data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v03.h
Examining data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v04.c
Examining data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v04.h
Examining data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v05.c
Examining data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v05.h
Examining data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v06.c
Examining data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v06.h
Examining data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c
Examining data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.h
Examining data/libzstd-1.4.5+dfsg/lib/zstd.h
Examining data/libzstd-1.4.5+dfsg/programs/benchfn.c
Examining data/libzstd-1.4.5+dfsg/programs/benchfn.h
Examining data/libzstd-1.4.5+dfsg/programs/benchzstd.c
Examining data/libzstd-1.4.5+dfsg/programs/benchzstd.h
Examining data/libzstd-1.4.5+dfsg/programs/datagen.c
Examining data/libzstd-1.4.5+dfsg/programs/datagen.h
Examining data/libzstd-1.4.5+dfsg/programs/dibio.c
Examining data/libzstd-1.4.5+dfsg/programs/dibio.h
Examining data/libzstd-1.4.5+dfsg/programs/fileio.h
Examining data/libzstd-1.4.5+dfsg/programs/platform.h
Examining data/libzstd-1.4.5+dfsg/programs/timefn.c
Examining data/libzstd-1.4.5+dfsg/programs/timefn.h
Examining data/libzstd-1.4.5+dfsg/programs/util.h
Examining data/libzstd-1.4.5+dfsg/programs/zstdcli.c
Examining data/libzstd-1.4.5+dfsg/programs/fileio.c
Examining data/libzstd-1.4.5+dfsg/programs/util.c
Examining data/libzstd-1.4.5+dfsg/tests/bigdict.c
Examining data/libzstd-1.4.5+dfsg/tests/checkTag.c
Examining data/libzstd-1.4.5+dfsg/tests/datagencli.c
Examining data/libzstd-1.4.5+dfsg/tests/decodecorpus.c
Examining data/libzstd-1.4.5+dfsg/tests/fullbench.c
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/block_decompress.c
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/block_round_trip.c
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/dictionary_decompress.c
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/dictionary_loader.c
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/dictionary_round_trip.c
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/dictionary_stream_round_trip.c
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/fuzz.h
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/fuzz_data_producer.c
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/fuzz_data_producer.h
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/fuzz_helpers.c
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/fuzz_helpers.h
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/raw_dictionary_round_trip.c
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/regression_driver.c
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/simple_compress.c
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/simple_decompress.c
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/simple_round_trip.c
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/stream_decompress.c
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/stream_round_trip.c
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/zstd_frame_info.c
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/zstd_helpers.c
Examining data/libzstd-1.4.5+dfsg/tests/fuzz/zstd_helpers.h
Examining data/libzstd-1.4.5+dfsg/tests/fuzzer.c
Examining data/libzstd-1.4.5+dfsg/tests/invalidDictionaries.c
Examining data/libzstd-1.4.5+dfsg/tests/legacy.c
Examining data/libzstd-1.4.5+dfsg/tests/longmatch.c
Examining data/libzstd-1.4.5+dfsg/tests/paramgrill.c
Examining data/libzstd-1.4.5+dfsg/tests/poolTests.c
Examining data/libzstd-1.4.5+dfsg/tests/regression/config.c
Examining data/libzstd-1.4.5+dfsg/tests/regression/config.h
Examining data/libzstd-1.4.5+dfsg/tests/regression/data.c
Examining data/libzstd-1.4.5+dfsg/tests/regression/data.h
Examining data/libzstd-1.4.5+dfsg/tests/regression/levels.h
Examining data/libzstd-1.4.5+dfsg/tests/regression/method.c
Examining data/libzstd-1.4.5+dfsg/tests/regression/method.h
Examining data/libzstd-1.4.5+dfsg/tests/regression/result.c
Examining data/libzstd-1.4.5+dfsg/tests/regression/result.h
Examining data/libzstd-1.4.5+dfsg/tests/regression/test.c
Examining data/libzstd-1.4.5+dfsg/tests/roundTripCrash.c
Examining data/libzstd-1.4.5+dfsg/tests/seqgen.c
Examining data/libzstd-1.4.5+dfsg/tests/seqgen.h
Examining data/libzstd-1.4.5+dfsg/tests/zbufftest.c
Examining data/libzstd-1.4.5+dfsg/tests/zstreamtest.c
Examining data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example_original.c
Examining data/libzstd-1.4.5+dfsg/zlibWrapper/examples/fitblk.c
Examining data/libzstd-1.4.5+dfsg/zlibWrapper/examples/fitblk_original.c
Examining data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c
Examining data/libzstd-1.4.5+dfsg/zlibWrapper/examples/zwrapbench.c
Examining data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example.c
Examining data/libzstd-1.4.5+dfsg/zlibWrapper/gzclose.c
Examining data/libzstd-1.4.5+dfsg/zlibWrapper/gzcompatibility.h
Examining data/libzstd-1.4.5+dfsg/zlibWrapper/gzguts.h
Examining data/libzstd-1.4.5+dfsg/zlibWrapper/gzlib.c
Examining data/libzstd-1.4.5+dfsg/zlibWrapper/gzread.c
Examining data/libzstd-1.4.5+dfsg/zlibWrapper/gzwrite.c
Examining data/libzstd-1.4.5+dfsg/zlibWrapper/zstd_zlibwrapper.c
Examining data/libzstd-1.4.5+dfsg/zlibWrapper/zstd_zlibwrapper.h
FINAL RESULTS:
data/libzstd-1.4.5+dfsg/programs/util.c:82:13: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
#define chmod _chmod
data/libzstd-1.4.5+dfsg/programs/util.c:137:12: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
return chmod(filename, permissions);
data/libzstd-1.4.5+dfsg/programs/util.c:171:12: [5] (race) chown:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchown( ) instead.
res += chown(filename, statbuf->st_uid, statbuf->st_gid); /* Copy ownership */
data/libzstd-1.4.5+dfsg/contrib/largeNbDicts/largeNbDicts.c:61:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DISPLAY(...) fprintf(stdout, __VA_ARGS__)
data/libzstd-1.4.5+dfsg/contrib/pzstd/Logging.h:46:10: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
std::fprintf(out_, fmt, args...);
data/libzstd-1.4.5+dfsg/contrib/pzstd/Logging.h:59:12: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
std::fprintf(out_, fmt, args...);
data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/parallel_compression.c:192:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outSpace, filename);
data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/seekable_compression.c:110:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outSpace, filename);
data/libzstd-1.4.5+dfsg/doc/educational_decoder/harness.c:26:24: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ERR_OUT(...) { fprintf(stderr, __VA_ARGS__); exit(1); }
data/libzstd-1.4.5+dfsg/doc/educational_decoder/zstd_decompress.c:42:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define MESSAGE(...) fprintf(stderr, "" __VA_ARGS__)
data/libzstd-1.4.5+dfsg/examples/common.h:45:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, \
data/libzstd-1.4.5+dfsg/examples/common.h:50:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, "" __VA_ARGS__); \
data/libzstd-1.4.5+dfsg/examples/dictionary_compression.c:65:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outSpace, filename);
data/libzstd-1.4.5+dfsg/examples/multiple_streaming_compression.c:122:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(ofnBuffer, ifn);
data/libzstd-1.4.5+dfsg/examples/simple_compression.c:46:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outSpace, filename);
data/libzstd-1.4.5+dfsg/examples/streaming_compression.c:99:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outSpace, filename);
data/libzstd-1.4.5+dfsg/lib/common/debug.h:97:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, __VA_ARGS__); \
data/libzstd-1.4.5+dfsg/lib/common/debug.h:101:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, __FILE__ ": " __VA_ARGS__); \
data/libzstd-1.4.5+dfsg/lib/dictBuilder/cover.c:51:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, __VA_ARGS__); \
data/libzstd-1.4.5+dfsg/lib/dictBuilder/fastcover.c:47:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, __VA_ARGS__); \
data/libzstd-1.4.5+dfsg/lib/dictBuilder/zdict.c:72:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DISPLAY(...) { fprintf(stderr, __VA_ARGS__); fflush( stderr ); }
data/libzstd-1.4.5+dfsg/programs/benchfn.c:40:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DISPLAY(...) fprintf(stderr, __VA_ARGS__)
data/libzstd-1.4.5+dfsg/programs/benchzstd.c:70:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DISPLAY(...) fprintf(stderr, __VA_ARGS__)
data/libzstd-1.4.5+dfsg/programs/datagen.c:31:37: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define TRACE(...) if (RDG_DEBUG) fprintf(stderr, __VA_ARGS__ )
data/libzstd-1.4.5+dfsg/programs/dibio.c:57:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DISPLAY(...) fprintf(stderr, __VA_ARGS__)
data/libzstd-1.4.5+dfsg/programs/fileio.c:88:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DISPLAY(...) fprintf(stderr, __VA_ARGS__)
data/libzstd-1.4.5+dfsg/programs/fileio.c:89:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DISPLAYOUT(...) fprintf(stdout, __VA_ARGS__)
data/libzstd-1.4.5+dfsg/programs/fileio.c:2528:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dstFileNameBuffer + dstFileNameEndPos, dstSuffix);
data/libzstd-1.4.5+dfsg/programs/platform.h:27:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf sprintf_s /* snprintf unsupported by Visual <= 2013 */
data/libzstd-1.4.5+dfsg/programs/util.c:67:35: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define UTIL_DISPLAY(...) fprintf(stderr, __VA_ARGS__)
data/libzstd-1.4.5+dfsg/programs/zstdcli.c:97:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DISPLAY_F(f, ...) fprintf((f), __VA_ARGS__)
data/libzstd-1.4.5+dfsg/tests/datagencli.c:35:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DISPLAY(...) fprintf(stderr, __VA_ARGS__)
data/libzstd-1.4.5+dfsg/tests/decodecorpus.c:47:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DISPLAY(...) fprintf(stderr, __VA_ARGS__)
data/libzstd-1.4.5+dfsg/tests/fullbench.c:61:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DISPLAY(...) fprintf(stderr, __VA_ARGS__)
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:60:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DISPLAY(...) fprintf(stderr, __VA_ARGS__)
data/libzstd-1.4.5+dfsg/tests/legacy.c:30:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DISPLAY(...) fprintf(stderr, __VA_ARGS__)
data/libzstd-1.4.5+dfsg/tests/paramgrill.c:55:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DISPLAY(...) fprintf(stderr, __VA_ARGS__)
data/libzstd-1.4.5+dfsg/tests/paramgrill.c:56:56: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DISPLAYLEVEL(n, ...) if(g_displayLevel >= n) { fprintf(stderr, __VA_ARGS__); }
data/libzstd-1.4.5+dfsg/tests/regression/data.c:273:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, str1);
data/libzstd-1.4.5+dfsg/tests/regression/data.c:274:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst + size1, str2);
data/libzstd-1.4.5+dfsg/tests/regression/data.c:276:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst + size1 + size2, str3);
data/libzstd-1.4.5+dfsg/tests/regression/data.c:312:22: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
cdata.file = popen(cmd, "w");
data/libzstd-1.4.5+dfsg/tests/regression/data.c:321:22: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
cdata.file = popen(cmd, "w");
data/libzstd-1.4.5+dfsg/tests/regression/method.c:281:18: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
FILE* zstd = popen(cmd, "r");
data/libzstd-1.4.5+dfsg/tests/regression/test.c:212:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(file, __VA_ARGS__); \
data/libzstd-1.4.5+dfsg/tests/regression/test.c:213:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, __VA_ARGS__); \
data/libzstd-1.4.5+dfsg/tests/roundTripCrash.c:49:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, \
data/libzstd-1.4.5+dfsg/tests/zbufftest.c:59:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DISPLAY(...) fprintf(stderr, __VA_ARGS__)
data/libzstd-1.4.5+dfsg/tests/zstreamtest.c:61:31: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DISPLAY(...) fprintf(stderr, __VA_ARGS__)
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:49:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:49:20: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:475:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(outfile, file);
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:476:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outfile, GZ_SUFFIX);
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:511:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, file);
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:520:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(infile, GZ_SUFFIX);
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/zwrapbench.c:75:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DISPLAY(...) fprintf(displayOut, __VA_ARGS__)
data/libzstd-1.4.5+dfsg/zlibWrapper/gzguts.h:93:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# if !defined(vsnprintf) && !defined(NO_vsnprintf)
data/libzstd-1.4.5+dfsg/zlibWrapper/gzguts.h:95:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define vsnprintf _vsnprintf
data/libzstd-1.4.5+dfsg/zlibWrapper/gzguts.h:117:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/libzstd-1.4.5+dfsg/zlibWrapper/gzguts.h:117:20: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define snprintf _snprintf
data/libzstd-1.4.5+dfsg/zlibWrapper/gzlib.c:219:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(state.state->path, (const char*)path);
data/libzstd-1.4.5+dfsg/zlibWrapper/gzlib.c:617:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(state.state->msg, state.state->path);
data/libzstd-1.4.5+dfsg/zlibWrapper/gzlib.c:619:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(state.state->msg, msg);
data/libzstd-1.4.5+dfsg/zlibWrapper/gzwrite.c:423:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
(void)vsprintf(next, format, va);
data/libzstd-1.4.5+dfsg/zlibWrapper/gzwrite.c:427:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
len = vsprintf(next, format, va);
data/libzstd-1.4.5+dfsg/zlibWrapper/gzwrite.c:431:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
(void)vsnprintf(next, state.state->size, format, va);
data/libzstd-1.4.5+dfsg/zlibWrapper/gzwrite.c:434:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(next, state.state->size, format, va);
data/libzstd-1.4.5+dfsg/zlibWrapper/gzwrite.c:517:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(next, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12,
data/libzstd-1.4.5+dfsg/zlibWrapper/gzwrite.c:523:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
len = sprintf(next, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11,
data/libzstd-1.4.5+dfsg/zlibWrapper/gzwrite.c:528:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(next, state.state->size, format, a1, a2, a3, a4, a5, a6, a7, a8, a9,
data/libzstd-1.4.5+dfsg/zlibWrapper/gzwrite.c:532:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = snprintf(next, state.state->size, format, a1, a2, a3, a4, a5, a6, a7, a8,
data/libzstd-1.4.5+dfsg/zlibWrapper/zstd_zlibwrapper.c:529:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zwd->version, version);
data/libzstd-1.4.5+dfsg/contrib/pzstd/test/PzstdTest.cpp:34:34: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
std::string inputFile = std::tmpnam(nullptr);
data/libzstd-1.4.5+dfsg/contrib/pzstd/test/PzstdTest.cpp:69:34: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
std::string inputFile = std::tmpnam(nullptr);
data/libzstd-1.4.5+dfsg/contrib/pzstd/test/PzstdTest.cpp:103:32: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
std::string inputFile = std::tmpnam(nullptr);
data/libzstd-1.4.5+dfsg/contrib/pzstd/test/PzstdTest.cpp:133:32: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
std::string inputFile = std::tmpnam(nullptr);
data/libzstd-1.4.5+dfsg/contrib/pzstd/test/RoundTrip.h:62:37: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
std::string compressedFile = std::tmpnam(nullptr);
data/libzstd-1.4.5+dfsg/contrib/pzstd/test/RoundTrip.h:63:39: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
std::string decompressedFile = std::tmpnam(nullptr);
data/libzstd-1.4.5+dfsg/contrib/pzstd/test/RoundTripTest.cpp:30:17: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
string file = tmpnam(nullptr);
data/libzstd-1.4.5+dfsg/lib/common/threading.h:51:52: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
#define ZSTD_pthread_mutex_init(a, b) ((void)(b), InitializeCriticalSection((a)), 0)
data/libzstd-1.4.5+dfsg/lib/common/threading.h:53:40: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
#define ZSTD_pthread_mutex_lock(a) EnterCriticalSection((a))
data/libzstd-1.4.5+dfsg/programs/zstdcli.c:583:29: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char* const env = getenv(ENV_CLEVEL);
data/libzstd-1.4.5+dfsg/tests/regression/test.c:162:13: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, short_options, long_options, &option_index);
data/libzstd-1.4.5+dfsg/contrib/diagnose_corruption/check_flipped_bits.c:94:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/libzstd-1.4.5+dfsg/contrib/diagnose_corruption/check_flipped_bits.c:211:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stuff->perturbed, stuff->input, stuff->input_size);
data/libzstd-1.4.5+dfsg/contrib/gen_html/gen_html.cpp:98:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
istream.open(argv[2], ifstream::in);
data/libzstd-1.4.5+dfsg/contrib/gen_html/gen_html.cpp:104:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ostream.open(argv[3], ifstream::out);
data/libzstd-1.4.5+dfsg/contrib/largeNbDicts/largeNbDicts.c:112:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ FILE* const f = fopen(fileName, "rb");
data/libzstd-1.4.5+dfsg/contrib/largeNbDicts/largeNbDicts.c:181:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* const f = fopen(fileNamesTable[n], "rb");
data/libzstd-1.4.5+dfsg/contrib/largeNbDicts/largeNbDicts.c:361:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(slices[i], sc.slicePtrs[i], sc.capacities[i]);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/fs/btrfs/zstd.c:411:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(kaddr + pg_offset, out_buf.dst + buf_offset, bytes);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/xxhash.c:81:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, sizeof(*dst));
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/xxhash.c:87:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, sizeof(*dst));
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/xxhash.c:252:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(statePtr, &state, sizeof(state));
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/xxhash.c:266:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(statePtr, &state, sizeof(state));
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/xxhash.c:282:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t *)(state->mem32) + state->memsize, input, len);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/xxhash.c:290:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t *)(state->mem32) + state->memsize, input,
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/xxhash.c:331:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->mem32, p, (size_t)(b_end-p));
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/xxhash.c:388:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((uint8_t *)state->mem64) + state->memsize, input, len);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/xxhash.c:396:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((uint8_t *)p64) + state->memsize, input,
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/xxhash.c:436:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->mem64, p, (size_t)(b_end-p));
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/compress.c:351:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dstCCtx->customMem, &srcCCtx->customMem, sizeof(ZSTD_customMem));
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/compress.c:364:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstCCtx->workSpace, srcCCtx->workSpace, tableSpace);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/compress.c:387:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstCCtx->hufTable, srcCCtx->hufTable, 256 * 4);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/compress.c:436:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((BYTE *)dst + ZSTD_blockHeaderSize, src, srcSize);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/compress.c:456:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ostart + flSize, src, srcSize);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/compress.c:1097:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seqStorePtr->lit, anchor, lastLLSize);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/compress.c:1213:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seqStorePtr->lit, anchor, lastLLSize);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/compress.c:1376:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seqStorePtr->lit, anchor, lastLLSize);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/compress.c:1536:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seqStorePtr->lit, anchor, lastLLSize);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/compress.c:2042:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seqStorePtr->lit, anchor, lastLLSize);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/compress.c:2245:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seqStorePtr->lit, anchor, lastLLSize);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/compress.c:2410:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op + ZSTD_blockHeaderSize, ip, blockSize);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/compress.c:2870:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(internalBuffer, dictBuffer, dictSize);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/compress.c:2991:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zcs->customMem, &customMem, sizeof(ZSTD_customMem));
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/compress.c:3123:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, length);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/decompress.c:50:54: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void ZSTD_copy4(void *dst, const void *src) { memcpy(dst, src, 4); }
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/decompress.c:116:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->entropy.rep, repStartValue, sizeof(repStartValue)); /* initial repcodes */
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/decompress.c:134:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dctx->customMem, &customMem, sizeof(customMem));
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/decompress.c:156:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstDCtx, srcDCtx, sizeof(ZSTD_DCtx) - workSpaceSize); /* no need to copy workspace */
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/decompress.c:414:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, srcSize);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/decompress.c:523:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->litBuffer, istart + lhSize, litSize);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/decompress.c:1154:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, litPtr, lastLLSize);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/decompress.c:1436:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, litPtr, lastLLSize);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/decompress.c:1754:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->headerBuffer, src, ZSTD_frameHeaderSize_prefix);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/decompress.c:1762:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->headerBuffer, src, ZSTD_frameHeaderSize_prefix);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/decompress.c:1771:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->headerBuffer + ZSTD_frameHeaderSize_prefix, src, dctx->expected);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/decompress.c:1844:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->headerBuffer + ZSTD_frameHeaderSize_prefix, src, dctx->expected);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/decompress.c:2057:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(internalBuffer, dict, dictSize);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/decompress.c:2200:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zds->customMem, &customMem, sizeof(ZSTD_customMem));
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/decompress.c:2291:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, length);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/decompress.c:2318:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zds->headerBuffer + zds->lhSize, ip, iend - ip);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/decompress.c:2324:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zds->headerBuffer + zds->lhSize, ip, toLoad);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/fse_decompress.c:132:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dt, &DTableH, sizeof(DTableH));
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/huf_compress.c:740:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldHufTable, CTable, CTableSize);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/huf_decompress.c:126:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(DTable, &dtd, sizeof(dtd));
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/huf_decompress.c:591:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(DTable, &dtd, sizeof(dtd));
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/huf_decompress.c:598:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, dt + val, 2);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/huf_decompress.c:606:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, dt + val, 1);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/huf_decompress.c:909:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, cSrc, dstSize);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/huf_decompress.c:947:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, cSrc, dstSize);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/zstd_internal.h:128:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, 8);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/zstd_opt.h:692:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seqStorePtr->lit, anchor, lastLLSize);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/lib/zstd/zstd_opt.h:1007:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seqStorePtr->lit, anchor, lastLLSize);
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/test/include/asm/unaligned.h:60:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, sizeof(value));
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/test/include/asm/unaligned.h:66:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, sizeof(value));
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/test/include/asm/unaligned.h:72:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, sizeof(value));
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/test/include/asm/unaligned.h:95:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, sizeof(value));
data/libzstd-1.4.5+dfsg/contrib/linux-kernel/test/include/asm/unaligned.h:101:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, sizeof(value));
data/libzstd-1.4.5+dfsg/contrib/match_finders/zstd_edist.c:416:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(combinedMatches, state->matches, sizeof(ZSTD_eDist_match));
data/libzstd-1.4.5+dfsg/contrib/match_finders/zstd_edist.c:430:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(combinedMatches + nbCombinedMatches,
data/libzstd-1.4.5+dfsg/contrib/match_finders/zstd_edist.c:435:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->matches, combinedMatches, nbCombinedMatches * sizeof(ZSTD_eDist_match));
data/libzstd-1.4.5+dfsg/contrib/pzstd/Pzstd.cpp:123:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto inputFd = std::fopen(inputFile.c_str(), "rb");
data/libzstd-1.4.5+dfsg/contrib/pzstd/Pzstd.cpp:139:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto outputFd = std::fopen(outputFile.c_str(), "rb");
data/libzstd-1.4.5+dfsg/contrib/pzstd/Pzstd.cpp:157:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto outputFd = std::fopen(outputFile.c_str(), "wb");
data/libzstd-1.4.5+dfsg/contrib/pzstd/test/PzstdTest.cpp:39:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto fd = std::fopen(inputFile.c_str(), "wb");
data/libzstd-1.4.5+dfsg/contrib/pzstd/test/PzstdTest.cpp:74:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto fd = std::fopen(inputFile.c_str(), "wb");
data/libzstd-1.4.5+dfsg/contrib/pzstd/test/PzstdTest.cpp:110:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto fd = std::fopen(inputFile.c_str(), "wb");
data/libzstd-1.4.5+dfsg/contrib/pzstd/test/PzstdTest.cpp:138:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto fd = std::fopen(inputFile.c_str(), "wb");
data/libzstd-1.4.5+dfsg/contrib/pzstd/test/RoundTrip.h:26:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto sFd = std::fopen(source.c_str(), "rb");
data/libzstd-1.4.5+dfsg/contrib/pzstd/test/RoundTrip.h:27:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto dFd = std::fopen(decompressed.c_str(), "rb");
data/libzstd-1.4.5+dfsg/contrib/pzstd/test/RoundTripTest.cpp:31:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
auto fd = std::fopen(file.c_str(), "wb");
data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/parallel_compression.c:42:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* const inFile = fopen(filename, instruction);
data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/parallel_compression.c:171:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ unsigned char seekTableBuff[1024];
data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/parallel_compression.c:193:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outSpace, ".zst");
data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/parallel_compression.c:207:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned const frameSize = (unsigned)atoi(argv[2]);
data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/parallel_compression.c:208:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int const nbThreads = atoi(argv[3]);
data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/parallel_processing.c:56:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* const inFile = fopen(filename, instruction);
data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/parallel_processing.c:189:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int const nbThreads = atoi(argv[2]);
data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/seekable_compression.c:29:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* const inFile = fopen(filename, instruction);
data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/seekable_compression.c:111:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outSpace, ".zst");
data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/seekable_compression.c:125:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned const frameSize = (unsigned)atoi(argv[2]);
data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/seekable_decompression.c:43:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* const inFile = fopen(filename, instruction);
data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/seekable_decompression_mem.c:45:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* const inFile = fopen(filename, instruction);
data/libzstd-1.4.5+dfsg/contrib/seekable_format/zstdseek_compress.c:290:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((BYTE*)output->dst + output->pos,
data/libzstd-1.4.5+dfsg/contrib/seekable_format/zstdseek_decompress.c:110:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, (const BYTE*)buff->ptr + buff->pos, n);
data/libzstd-1.4.5+dfsg/doc/educational_decoder/harness.c:38:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* const f = fopen(path, "rb");
data/libzstd-1.4.5+dfsg/doc/educational_decoder/harness.c:58:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* const f = fopen(path, "wb");
data/libzstd-1.4.5+dfsg/doc/educational_decoder/zstd_decompress.c:616:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(write_ptr, read_ptr, block_len);
data/libzstd-1.4.5+dfsg/doc/educational_decoder/zstd_decompress.c:773:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*literals, read_ptr, size);
data/libzstd-1.4.5+dfsg/doc/educational_decoder/zstd_decompress.c:1279:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(write_ptr, read_ptr, literal_length);
data/libzstd-1.4.5+dfsg/doc/educational_decoder/zstd_decompress.c:1352:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(write_ptr, ctx->dict_content + dict_offset, dict_copy);
data/libzstd-1.4.5+dfsg/doc/educational_decoder/zstd_decompress.c:1497:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dict->content, content, dict->content_size);
data/libzstd-1.4.5+dfsg/doc/educational_decoder/zstd_decompress.c:1516:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->symbols, src->symbols, size);
data/libzstd-1.4.5+dfsg/doc/educational_decoder/zstd_decompress.c:1517:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->num_bits, src->num_bits, size);
data/libzstd-1.4.5+dfsg/doc/educational_decoder/zstd_decompress.c:1536:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->symbols, src->symbols, size);
data/libzstd-1.4.5+dfsg/doc/educational_decoder/zstd_decompress.c:1537:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->num_bits, src->num_bits, size);
data/libzstd-1.4.5+dfsg/doc/educational_decoder/zstd_decompress.c:1538:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst->new_state_base, src->new_state_base, size * sizeof(u16));
data/libzstd-1.4.5+dfsg/examples/common.h:101:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* const inFile = fopen(filename, instruction);
data/libzstd-1.4.5+dfsg/examples/dictionary_compression.c:66:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outSpace, ".zst");
data/libzstd-1.4.5+dfsg/examples/multiple_simple_compression.c:105:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outFilename, inFilename, inFilenameLen);
data/libzstd-1.4.5+dfsg/examples/multiple_simple_compression.c:106:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(outFilename+inFilenameLen, ".zst", 5);
data/libzstd-1.4.5+dfsg/examples/multiple_streaming_compression.c:123:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(ofnBuffer, ".zst");
data/libzstd-1.4.5+dfsg/examples/simple_compression.c:47:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outSpace, ".zst");
data/libzstd-1.4.5+dfsg/examples/streaming_compression.c:100:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(outSpace, ".zst");
data/libzstd-1.4.5+dfsg/examples/streaming_memory_usage.c:62:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const dataToCompress[INPUT_SIZE] = "abcde";
data/libzstd-1.4.5+dfsg/examples/streaming_memory_usage.c:63:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char compressedData[COMPRESSED_SIZE];
data/libzstd-1.4.5+dfsg/examples/streaming_memory_usage.c:64:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char decompressedData[INPUT_SIZE];
data/libzstd-1.4.5+dfsg/lib/common/entropy_common.c:57:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[4];
data/libzstd-1.4.5+dfsg/lib/common/entropy_common.c:59:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, headerBuffer, hbSize);
data/libzstd-1.4.5+dfsg/lib/common/fse_decompress.c:98:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dt, &DTableH, sizeof(DTableH));
data/libzstd-1.4.5+dfsg/lib/common/mem.h:259:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, sizeof(value));
data/libzstd-1.4.5+dfsg/lib/common/mem.h:264:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, sizeof(value));
data/libzstd-1.4.5+dfsg/lib/common/mem.h:269:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, sizeof(value));
data/libzstd-1.4.5+dfsg/lib/common/pool.c:209:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(threadPool, ctx->threads, ctx->threadCapacity * sizeof(*threadPool));
data/libzstd-1.4.5+dfsg/lib/common/xxhash.c:87:76: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void* XXH_memcpy(void* dest, const void* src, size_t size) { return memcpy(dest,src,size); }
data/libzstd-1.4.5+dfsg/lib/common/xxhash.c:310:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstState, srcState, sizeof(*dstState));
data/libzstd-1.4.5+dfsg/lib/common/xxhash.c:315:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstState, srcState, sizeof(*dstState));
data/libzstd-1.4.5+dfsg/lib/common/xxhash.c:562:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(statePtr, &state, sizeof(state));
data/libzstd-1.4.5+dfsg/lib/common/xxhash.c:575:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(statePtr, &state, sizeof(state));
data/libzstd-1.4.5+dfsg/lib/common/xxhash.c:846:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &hash, sizeof(*dst));
data/libzstd-1.4.5+dfsg/lib/common/xxhash.c:853:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &hash, sizeof(*dst));
data/libzstd-1.4.5+dfsg/lib/common/xxhash.h:226:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef struct { unsigned char digest[4]; } XXH32_canonical_t;
data/libzstd-1.4.5+dfsg/lib/common/xxhash.h:227:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef struct { unsigned char digest[8]; } XXH64_canonical_t;
data/libzstd-1.4.5+dfsg/lib/common/zstd_internal.h:234:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, 8);
data/libzstd-1.4.5+dfsg/lib/common/zstd_internal.h:243:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, 16);
data/libzstd-1.4.5+dfsg/lib/common/zstd_internal.h:308:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, length);
data/libzstd-1.4.5+dfsg/lib/compress/huf_compress.c:719:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(oldHufTable, table->CTable, sizeof(table->CTable)); /* Save new table */
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress.c:908:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dictBuffer, dict, dictSize);
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress.c:1673:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cctx->blockState.prevCBlock, &cdict->cBlockState, sizeof(cdict->cBlockState));
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress.c:1706:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cctx->blockState.matchState.hashTable,
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress.c:1709:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cctx->blockState.matchState.chainTable,
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress.c:1734:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cctx->blockState.prevCBlock, &cdict->cBlockState, sizeof(cdict->cBlockState));
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress.c:1778:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dstCCtx->customMem, &srcCCtx->customMem, sizeof(ZSTD_customMem));
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress.c:1800:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstCCtx->blockState.matchState.hashTable,
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress.c:1803:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstCCtx->blockState.matchState.chainTable,
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress.c:1806:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstCCtx->blockState.matchState.hashTable3,
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress.c:1824:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstCCtx->blockState.prevCBlock, srcCCtx->blockState.prevCBlock, sizeof(*srcCCtx->blockState.prevCBlock));
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress.c:2026:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nextEntropy->fse, &prevEntropy->fse, sizeof(prevEntropy->fse));
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress.c:2229:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(seqStorePtr->lit, anchor, lastLLSize);
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress.c:3367:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(internalBuffer, dictBuffer, dictSize);
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress_internal.h:375:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((BYTE*)dst + ZSTD_blockHeaderSize, src, srcSize);
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress_literals.c:38:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ostart + flSize, src, srcSize);
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress_literals.c:89:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nextHuf, prevHuf, sizeof(*prevHuf));
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress_literals.c:121:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nextHuf, prevHuf, sizeof(*prevHuf));
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress_literals.c:125:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nextHuf, prevHuf, sizeof(*prevHuf));
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress_sequences.c:242:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nextCTable, prevCTable, prevCTableSize);
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress_superblock.c:82:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nextHuf, prevHuf, sizeof(*prevHuf));
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress_superblock.c:140:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nextHuf, prevHuf, sizeof(*prevHuf));
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress_superblock.c:147:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nextHuf, prevHuf, sizeof(*prevHuf));
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress_superblock.c:351:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, hufMetadata->hufDesBuffer, hufMetadata->hufDesSize);
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress_superblock.c:477:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, fseMetadata->fseTablesBuffer, fseMetadata->fseTablesSize);
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress_superblock.c:793:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&nextCBlock->entropy.huf, &prevCBlock->entropy.huf, sizeof(prevCBlock->entropy.huf));
data/libzstd-1.4.5+dfsg/lib/compress/zstd_compress_superblock.c:816:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nextCBlock->rep, &rep, sizeof(rep));
data/libzstd-1.4.5+dfsg/lib/compress/zstd_opt.c:928:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opt[cur].rep, &newReps, sizeof(repcodes_t));
data/libzstd-1.4.5+dfsg/lib/compress/zstd_opt.c:930:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(opt[cur].rep, opt[cur - 1].rep, sizeof(repcodes_t));
data/libzstd-1.4.5+dfsg/lib/compress/zstd_opt.c:1013:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rep, &reps, sizeof(reps));
data/libzstd-1.4.5+dfsg/lib/compress/zstd_opt.c:1015:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rep, opt[cur].rep, sizeof(repcodes_t));
data/libzstd-1.4.5+dfsg/lib/compress/zstdmt_compress.c:238:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newBuffer.start, buffer.start, buffer.capacity);
data/libzstd-1.4.5+dfsg/lib/compress/zstdmt_compress.c:1743:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)output->dst + output->pos,
data/libzstd-1.4.5+dfsg/lib/compress/zstdmt_compress.c:2075:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)mtctx->inBuff.buffer.start + mtctx->inBuff.filled, (const char*)input->src + input->pos, syncPoint.toLoad);
data/libzstd-1.4.5+dfsg/lib/decompress/huf_decompress.c:148:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(DTable, &dtd, sizeof(dtd));
data/libzstd-1.4.5+dfsg/lib/decompress/huf_decompress.c:647:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(DTable, &dtd, sizeof(dtd));
data/libzstd-1.4.5+dfsg/lib/decompress/huf_decompress.c:663:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, dt+val, 2);
data/libzstd-1.4.5+dfsg/lib/decompress/huf_decompress.c:672:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, dt+val, 1);
data/libzstd-1.4.5+dfsg/lib/decompress/huf_decompress.c:1065:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; } /* not compressed */
data/libzstd-1.4.5+dfsg/lib/decompress/huf_decompress.c:1088:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; } /* not compressed */
data/libzstd-1.4.5+dfsg/lib/decompress/huf_decompress.c:1148:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; } /* not compressed */
data/libzstd-1.4.5+dfsg/lib/decompress/zstd_ddict.c:134:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(internalBuffer, dict, dictSize);
data/libzstd-1.4.5+dfsg/lib/decompress/zstd_ddict.c:201:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ddict+1, dict, dictSize); /* local copy */
data/libzstd-1.4.5+dfsg/lib/decompress/zstd_decompress.c:182:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstDCtx, srcDCtx, toCopy); /* no need to copy workspace */
data/libzstd-1.4.5+dfsg/lib/decompress/zstd_decompress.c:587:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, srcSize);
data/libzstd-1.4.5+dfsg/lib/decompress/zstd_decompress.c:902:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->headerBuffer, src, srcSize);
data/libzstd-1.4.5+dfsg/lib/decompress/zstd_decompress.c:909:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->headerBuffer, src, srcSize);
data/libzstd-1.4.5+dfsg/lib/decompress/zstd_decompress.c:916:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->headerBuffer + (dctx->headerSize - srcSize), src, srcSize);
data/libzstd-1.4.5+dfsg/lib/decompress/zstd_decompress.c:1022:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->headerBuffer + (ZSTD_SKIPPABLEHEADERSIZE - srcSize), src, srcSize); /* complete skippable header */
data/libzstd-1.4.5+dfsg/lib/decompress/zstd_decompress.c:1173:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->entropy.rep, repStartValue, sizeof(repStartValue)); /* initial repcodes */
data/libzstd-1.4.5+dfsg/lib/decompress/zstd_decompress.c:1666:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zds->headerBuffer + zds->lhSize, ip, remainingInput);
data/libzstd-1.4.5+dfsg/lib/decompress/zstd_decompress.c:1673:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zds->headerBuffer + zds->lhSize, ip, toLoad); zds->lhSize = hSize; ip += toLoad;
data/libzstd-1.4.5+dfsg/lib/decompress/zstd_decompress_block.c:47:54: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void ZSTD_copy4(void* dst, const void* src) { memcpy(dst, src, 4); }
data/libzstd-1.4.5+dfsg/lib/decompress/zstd_decompress_block.c:194:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->litBuffer, istart+lhSize, litSize);
data/libzstd-1.4.5+dfsg/lib/decompress/zstd_decompress_block.c:399:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dt, &DTableH, sizeof(DTableH));
data/libzstd-1.4.5+dfsg/lib/decompress/zstd_decompress_block.c:1107:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, litPtr, lastLLSize);
data/libzstd-1.4.5+dfsg/lib/decompress/zstd_decompress_block.c:1212:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, litPtr, lastLLSize);
data/libzstd-1.4.5+dfsg/lib/dictBuilder/cover.c:709:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dict + tail, ctx->samples + segment.begin, segmentSize);
data/libzstd-1.4.5+dfsg/lib/dictBuilder/cover.c:923:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(best->dict, dict, dictSize);
data/libzstd-1.4.5+dfsg/lib/dictBuilder/cover.c:968:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(largestDictbuffer, customDictContent, dictContentSize);
data/libzstd-1.4.5+dfsg/lib/dictBuilder/cover.c:1002:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(candidateDictBuffer, largestDictbuffer, largestDict);
data/libzstd-1.4.5+dfsg/lib/dictBuilder/cover.c:1077:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(freqs, ctx->freqs, ctx->suffixSize * sizeof(U32));
data/libzstd-1.4.5+dfsg/lib/dictBuilder/cover.c:1231:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dictBuffer, best.dict, dictSize);
data/libzstd-1.4.5+dfsg/lib/dictBuilder/fastcover.c:439:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dict + tail, ctx->samples + segment.begin, segmentSize);
data/libzstd-1.4.5+dfsg/lib/dictBuilder/fastcover.c:483:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(freqs, ctx->freqs, ((U64)1 << ctx->f) * sizeof(U32));
data/libzstd-1.4.5+dfsg/lib/dictBuilder/fastcover.c:751:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dictBuffer, best.dict, dictSize);
data/libzstd-1.4.5+dfsg/lib/dictBuilder/zdict.c:931:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dictBuffer, header, hSize);
data/libzstd-1.4.5+dfsg/lib/dictBuilder/zdict.c:1069:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, (const char*)samplesBuffer+dictList[u].pos, l);
data/libzstd-1.4.5+dfsg/lib/dictBuilder/zdict.c:1098:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newBuff, samplesBuffer, sBuffSize);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v01.c:1361:56: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void ZSTD_copy4(void* dst, const void* src) { memcpy(dst, src, 4); }
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v01.c:1363:56: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void ZSTD_copy8(void* dst, const void* src) { memcpy(dst, src, 8); }
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v01.c:1487:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, srcSize);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v01.c:1797:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(saved, endMatch, qutt);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v01.c:1827:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (overlapRisk) memcpy(endMatch, saved, qutt);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v02.c:189:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, sizeof(value));
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v02.c:1158:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dt, &DTableH, sizeof(DTableH)); /* memcpy(), to avoid strict aliasing warnings */
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v02.c:2017:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, dt+val, 2);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v02.c:2025:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, dt+val, 1);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v02.c:2364:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, ds+val, sizeof(HUF_DSeqX6));
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v02.c:2376:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, ds+val, length);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v02.c:2380:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, ds+val, maxL);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v02.c:2589:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; } /* not compressed */
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v02.c:2745:56: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void ZSTD_copy4(void* dst, const void* src) { memcpy(dst, src, 4); }
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v02.c:2747:56: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void ZSTD_copy8(void* dst, const void* src) { memcpy(dst, src, 8); }
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v02.c:2840:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, srcSize);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v02.c:2896:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->litBuffer, istart, litSize);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v03.c:190:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, sizeof(value));
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v03.c:1159:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dt, &DTableH, sizeof(DTableH));
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v03.c:2014:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, dt+val, 2);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v03.c:2022:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, dt+val, 1);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v03.c:2229:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; } /* not compressed */
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v03.c:2386:56: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void ZSTD_copy4(void* dst, const void* src) { memcpy(dst, src, 4); }
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v03.c:2388:56: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void ZSTD_copy8(void* dst, const void* src) { memcpy(dst, src, 8); }
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v03.c:2481:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, srcSize);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v03.c:2537:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->litBuffer, istart, litSize);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v04.c:161:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, sizeof(value));
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v04.c:389:54: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void ZSTD_copy8(void* dst, const void* src) { memcpy(dst, src, 8); }
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v04.c:1136:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dt, &DTableH, sizeof(DTableH));
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v04.c:2164:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, dt+val, 2);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v04.c:2172:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, dt+val, 1);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v04.c:2376:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; } /* not compressed */
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v04.c:2476:54: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void ZSTD_copy4(void* dst, const void* src) { memcpy(dst, src, 4); }
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v04.c:2607:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, srcSize);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v04.c:2662:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->litBuffer, istart, litSize);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v04.c:3014:35: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (op != litPtr) memcpy(op, litPtr, lastLLSize);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v04.c:3210:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->headerBuffer, src, ZSTD_frameHeaderSize_min);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v04.c:3367:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char headerBuffer[ZSTD_frameHeaderSize_max];
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v04.c:3415:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, length);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v04.c:3448:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zbc->headerBuffer+zbc->hPos, src, *srcSizePtr);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v04.c:3494:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zbc->inBuff, zbc->headerBuffer, zbc->hPos);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v05.c:184:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, sizeof(value));
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v05.c:189:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, sizeof(value));
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v05.c:194:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, sizeof(value));
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v05.c:502:57: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void ZSTDv05_copy8(void* dst, const void* src) { memcpy(dst, src, 8); }
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v05.c:1262:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dt, &DTableH, sizeof(DTableH));
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v05.c:2278:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, dt+val, 2);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v05.c:2286:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, dt+val, 1);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v05.c:2621:57: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void ZSTDv05_copy4(void* dst, const void* src) { memcpy(dst, src, 4); }
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v05.c:2697:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstDCtx, srcDCtx,
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v05.c:2855:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, srcSize);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v05.c:2956:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->litBuffer, istart+lhSize, litSize);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v05.c:3366:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, litPtr, lastLLSize);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v05.c:3597:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->headerBuffer, src, ZSTDv05_frameHeaderSize_min);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v05.c:3797:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, length);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v05.c:3845:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char headerBuffer[ZSTDv05_frameHeaderSize_max];
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v05.c:3910:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zbc->headerBuffer+zbc->hPos, src, *srcSizePtr);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v05.c:3957:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zbc->inBuff, zbc->headerBuffer, zbc->hPos);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v06.c:182:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, sizeof(value));
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v06.c:537:57: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void ZSTDv06_copy8(void* dst, const void* src) { memcpy(dst, src, 8); }
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v06.c:1486:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dt, &DTableH, sizeof(DTableH));
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v06.c:2407:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, dt+val, 2);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v06.c:2415:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, dt+val, 1);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v06.c:2653:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; } /* not compressed */
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v06.c:2795:57: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void ZSTDv06_copy4(void* dst, const void* src) { memcpy(dst, src, 4); }
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v06.c:2858:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstDCtx, srcDCtx,
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v06.c:3047:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, srcSize);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v06.c:3144:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->litBuffer, istart+lhSize, litSize);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v06.c:3505:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, litPtr, lastLLSize);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v06.c:3738:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->headerBuffer, src, ZSTDv06_frameHeaderSize_min);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v06.c:3748:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->headerBuffer + ZSTDv06_frameHeaderSize_min, src, dctx->expected);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v06.c:4006:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, length);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v06.c:4038:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zbd->headerBuffer + zbd->lhSize, ip, iend-ip);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v06.c:4043:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zbd->headerBuffer + zbd->lhSize, ip, toLoad); zbd->lhSize = hSize; ip += toLoad;
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:342:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(memPtr, &value, sizeof(value));
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:1506:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dt, &DTableH, sizeof(DTableH));
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:1797:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(DTable, &dtd, sizeof(dtd));
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:2210:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(DTable, &dtd, sizeof(dtd));
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:2218:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, dt+val, 2);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:2226:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, dt+val, 1);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:2526:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; } /* not compressed */
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:2542:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; } /* not compressed */
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:2568:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (cSrcSize == dstSize) { memcpy(dst, cSrc, dstSize); return dstSize; } /* not compressed */
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:2771:57: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void ZSTDv07_copy8(void* dst, const void* src) { memcpy(dst, src, 8); }
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:2919:57: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void ZSTDv07_copy4(void* dst, const void* src) { memcpy(dst, src, 4); }
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:2989:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dctx->customMem, &customMem, sizeof(ZSTDv07_customMem));
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:3008:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstDCtx, srcDCtx,
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:3276:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, srcSize);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:3374:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->litBuffer, istart+lhSize, litSize);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:3720:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, litPtr, lastLLSize);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:3996:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->headerBuffer, src, ZSTDv07_frameHeaderSize_min);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:4003:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->headerBuffer, src, ZSTDv07_frameHeaderSize_min);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:4013:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dctx->headerBuffer + ZSTDv07_frameHeaderSize_min, src, dctx->expected);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:4068:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
{ memcpy(dctx->headerBuffer + ZSTDv07_frameHeaderSize_min, src, dctx->expected);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:4205:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dictContent, dict, dictSize);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:4350:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zbd->customMem, &customMem, sizeof(ZSTDv07_customMem));
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:4388:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, length);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:4420:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zbd->headerBuffer + zbd->lhSize, ip, iend-ip);
data/libzstd-1.4.5+dfsg/lib/legacy/zstd_v07.c:4425:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zbd->headerBuffer + zbd->lhSize, ip, toLoad); zbd->lhSize = hSize; ip += toLoad;
data/libzstd-1.4.5+dfsg/programs/benchfn.c:173:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char check_size[ 2 * (sizeof(BMK_timedFnState_shell) >= sizeof(struct BMK_timedFnState_s)) - 1]; /* static assert : a compilation failure indicates that BMK_timedFnState_shell is not large enough */
data/libzstd-1.4.5+dfsg/programs/benchfn.h:173:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char never_access_space[BMK_TIMEDFNSTATE_SIZE];
data/libzstd-1.4.5+dfsg/programs/benchzstd.c:387:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(compressedBuffer, srcBuffer, loadedCompressedSize);
data/libzstd-1.4.5+dfsg/programs/benchzstd.c:695:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20] = {0};
data/libzstd-1.4.5+dfsg/programs/benchzstd.c:767:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ FILE* const f = fopen(fileNamesTable[n], "rb");
data/libzstd-1.4.5+dfsg/programs/benchzstd.c:861:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ char mfName[20] = {0};
data/libzstd-1.4.5+dfsg/programs/datagen.c:181:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buff, buff + stdBlockSize, stdDictSize);
data/libzstd-1.4.5+dfsg/programs/dibio.c:121:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* const f = fopen(fileName, "rb");
data/libzstd-1.4.5+dfsg/programs/dibio.c:216:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* const f = fopen(dictFileName, "wb");
data/libzstd-1.4.5+dfsg/programs/fileio.c:543:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ FILE* const f = fopen(srcFileName, "rb");
data/libzstd-1.4.5+dfsg/programs/fileio.c:582:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* const fCheck = fopen( dstFileName, "rb" );
data/libzstd-1.4.5+dfsg/programs/fileio.c:614:25: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ FILE* const f = fopen( dstFileName, "wb" );
data/libzstd-1.4.5+dfsg/programs/fileio.c:644:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fileHandle = fopen(fileName, "rb");
data/libzstd-1.4.5+dfsg/programs/fileio.c:745:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, outDirName, strlen(outDirName));
data/libzstd-1.4.5+dfsg/programs/fileio.c:747:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + strlen(outDirName), filenameStart, strlen(filenameStart));
data/libzstd-1.4.5+dfsg/programs/fileio.c:749:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + strlen(outDirName), &separator, 1);
data/libzstd-1.4.5+dfsg/programs/fileio.c:750:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + strlen(outDirName) + 1, filenameStart, strlen(filenameStart));
data/libzstd-1.4.5+dfsg/programs/fileio.c:1633:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstFileNameBuffer, outDirFilename, sfnSize);
data/libzstd-1.4.5+dfsg/programs/fileio.c:1636:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstFileNameBuffer, srcFileName, sfnSize);
data/libzstd-1.4.5+dfsg/programs/fileio.c:1638:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstFileNameBuffer+sfnSize, suffix, srcSuffixLen+1 /* Include terminating null */);
data/libzstd-1.4.5+dfsg/programs/fileio.c:1850:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ const char lastZeroByte[1] = { 0 };
data/libzstd-1.4.5+dfsg/programs/fileio.c:2520:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstFileNameBuffer, outDirFilename, dstFileNameEndPos);
data/libzstd-1.4.5+dfsg/programs/fileio.c:2523:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstFileNameBuffer, srcFileName, dstFileNameEndPos);
data/libzstd-1.4.5+dfsg/programs/util.c:307:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* const inputFile = fopen(inputFileName, "r");
data/libzstd-1.4.5+dfsg/programs/util.c:449:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+pos, table1->fileNames[idx1], curLen);
data/libzstd-1.4.5+dfsg/programs/util.c:458:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+pos, table2->fileNames[idx2], curLen);
data/libzstd-1.4.5+dfsg/programs/util.c:487:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path, dirName, dirLength);
data/libzstd-1.4.5+dfsg/programs/util.c:503:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path, dirName, dirLength);
data/libzstd-1.4.5+dfsg/programs/util.c:505:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path+dirLength+1, cFile.cFileName, fnameLength);
data/libzstd-1.4.5+dfsg/programs/util.c:525:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*bufStart + *pos, path, pathLength+1 /* include final \0 */);
data/libzstd-1.4.5+dfsg/programs/util.c:562:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path, dirName, dirLength);
data/libzstd-1.4.5+dfsg/programs/util.c:565:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(path+dirLength+1, entry->d_name, fnameLength);
data/libzstd-1.4.5+dfsg/programs/util.c:587:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*bufStart + *pos, path, pathLength + 1); /* with final \0 */
data/libzstd-1.4.5+dfsg/programs/util.c:660:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf+pos, inputNames[ifnNb], len+1); /* including final \0 */
data/libzstd-1.4.5+dfsg/programs/util.c:699:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)newFNTable, filenames, sizeof_FNTable); /* void* : mitigate a Visual compiler bug or limitation */
data/libzstd-1.4.5+dfsg/programs/util.c:830:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
{ FILE* const cpuinfo = fopen("/proc/cpuinfo", "r");
data/libzstd-1.4.5+dfsg/programs/util.c:832:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[BUF_SIZE];
data/libzstd-1.4.5+dfsg/programs/util.c:854:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
siblings = atoi(sep + 1);
data/libzstd-1.4.5+dfsg/programs/util.c:863:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cpu_cores = atoi(sep + 1);
data/libzstd-1.4.5+dfsg/tests/decodecorpus.c:410:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, LITERAL_BUFFER, litSize);
data/libzstd-1.4.5+dfsg/tests/decodecorpus.c:683:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(srcPtr, literals, literalLen);
data/libzstd-1.4.5+dfsg/tests/decodecorpus.c:769:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(srcPtr, literals, literalsSize);
data/libzstd-1.4.5+dfsg/tests/decodecorpus.c:1048:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, frame->src, contentSize);
data/libzstd-1.4.5+dfsg/tests/decodecorpus.c:1074:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op, frame->src, contentSize);
data/libzstd-1.4.5+dfsg/tests/decodecorpus.c:1142:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(path, "wb");
data/libzstd-1.4.5+dfsg/tests/decodecorpus.c:1593:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outPath[MAX_PATH];
data/libzstd-1.4.5+dfsg/tests/decodecorpus.c:1635:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outPath[MAX_PATH];
data/libzstd-1.4.5+dfsg/tests/fullbench.c:283:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(firstBlockBuf, src, FIRST_BLOCK_SIZE);
data/libzstd-1.4.5+dfsg/tests/fullbench.c:462:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstBuff2, dstBuff+skippedSize, g_cSize-skippedSize);
data/libzstd-1.4.5+dfsg/tests/fullbench.c:493:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstBuff2, ip, g_cSize); /* copy rest of block (it starts by SeqHeader) */
data/libzstd-1.4.5+dfsg/tests/fullbench.c:611:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* const inFile = fopen( inFileName, "rb" );
data/libzstd-1.4.5+dfsg/tests/fuzz/block_round_trip.c:47:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, src, srcSize);
data/libzstd-1.4.5+dfsg/tests/fuzz/regression_driver.c:69:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(fileName, "rb");
data/libzstd-1.4.5+dfsg/tests/fuzz/zstd_helpers.c:122:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(samples + pos, src + offset, toCopy);
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:317:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, seqs[i].litLength);
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:328:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, size);
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:476:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:480:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:484:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:488:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:755:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dict, src, size);
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:978:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)CNBuffer + 20, CNBuffer, 10); /* create one match, starting from beginning of sample, which is the difficult case (see #1241) */
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:1364:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[32];
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:1732:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
{ unsigned char const dictBufferFixed[144] = { 0x37, 0xa4, 0x30, 0xec, 0x63, 0x00, 0x00, 0x00, 0x08, 0x10, 0x00, 0x1f,
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:2485:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)compressedBuffer+cSize, (char*)CNBuffer+dictSize+blockSize, blockSize); /* send non-compressed block (without header) */
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:2497:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)decodedBuffer+blockSize, (char*)compressedBuffer+cSize, blockSize);
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:2504:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
assert(memcpy((char*)CNBuffer+dictSize, decodedBuffer, blockSize*3)); /* ensure regenerated content is identical to origin */
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:3032:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sampleBuffer, srcBuffer + sampleStart, sampleSize); }
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:3052:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstBuffer+tooSmallSize, &endMark, sizeof(endMark));
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:3089:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cBufferTooSmall, cBuffer, tooSmallSize);
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:3127:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cBuffer + pos, srcBuffer + noiseStart, noiseLength);
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:3134:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstBuffer+sampleSize, &endMark, 4);
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:3140:35: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
{ U32 endCheck; memcpy(&endCheck, dstBuffer+sampleSize, 4);
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:3190:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mirrorBuffer + totalTestSize, srcBuffer+segmentStart, segmentSize);
data/libzstd-1.4.5+dfsg/tests/paramgrill.c:871:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lvlstr[15] = "Custom Level";
data/libzstd-1.4.5+dfsg/tests/paramgrill.c:1273:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fileNamesTable[n], "rb");
data/libzstd-1.4.5+dfsg/tests/paramgrill.c:1333:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(dictFileName, "rb");
data/libzstd-1.4.5+dfsg/tests/paramgrill.c:2005:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* const f = fopen(rfName, "w");
data/libzstd-1.4.5+dfsg/tests/regression/data.c:117:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* file = fopen(filename, "rb");
data/libzstd-1.4.5+dfsg/tests/regression/data.c:511:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stampfile = fopen(stamp, "rb");
data/libzstd-1.4.5+dfsg/tests/regression/data.c:554:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stampfile = fopen(stamp, "wb");
data/libzstd-1.4.5+dfsg/tests/regression/method.c:265:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/libzstd-1.4.5+dfsg/tests/regression/method.c:287:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out[4096];
data/libzstd-1.4.5+dfsg/tests/regression/test.c:344:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* results = fopen(g_output, "w");
data/libzstd-1.4.5+dfsg/tests/roundTripCrash.c:194:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* const f = fopen(fileName, "rb");
data/libzstd-1.4.5+dfsg/tests/zbufftest.c:381:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copyBuffer+totalTestSize, srcBuffer+srcStart, readChunkSize);
data/libzstd-1.4.5+dfsg/tests/zbufftest.c:436:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cBuffer+cStart, srcBuffer+noiseStart, noiseSize);
data/libzstd-1.4.5+dfsg/tests/zstreamtest.c:1185:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, srcToCopy, segLength); /* create a long repetition at long distance for job 2 */
data/libzstd-1.4.5+dfsg/tests/zstreamtest.c:1455:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inbuf + inbufpos, (BYTE*)dictionary.start + 256, cursegmentlen);
data/libzstd-1.4.5+dfsg/tests/zstreamtest.c:1460:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inbuf + inbufpos, (BYTE*)dictionary.start + 128, cursegmentlen);
data/libzstd-1.4.5+dfsg/tests/zstreamtest.c:1493:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char testBuffer[6] = "\xAA\xAA\xAA\xAA\xAA\xAA";
data/libzstd-1.4.5+dfsg/tests/zstreamtest.c:1723:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copyBuffer+totalTestSize, srcBuffer+srcStart, inBuff.pos);
data/libzstd-1.4.5+dfsg/tests/zstreamtest.c:1789:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cBuffer+cStart, srcBuffer+noiseStart, noiseSize);
data/libzstd-1.4.5+dfsg/tests/zstreamtest.c:1982:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copyBuffer+totalTestSize, srcBuffer+srcStart, inBuff.pos);
data/libzstd-1.4.5+dfsg/tests/zstreamtest.c:2066:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cBuffer+cStart, srcBuffer+noiseStart, noiseSize);
data/libzstd-1.4.5+dfsg/tests/zstreamtest.c:2367:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copyBuffer+totalTestSize, srcBuffer+srcStart, inBuff.pos);
data/libzstd-1.4.5+dfsg/tests/zstreamtest.c:2438:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cBuffer+cStart, srcBuffer+noiseStart, noiseSize);
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example.c:123:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)uncompr, "garbage");
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example.c:174:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)uncompr, "garbage");
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example.c:270:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)uncompr, "garbage");
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example.c:366:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)uncompr, "garbage");
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example.c:445:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)uncompr, "garbage");
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example.c:526:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)uncompr, "garbage");
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example_original.c:115:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)uncompr, "garbage");
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example_original.c:166:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)uncompr, "garbage");
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example_original.c:262:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)uncompr, "garbage");
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example_original.c:358:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)uncompr, "garbage");
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example_original.c:437:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)uncompr, "garbage");
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example_original.c:518:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char*)uncompr, "garbage");
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/fitblk.c:81:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char raw[RAWLEN];
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/fitblk.c:106:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char raw[RAWLEN];
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/fitblk_original.c:76:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char raw[RAWLEN];
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/fitblk_original.c:99:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char raw[RAWLEN];
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:88:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:117:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "unknown win32 error (%ld)", error);
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:228:31: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fopen(path, gz->write ? "wb" : "rb");
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:247:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[BUFLEN];
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:272:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in[1];
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:306:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out[BUFLEN];
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:371:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
local char buf[BUFLEN];
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:439:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
local char buf[BUFLEN];
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:466:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
local char outfile[MAX_NAME_LEN];
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:478:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(file, "rb");
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:500:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
local char buf[MAX_NAME_LEN];
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:527:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(outfile, "wb");
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:556:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *bname, outmode[20];
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:558:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outmode, "wb6 ");
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:622:33: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * in = fopen(*argv, "rb");
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/zwrapbench.c:696:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(fileNamesTable[n], "rb");
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/zwrapbench.c:720:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mfName[20] = {0};
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/zwrapbench.c:765:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20] = {0};
data/libzstd-1.4.5+dfsg/zlibWrapper/gzguts.h:54:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# define open _open
data/libzstd-1.4.5+dfsg/zlibWrapper/gzlib.c:39:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[1024];
data/libzstd-1.4.5+dfsg/zlibWrapper/gzlib.c:68:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "unknown win32 error (%ld)", error);
data/libzstd-1.4.5+dfsg/zlibWrapper/gzlib.c:248:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open((const char *)path, oflag, 0666));
data/libzstd-1.4.5+dfsg/zlibWrapper/gzlib.c:301:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(path, "<fd:%d>", fd); /* for debugging */
data/libzstd-1.4.5+dfsg/zlibWrapper/gzlib.c:618:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(state.state->msg, ": ");
data/libzstd-1.4.5+dfsg/zlibWrapper/gzread.c:173:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state.state->x.next, strm->next_in, strm->avail_in);
data/libzstd-1.4.5+dfsg/zlibWrapper/gzread.c:337:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, state.state->x.next, n);
data/libzstd-1.4.5+dfsg/zlibWrapper/gzread.c:475:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1];
data/libzstd-1.4.5+dfsg/zlibWrapper/gzread.c:615:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, state.state->x.next, n);
data/libzstd-1.4.5+dfsg/zlibWrapper/gzwrite.c:218:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state.state->in + have, buf, copy);
data/libzstd-1.4.5+dfsg/zlibWrapper/gzwrite.c:315:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1];
data/libzstd-1.4.5+dfsg/zlibWrapper/gzwrite.c:450:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state.state->in, state.state->in + state.state->size, left);
data/libzstd-1.4.5+dfsg/zlibWrapper/gzwrite.c:549:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state.state->in, state.state->in + state.state->size, left);
data/libzstd-1.4.5+dfsg/zlibWrapper/zstd_zlibwrapper.c:123:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&zwc->allocFunc, strm, sizeof(z_stream));
data/libzstd-1.4.5+dfsg/zlibWrapper/zstd_zlibwrapper.c:434:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char headerBuf[16]; /* must be >= ZSTD_frameHeaderSize_min */
data/libzstd-1.4.5+dfsg/zlibWrapper/zstd_zlibwrapper.c:694:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zwd->headerBuf+zwd->totalInBytes, strm->next_in, srcSize);
data/libzstd-1.4.5+dfsg/zlibWrapper/zstd_zlibwrapper.c:770:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(zwd->headerBuf+zwd->totalInBytes, strm->next_in, srcSize);
data/libzstd-1.4.5+dfsg/contrib/diagnose_corruption/check_flipped_bits.c:148:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t dir_name_len = strlen(stuff->dict_file_dir_name);
data/libzstd-1.4.5+dfsg/contrib/diagnose_corruption/check_flipped_bits.c:150:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t dict_file_name_alloc_size = dir_name_len + 1 /* '/' */ + 10 /* max int32_t len */ + strlen(".zstd-dict") + 1 /* '\0' */;
data/libzstd-1.4.5+dfsg/contrib/largeNbDicts/largeNbDicts.c:890:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const comSize = strlen(longCommand);
data/libzstd-1.4.5+dfsg/contrib/pzstd/Pzstd.cpp:150:15: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getchar();
data/libzstd-1.4.5+dfsg/contrib/pzstd/utils/Range.h:66:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
/* implicit */ Range(Iter str) : b_(str), e_(str + std::strlen(str)) {}
data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/parallel_compression.c:21:20: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
# define SLEEP(x) usleep(x * 1000)
data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/parallel_compression.c:188:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const inL = strlen(filename);
data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/parallel_processing.c:27:20: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
# define SLEEP(x) usleep(x * 1000)
data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/seekable_compression.c:77:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t read, toRead = buffInSize;
data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/seekable_compression.c:79:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ZSTD_inBuffer input = { buffIn, read, 0 };
data/libzstd-1.4.5+dfsg/contrib/seekable_format/examples/seekable_compression.c:106:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const inL = strlen(filename);
data/libzstd-1.4.5+dfsg/contrib/seekable_format/zstd_seekable.h:177:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ZSTD_seekable_read* read;
data/libzstd-1.4.5+dfsg/contrib/seekable_format/zstdseek_decompress.c:263:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CHECK_IO(src.read(src.opaque, zs->inBuff, ZSTD_seekTableFooterSize));
data/libzstd-1.4.5+dfsg/contrib/seekable_format/zstdseek_decompress.c:288:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CHECK_IO(src.read(src.opaque, zs->inBuff, toRead));
data/libzstd-1.4.5+dfsg/contrib/seekable_format/zstdseek_decompress.c:322:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CHECK_IO(src.read(src.opaque, zs->inBuff+offset, toRead));
data/libzstd-1.4.5+dfsg/contrib/seekable_format/zstdseek_decompress.c:440:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
CHECK_IO(zs->src.read(zs->src.opaque, zs->inBuff, toRead));
data/libzstd-1.4.5+dfsg/doc/educational_decoder/harness.c:49:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read != size) ERR_OUT("error while reading file %s \n", path);
data/libzstd-1.4.5+dfsg/examples/dictionary_compression.c:61:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const inL = strlen(filename);
data/libzstd-1.4.5+dfsg/examples/multiple_simple_compression.c:37:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const filenameLength = strlen(filename);
data/libzstd-1.4.5+dfsg/examples/multiple_simple_compression.c:103:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const inFilenameLen = strlen(inFilename);
data/libzstd-1.4.5+dfsg/examples/multiple_streaming_compression.c:70:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t read;
data/libzstd-1.4.5+dfsg/examples/multiple_streaming_compression.c:75:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int const lastChunk = (read < toRead);
data/libzstd-1.4.5+dfsg/examples/multiple_streaming_compression.c:78:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ZSTD_inBuffer input = { ress.buffIn, read, 0 };
data/libzstd-1.4.5+dfsg/examples/multiple_streaming_compression.c:114:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const ifnSize = strlen(ifn);
data/libzstd-1.4.5+dfsg/examples/simple_compression.c:42:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const inL = strlen(filename);
data/libzstd-1.4.5+dfsg/examples/streaming_compression.c:55:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int const lastChunk = (read < toRead);
data/libzstd-1.4.5+dfsg/examples/streaming_compression.c:61:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ZSTD_inBuffer input = { buffIn, read, 0 };
data/libzstd-1.4.5+dfsg/examples/streaming_compression.c:95:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const inL = strlen(filename);
data/libzstd-1.4.5+dfsg/examples/streaming_decompression.c:36:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t read;
data/libzstd-1.4.5+dfsg/examples/streaming_decompression.c:41:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ZSTD_inBuffer input = { buffIn, read, 0 };
data/libzstd-1.4.5+dfsg/lib/compress/fse_compress.c:489:9: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/libzstd-1.4.5+dfsg/programs/benchzstd.c:328:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(displayName)>17) displayName += strlen(displayName) - 17; /* display last 17 characters */
data/libzstd-1.4.5+dfsg/programs/benchzstd.c:328:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(displayName)>17) displayName += strlen(displayName) - 17; /* display last 17 characters */
data/libzstd-1.4.5+dfsg/programs/fileio.c:602:30: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ int ch = getchar();
data/libzstd-1.4.5+dfsg/programs/fileio.c:608:58: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((ch!=EOF) && (ch!='\n')) ch = getchar();
data/libzstd-1.4.5+dfsg/programs/fileio.c:740:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (char*) calloc(1, strlen(outDirName) + 1 + strlen(filenameStart) + suffixLen + 1);
data/libzstd-1.4.5+dfsg/programs/fileio.c:740:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = (char*) calloc(1, strlen(outDirName) + 1 + strlen(filenameStart) + suffixLen + 1);
data/libzstd-1.4.5+dfsg/programs/fileio.c:745:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(result, outDirName, strlen(outDirName));
data/libzstd-1.4.5+dfsg/programs/fileio.c:746:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (outDirName[strlen(outDirName)-1] == separator) {
data/libzstd-1.4.5+dfsg/programs/fileio.c:747:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(result + strlen(outDirName), filenameStart, strlen(filenameStart));
data/libzstd-1.4.5+dfsg/programs/fileio.c:747:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(result + strlen(outDirName), filenameStart, strlen(filenameStart));
data/libzstd-1.4.5+dfsg/programs/fileio.c:749:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(result + strlen(outDirName), &separator, 1);
data/libzstd-1.4.5+dfsg/programs/fileio.c:750:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(result + strlen(outDirName) + 1, filenameStart, strlen(filenameStart));
data/libzstd-1.4.5+dfsg/programs/fileio.c:750:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(result + strlen(outDirName) + 1, filenameStart, strlen(filenameStart));
data/libzstd-1.4.5+dfsg/programs/fileio.c:1613:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sfnSize = strlen(srcFileName);
data/libzstd-1.4.5+dfsg/programs/fileio.c:1614:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const srcSuffixLen = strlen(suffix);
data/libzstd-1.4.5+dfsg/programs/fileio.c:1617:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sfnSize = strlen(outDirFilename);
data/libzstd-1.4.5+dfsg/programs/fileio.c:1935:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ size_t const srcFileLength = strlen(srcFileName);
data/libzstd-1.4.5+dfsg/programs/fileio.c:2462:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sfnSize = strlen(srcFileName);
data/libzstd-1.4.5+dfsg/programs/fileio.c:2474:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
srcSuffixLen = strlen(srcSuffix);
data/libzstd-1.4.5+dfsg/programs/fileio.c:2496:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dstSuffixLen = strlen(dstSuffix);
data/libzstd-1.4.5+dfsg/programs/fileio.c:2502:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sfnSize = strlen(outDirFilename);
data/libzstd-1.4.5+dfsg/programs/util.c:286:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
{ size_t linelen = strlen(buf);
data/libzstd-1.4.5+dfsg/programs/util.c:287:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf)==0) return 0;
data/libzstd-1.4.5+dfsg/programs/util.c:365:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(buf+pos)+1; /* +1 for the finishing `\0` */
data/libzstd-1.4.5+dfsg/programs/util.c:420:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
totalSize += strlen(table->fileNames[fnb]) + 1; /* +1 to add '\0' at the end of each fileName */
data/libzstd-1.4.5+dfsg/programs/util.c:448:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const curLen = strlen(table1->fileNames[idx1]);
data/libzstd-1.4.5+dfsg/programs/util.c:457:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const curLen = strlen(table2->fileNames[idx2]);
data/libzstd-1.4.5+dfsg/programs/util.c:483:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirLength = strlen(dirName);
data/libzstd-1.4.5+dfsg/programs/util.c:500:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const fnameLength = strlen(cFile.cFileName);
data/libzstd-1.4.5+dfsg/programs/util.c:552:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirLength = strlen(dirName);
data/libzstd-1.4.5+dfsg/programs/util.c:559:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fnameLength = strlen(entry->d_name);
data/libzstd-1.4.5+dfsg/programs/util.c:651:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const len = strlen(inputNames[ifnNb]);
data/libzstd-1.4.5+dfsg/programs/util.c:679:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(fileNamesTable[ifnNb]) + 1;
data/libzstd-1.4.5+dfsg/programs/zstdcli.c:237:14: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unused = getchar();
data/libzstd-1.4.5+dfsg/programs/zstdcli.c:254:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return !strncmp(exeName, test, strlen(test)) &&
data/libzstd-1.4.5+dfsg/programs/zstdcli.c:255:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(exeName[strlen(test)] == '\0' || exeName[strlen(test)] == '.');
data/libzstd-1.4.5+dfsg/programs/zstdcli.c:255:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(exeName[strlen(test)] == '\0' || exeName[strlen(test)] == '.');
data/libzstd-1.4.5+dfsg/programs/zstdcli.c:360:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const comSize = strlen(longCommand);
data/libzstd-1.4.5+dfsg/tests/checkTag.c:34:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const tagLength = strlen(tag);
data/libzstd-1.4.5+dfsg/tests/checkTag.c:35:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const verLength = strlen(ZSTD_VERSION_STRING);
data/libzstd-1.4.5+dfsg/tests/decodecorpus.c:1800:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const comSize = strlen(longCommand);
data/libzstd-1.4.5+dfsg/tests/decodecorpus.c:1863:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argument += strlen(argument);
data/libzstd-1.4.5+dfsg/tests/decodecorpus.c:1868:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argument += strlen(argument);
data/libzstd-1.4.5+dfsg/tests/decodecorpus.c:1896:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argument += strlen(argument);
data/libzstd-1.4.5+dfsg/tests/fullbench.c:698:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const comSize = strlen(longCommand);
data/libzstd-1.4.5+dfsg/tests/fullbench.c:840:72: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (main_pause) { int unused; printf("press enter...\n"); unused = getchar(); (void)unused; }
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:830:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
{ size_t read;
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:831:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for (read = 0; read < streamCompressThreshold; read += streamCompressDelta) {
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:3301:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const comSize = strlen(longCommand);
data/libzstd-1.4.5+dfsg/tests/fuzzer.c:3418:18: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unused = getchar();
data/libzstd-1.4.5+dfsg/tests/legacy.c:42:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const size = strlen(EXPECTED);
data/libzstd-1.4.5+dfsg/tests/legacy.c:136:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(EXPECTED) > ZSTD_decompressBound(COMPRESSED, COMPRESSED_SIZE)) {
data/libzstd-1.4.5+dfsg/tests/paramgrill.c:2571:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const comSize = strlen(longCommand);
data/libzstd-1.4.5+dfsg/tests/paramgrill.c:2917:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argument += strlen(argument);
data/libzstd-1.4.5+dfsg/tests/paramgrill.c:2963:72: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (main_pause) { int unused; printf("press enter...\n"); unused = getchar(); (void)unused; }
data/libzstd-1.4.5+dfsg/tests/regression/data.c:266:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const size1 = strlen(str1);
data/libzstd-1.4.5+dfsg/tests/regression/data.c:267:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const size2 = strlen(str2);
data/libzstd-1.4.5+dfsg/tests/regression/data.c:268:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const size3 = str3 == NULL ? 0 : strlen(str3);
data/libzstd-1.4.5+dfsg/tests/regression/data.c:277:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(dst) == size1 + size2 + size3);
data/libzstd-1.4.5+dfsg/tests/regression/data.c:442:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t const dirlen = strlen(dir);
data/libzstd-1.4.5+dfsg/tests/regression/data.c:488:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
XXH64_update(&state, datum->name, strlen(datum->name));
data/libzstd-1.4.5+dfsg/tests/regression/test.c:26:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int const len = strlen(name);
data/libzstd-1.4.5+dfsg/tests/regression/test.c:227:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int const data_padding = g_max_name_len - strlen(data_name);
data/libzstd-1.4.5+dfsg/tests/regression/test.c:228:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int const config_padding = g_max_name_len - strlen(config_name);
data/libzstd-1.4.5+dfsg/tests/regression/test.c:229:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int const method_padding = g_max_name_len - strlen(method_name);
data/libzstd-1.4.5+dfsg/tests/zbufftest.c:621:18: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unused = getchar();
data/libzstd-1.4.5+dfsg/tests/zstreamtest.c:2650:18: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unused = getchar();
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example.c:118:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uLong len = (uLong)strlen(hello)+1;
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example.c:148:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int)strlen(hello)+1;
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example.c:205:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char*)uncompr) != 7) { /* " hello!" */
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example.c:231:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uLong len = (uLong)strlen(hello)+1;
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example.c:406:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uInt len = (uInt)strlen(hello)+1;
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example.c:505:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c_stream.avail_in = (uInt)strlen(hello)+1;
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example.c:602:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argc = strlen(argv[0]);
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example_original.c:110:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uLong len = (uLong)strlen(hello)+1;
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example_original.c:140:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int)strlen(hello)+1;
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example_original.c:197:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen((char*)uncompr) != 7) { /* " hello!" */
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example_original.c:223:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uLong len = (uLong)strlen(hello)+1;
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example_original.c:398:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uInt len = (uInt)strlen(hello)+1;
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example_original.c:497:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c_stream.avail_in = (uInt)strlen(hello)+1;
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/example_original.c:593:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argc = strlen(argv[0]);
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:470:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(file) + strlen(GZ_SUFFIX) >= sizeof(outfile)) {
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:470:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(file) + strlen(GZ_SUFFIX) >= sizeof(outfile)) {
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:504:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(file);
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/minigzip.c:506:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len + strlen(GZ_SUFFIX) >= sizeof(buf)) {
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/zwrapbench.c:172:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(displayName)>17) displayName += strlen(displayName)-17; /* can only display 17 characters */
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/zwrapbench.c:172:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(displayName)>17) displayName += strlen(displayName)-17; /* can only display 17 characters */
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/zwrapbench.c:839:14: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unused = getchar();
data/libzstd-1.4.5+dfsg/zlibWrapper/examples/zwrapbench.c:879:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (pos = strlen(programName); pos > 0; pos--) { if (programName[pos] == '/') { pos++; break; } }
data/libzstd-1.4.5+dfsg/zlibWrapper/gzguts.h:55:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
# define read _read
data/libzstd-1.4.5+dfsg/zlibWrapper/gzlib.c:202:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen((const char *)path);
data/libzstd-1.4.5+dfsg/zlibWrapper/gzlib.c:608:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((state.state->msg = (char *)malloc(strlen(state.state->path) + strlen(msg) + 3)) ==
data/libzstd-1.4.5+dfsg/zlibWrapper/gzlib.c:608:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((state.state->msg = (char *)malloc(strlen(state.state->path) + strlen(msg) + 3)) ==
data/libzstd-1.4.5+dfsg/zlibWrapper/gzlib.c:614:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)snprintf(state.state->msg, strlen(state.state->path) + strlen(msg) + 3,
data/libzstd-1.4.5+dfsg/zlibWrapper/gzlib.c:614:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(void)snprintf(state.state->msg, strlen(state.state->path) + strlen(msg) + 3,
data/libzstd-1.4.5+dfsg/zlibWrapper/gzread.c:46:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ret = read(state.state->fd, buf + *have, get);
data/libzstd-1.4.5+dfsg/zlibWrapper/gzwrite.c:376:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/libzstd-1.4.5+dfsg/zlibWrapper/gzwrite.c:432:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(next);
data/libzstd-1.4.5+dfsg/zlibWrapper/gzwrite.c:530:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(next);
data/libzstd-1.4.5+dfsg/zlibWrapper/zstd_zlibwrapper.c:527:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zwd->version = (char*)ZSTD_malloc(strlen(version)+1, zwd->customMem);
ANALYSIS SUMMARY:
Hits = 665
Lines analyzed = 122915 in approximately 3.54 seconds (34688 lines/second)
Physical Source Lines of Code (SLOC) = 84534
Hits@level = [0] 450 [1] 131 [2] 451 [3] 11 [4] 69 [5] 3
Hits@level+ = [0+] 1115 [1+] 665 [2+] 534 [3+] 83 [4+] 72 [5+] 3
Hits/KSLOC@level+ = [0+] 13.19 [1+] 7.86666 [2+] 6.31698 [3+] 0.981853 [4+] 0.851728 [5+] 0.0354887
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.