Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/makefs-20190105/contrib/code/mirmake/dist/contrib/fgetln.c Examining data/makefs-20190105/src/include/vis.h Examining data/makefs-20190105/src/kern/c/strlfun.c Examining data/makefs-20190105/src/lib/libc/gen/setmode.c Examining data/makefs-20190105/src/lib/libc/gen/unvis.c Examining data/makefs-20190105/src/lib/libutil/fparseln.c Examining data/makefs-20190105/src/sbin/mknod/mknod.c Examining data/makefs-20190105/src/sys/isofs/cd9660/cd9660_bmap.c Examining data/makefs-20190105/src/sys/isofs/cd9660/cd9660_extern.h Examining data/makefs-20190105/src/sys/isofs/cd9660/cd9660_lookup.c Examining data/makefs-20190105/src/sys/isofs/cd9660/cd9660_node.c Examining data/makefs-20190105/src/sys/isofs/cd9660/cd9660_node.h Examining data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.c Examining data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.h Examining data/makefs-20190105/src/sys/isofs/cd9660/cd9660_util.c Examining data/makefs-20190105/src/sys/isofs/cd9660/cd9660_vfsops.c Examining data/makefs-20190105/src/sys/isofs/cd9660/cd9660_vnops.c Examining data/makefs-20190105/src/sys/isofs/cd9660/iso.h Examining data/makefs-20190105/src/sys/isofs/cd9660/iso_rrip.h Examining data/makefs-20190105/src/sys/ufs/ffs/ffs_alloc.c Examining data/makefs-20190105/src/sys/ufs/ffs/ffs_balloc.c Examining data/makefs-20190105/src/sys/ufs/ffs/ffs_extern.h Examining data/makefs-20190105/src/sys/ufs/ffs/ffs_inode.c Examining data/makefs-20190105/src/sys/ufs/ffs/ffs_softdep.c Examining data/makefs-20190105/src/sys/ufs/ffs/ffs_softdep_stub.c Examining data/makefs-20190105/src/sys/ufs/ffs/ffs_subr.c Examining data/makefs-20190105/src/sys/ufs/ffs/ffs_tables.c Examining data/makefs-20190105/src/sys/ufs/ffs/ffs_vfsops.c Examining data/makefs-20190105/src/sys/ufs/ffs/ffs_vnops.c Examining data/makefs-20190105/src/sys/ufs/ffs/fs.h Examining data/makefs-20190105/src/sys/ufs/ffs/softdep.h Examining data/makefs-20190105/src/sys/ufs/ufs/dinode.h Examining data/makefs-20190105/src/sys/ufs/ufs/dir.h Examining data/makefs-20190105/src/sys/ufs/ufs/dirhash.h Examining data/makefs-20190105/src/sys/ufs/ufs/extattr.h Examining data/makefs-20190105/src/sys/ufs/ufs/inode.h Examining data/makefs-20190105/src/sys/ufs/ufs/quota.h Examining data/makefs-20190105/src/sys/ufs/ufs/ufs_bmap.c Examining data/makefs-20190105/src/sys/ufs/ufs/ufs_dirhash.c Examining data/makefs-20190105/src/sys/ufs/ufs/ufs_extern.h Examining data/makefs-20190105/src/sys/ufs/ufs/ufs_ihash.c Examining data/makefs-20190105/src/sys/ufs/ufs/ufs_inode.c Examining data/makefs-20190105/src/sys/ufs/ufs/ufs_lookup.c Examining data/makefs-20190105/src/sys/ufs/ufs/ufs_quota.c Examining data/makefs-20190105/src/sys/ufs/ufs/ufs_quota_stub.c Examining data/makefs-20190105/src/sys/ufs/ufs/ufs_readwrite.c Examining data/makefs-20190105/src/sys/ufs/ufs/ufs_vfsops.c Examining data/makefs-20190105/src/sys/ufs/ufs/ufs_vnops.c Examining data/makefs-20190105/src/sys/ufs/ufs/ufsmount.h Examining data/makefs-20190105/src/usr.sbin/makefs/cd9660.c Examining data/makefs-20190105/src/usr.sbin/makefs/cd9660.h Examining data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_archimedes.c Examining data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_archimedes.h Examining data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_conversion.c Examining data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_debug.c Examining data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_eltorito.c Examining data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_eltorito.h Examining data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_strings.c Examining data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_write.c Examining data/makefs-20190105/src/usr.sbin/makefs/cd9660/iso9660_rrip.c Examining data/makefs-20190105/src/usr.sbin/makefs/cd9660/iso9660_rrip.h Examining data/makefs-20190105/src/usr.sbin/makefs/ffs.c Examining data/makefs-20190105/src/usr.sbin/makefs/ffs.h Examining data/makefs-20190105/src/usr.sbin/makefs/ffs/buf.c Examining data/makefs-20190105/src/usr.sbin/makefs/ffs/buf.h Examining data/makefs-20190105/src/usr.sbin/makefs/ffs/ffs_alloc.c Examining data/makefs-20190105/src/usr.sbin/makefs/ffs/ffs_balloc.c Examining data/makefs-20190105/src/usr.sbin/makefs/ffs/ffs_extern.h Examining data/makefs-20190105/src/usr.sbin/makefs/ffs/mkfs.c Examining data/makefs-20190105/src/usr.sbin/makefs/ffs/newfs_extern.h Examining data/makefs-20190105/src/usr.sbin/makefs/ffs/ufs_bmap.c Examining data/makefs-20190105/src/usr.sbin/makefs/ffs/ufs_inode.h Examining data/makefs-20190105/src/usr.sbin/makefs/makefs.c Examining data/makefs-20190105/src/usr.sbin/makefs/makefs.h Examining data/makefs-20190105/src/usr.sbin/makefs/mbsdtree.h Examining data/makefs-20190105/src/usr.sbin/makefs/nbsrc/lib/libc/gen/pwcache.c Examining data/makefs-20190105/src/usr.sbin/makefs/nbsrc/lib/libc/gen/pwcache.h Examining data/makefs-20190105/src/usr.sbin/makefs/nbsrc/lib/libc/stdlib/strsuftoll.c Examining data/makefs-20190105/src/usr.sbin/makefs/nbsrc/lib/libutil/stat_flags.c Examining data/makefs-20190105/src/usr.sbin/makefs/nbsrc/sbin/mknod/pack_dev.c Examining data/makefs-20190105/src/usr.sbin/makefs/nbsrc/sbin/mknod/pack_dev.h Examining data/makefs-20190105/src/usr.sbin/makefs/nbsrc/sys/ufs/ffs/ffs_bswap.c Examining data/makefs-20190105/src/usr.sbin/makefs/nbsrc/sys/ufs/ffs/ffs_extern.h Examining data/makefs-20190105/src/usr.sbin/makefs/nbsrc/sys/ufs/ffs/ffs_subr.c Examining data/makefs-20190105/src/usr.sbin/makefs/nbsrc/sys/ufs/ffs/fs.h Examining data/makefs-20190105/src/usr.sbin/makefs/nbsrc/sys/ufs/ufs/dinode.h Examining data/makefs-20190105/src/usr.sbin/makefs/nbsrc/sys/ufs/ufs/dir.h Examining data/makefs-20190105/src/usr.sbin/makefs/nbsrc/sys/ufs/ufs/ufs_bswap.h Examining data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/extern.h Examining data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/getid.c Examining data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/misc.c Examining data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/mtree.h Examining data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/spec.c Examining data/makefs-20190105/src/usr.sbin/makefs/walk.c Examining data/makefs-20190105/src/usr.sbin/mtree/compare.c Examining data/makefs-20190105/src/usr.sbin/mtree/crc.c Examining data/makefs-20190105/src/usr.sbin/mtree/create.c Examining data/makefs-20190105/src/usr.sbin/mtree/extern.h Examining data/makefs-20190105/src/usr.sbin/mtree/misc.c Examining data/makefs-20190105/src/usr.sbin/mtree/mtree.c Examining data/makefs-20190105/src/usr.sbin/mtree/mtree.h Examining data/makefs-20190105/src/usr.sbin/mtree/spec.c Examining data/makefs-20190105/src/usr.sbin/mtree/verify.c FINAL RESULTS: data/makefs-20190105/src/usr.sbin/makefs/walk.c:160:11: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. llen = readlink(path, slink, stbuf.st_size); data/makefs-20190105/src/usr.sbin/mtree/compare.c:127:8: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(p->fts_accpath, s->st_uid, -1)) data/makefs-20190105/src/usr.sbin/mtree/compare.c:141:8: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(p->fts_accpath, -1, s->st_gid)) data/makefs-20190105/src/usr.sbin/mtree/compare.c:172:8: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(p->fts_accpath, s->st_mode)) data/makefs-20190105/src/usr.sbin/mtree/compare.c:416:13: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. if ((len = readlink(name, lbuf, sizeof(lbuf)-1)) == -1) data/makefs-20190105/src/usr.sbin/mtree/verify.c:209:7: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. if (chown(path, p->st_uid, p->st_gid)) { data/makefs-20190105/src/usr.sbin/mtree/verify.c:214:7: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if (chmod(path, p->st_mode)) data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_eltorito.c:46:31: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define ELTORITO_DPRINTF(__x) printf __x data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_eltorito.c:175:18: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (tmp_image->system != new_image->system) data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_eltorito.c:175:39: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if (tmp_image->system != new_image->system) data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_eltorito.c:284:29: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ie->system_type[0] = disk->system; data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_eltorito.c:428:21: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. switch (tmp_disk->system) { data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_eltorito.c:446:49: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. cd9660_boot_setup_section_head(tmp_disk->system); data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_eltorito.h:146:9: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. u_char system; data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/spec.c:327:11: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. result = vprintf(fmt, ap); data/makefs-20190105/src/usr.sbin/mtree/create.c:86:6: [4] (misc) getlogin: It's often easy to fool getlogin. Sometimes it does not work at all, because some program messed up the utmp file. Often, it gives only the first 8 characters of the login name. The user currently logged in on the controlling tty of our program need not be the user who started it. Avoid getlogin() for security-related purposes (CWE-807). Use getpwuid(geteuid()) and extract the desired information instead. getlogin(), host, fullpath, ctime(&clock)); data/makefs-20190105/src/usr.sbin/mtree/create.c:374:8: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. (void)vsnprintf(buf, sizeof(buf), fmt, ap); data/makefs-20190105/src/usr.sbin/mtree/misc.c:105:8: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. (void)vfprintf(stderr, fmt, ap); data/makefs-20190105/src/sbin/mknod/mknod.c:72:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt(argc, argv, "m:")) != -1) data/makefs-20190105/src/usr.sbin/makefs/ffs.c:1141:3: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom(time(NULL)); data/makefs-20190105/src/usr.sbin/makefs/ffs.c:1147:18: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. dip->di_gen = random() / 2 + 1; data/makefs-20190105/src/usr.sbin/makefs/ffs/mkfs.c:86:17: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define randomx random data/makefs-20190105/src/usr.sbin/makefs/makefs.c:145:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt(argc, argv, "B:b:d:f:F:M:m:N:o:s:S:t:T:x")) != -1) { data/makefs-20190105/src/usr.sbin/mtree/mtree.c:77:15: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((ch = getopt(argc, argv, "cdef:iK:k:lnp:qrs:tUux")) != -1) data/makefs-20190105/src/lib/libutil/fparseln.c:75:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * data/makefs-20190105/src/lib/libutil/fparseln.c:76:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. fparseln(FILE *fp, size_t *size, size_t *lineno, const char str[3], data/makefs-20190105/src/lib/libutil/fparseln.c:79:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char dstr[3] = { '\\', '\\', '#' }; data/makefs-20190105/src/lib/libutil/fparseln.c:140:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void) memcpy(buf + len, ptr, s); data/makefs-20190105/src/sys/isofs/cd9660/cd9660_extern.h:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char root[ISODCL (157, 190)]; data/makefs-20190105/src/sys/isofs/cd9660/cd9660_lookup.c:121:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char altname[NAME_MAX]; data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.c:65:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[2]; data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.c:213:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(inbuf, outbuf, wlen); data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.c:285:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(inbuf, ana->outbuf, wlen); data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.h:41:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type [ISODCL ( 0, 1)]; data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.h:48:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mode [ISODCL ( 4, 11)]; /* 733 */ data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.h:49:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char links [ISODCL ( 12, 19)]; /* 733 */ data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.h:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uid [ISODCL ( 20, 27)]; /* 733 */ data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.h:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gid [ISODCL ( 28, 35)]; /* 733 */ data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.h:56:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dev_t_high [ISODCL ( 4, 11)]; /* 733 */ data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.h:57:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dev_t_low [ISODCL ( 12, 19)]; /* 733 */ data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.h:82:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flags [ISODCL ( 4, 4)]; data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.h:87:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir_loc [ISODCL ( 4, 11)]; /* 733 */ data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.h:92:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir_loc [ISODCL ( 4, 11)]; /* 733 */ data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.h:122:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char len_id [ISODCL ( 4, 4)]; data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.h:123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char len_des [ISODCL ( 5, 5)]; data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.h:124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char len_src [ISODCL ( 6, 6)]; data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.h:125:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version [ISODCL ( 7, 7)]; data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.h:130:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char check [ISODCL ( 4, 5)]; data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.h:131:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char skip [ISODCL ( 6, 6)]; data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.h:136:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char location [ISODCL ( 4, 11)]; data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.h:137:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char offset [ISODCL ( 12, 19)]; data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.h:138:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char length [ISODCL ( 20, 27)]; data/makefs-20190105/src/sys/isofs/cd9660/cd9660_vfsops.c:354:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy (rootp, isomp->root, sizeof isomp->root); data/makefs-20190105/src/sys/isofs/cd9660/cd9660_vfsops.c:420:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(rootp, isomp->root, sizeof isomp->root); data/makefs-20190105/src/sys/isofs/cd9660/cd9660_vfsops.c:641:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(mp->mnt_stat.f_mntonname, sbp->f_mntonname, MNAMELEN); data/makefs-20190105/src/sys/isofs/cd9660/cd9660_vfsops.c:642:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(mp->mnt_stat.f_mntfromname, sbp->f_mntfromname, data/makefs-20190105/src/sys/isofs/cd9660/cd9660_vfsops.c:644:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(&mp->mnt_stat.mount_info.iso_args, data/makefs-20190105/src/sys/isofs/cd9660/cd9660_vnops.c:536:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(&idp->current,&idp->assocent,idp->current.d_reclen); data/makefs-20190105/src/sys/isofs/cd9660/cd9660_vnops.c:539:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(&idp->current,&idp->saveent,idp->current.d_reclen); data/makefs-20190105/src/sys/isofs/cd9660/iso.h:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[ISODCL(1,1)]; /* 711 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[ISODCL(2,6)]; data/makefs-20190105/src/sys/isofs/cd9660/iso.h:54:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version[ISODCL(7,7)]; data/makefs-20190105/src/sys/isofs/cd9660/iso.h:55:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[ISODCL(8,2048)]; data/makefs-20190105/src/sys/isofs/cd9660/iso.h:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type [ISODCL ( 1, 1)]; /* 711 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:68:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id [ISODCL ( 2, 6)]; data/makefs-20190105/src/sys/isofs/cd9660/iso.h:69:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version [ISODCL ( 7, 7)]; /* 711 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:70:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unused1 [ISODCL ( 8, 8)]; data/makefs-20190105/src/sys/isofs/cd9660/iso.h:71:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char system_id [ISODCL ( 9, 40)]; /* achars */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:72:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char volume_id [ISODCL ( 41, 72)]; /* dchars */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:73:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unused2 [ISODCL ( 73, 80)]; data/makefs-20190105/src/sys/isofs/cd9660/iso.h:74:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char volume_space_size [ISODCL ( 81, 88)]; /* 733 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:75:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unused3 [ISODCL ( 89, 120)]; data/makefs-20190105/src/sys/isofs/cd9660/iso.h:76:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char volume_set_size [ISODCL (121, 124)]; /* 723 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:77:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char volume_sequence_number [ISODCL (125, 128)]; /* 723 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:78:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logical_block_size [ISODCL (129, 132)]; /* 723 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:79:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path_table_size [ISODCL (133, 140)]; /* 733 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type_l_path_table [ISODCL (141, 144)]; /* 731 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:81:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char opt_type_l_path_table [ISODCL (145, 148)]; /* 731 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:82:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type_m_path_table [ISODCL (149, 152)]; /* 732 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:83:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char opt_type_m_path_table [ISODCL (153, 156)]; /* 732 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char root_directory_record [ISODCL (157, 190)]; /* 9.1 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:85:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char volume_set_id [ISODCL (191, 318)]; /* dchars */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:86:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char publisher_id [ISODCL (319, 446)]; /* achars */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:87:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char preparer_id [ISODCL (447, 574)]; /* achars */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:88:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char application_id [ISODCL (575, 702)]; /* achars */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:89:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char copyright_file_id [ISODCL (703, 739)]; /* 7.5 dchars */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:90:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char abstract_file_id [ISODCL (740, 776)]; /* 7.5 dchars */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:91:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bibliographic_file_id [ISODCL (777, 813)]; /* 7.5 dchars */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:92:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char creation_date [ISODCL (814, 830)]; /* 8.4.26.1 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:93:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char modification_date [ISODCL (831, 847)]; /* 8.4.26.1 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:94:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expiration_date [ISODCL (848, 864)]; /* 8.4.26.1 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:95:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char effective_date [ISODCL (865, 881)]; /* 8.4.26.1 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:96:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_structure_version [ISODCL (882, 882)]; /* 711 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unused4 [ISODCL (883, 883)]; data/makefs-20190105/src/sys/isofs/cd9660/iso.h:98:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char application_data [ISODCL (884, 1395)]; data/makefs-20190105/src/sys/isofs/cd9660/iso.h:99:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unused5 [ISODCL (1396, 2048)]; data/makefs-20190105/src/sys/isofs/cd9660/iso.h:110:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type [ISODCL ( 1, 1)]; /* 711 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:111:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id [ISODCL ( 2, 6)]; data/makefs-20190105/src/sys/isofs/cd9660/iso.h:112:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version [ISODCL ( 7, 7)]; /* 711 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:113:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flags [ISODCL ( 8, 8)]; data/makefs-20190105/src/sys/isofs/cd9660/iso.h:114:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char system_id [ISODCL ( 9, 40)]; /* achars */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:115:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char volume_id [ISODCL ( 41, 72)]; /* dchars */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:116:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unused2 [ISODCL ( 73, 80)]; data/makefs-20190105/src/sys/isofs/cd9660/iso.h:117:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char volume_space_size [ISODCL ( 81, 88)]; /* 733 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:118:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char escape [ISODCL ( 89, 120)]; data/makefs-20190105/src/sys/isofs/cd9660/iso.h:119:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char volume_set_size [ISODCL (121, 124)]; /* 723 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:120:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char volume_sequence_number [ISODCL (125, 128)]; /* 723 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:121:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logical_block_size [ISODCL (129, 132)]; /* 723 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:122:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path_table_size [ISODCL (133, 140)]; /* 733 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type_l_path_table [ISODCL (141, 144)]; /* 731 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:124:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char opt_type_l_path_table [ISODCL (145, 148)]; /* 731 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:125:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type_m_path_table [ISODCL (149, 152)]; /* 732 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:126:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char opt_type_m_path_table [ISODCL (153, 156)]; /* 732 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:127:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char root_directory_record [ISODCL (157, 190)]; /* 9.1 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:128:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char volume_set_id [ISODCL (191, 318)]; /* dchars */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:129:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char publisher_id [ISODCL (319, 446)]; /* achars */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:130:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char preparer_id [ISODCL (447, 574)]; /* achars */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:131:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char application_id [ISODCL (575, 702)]; /* achars */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:132:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char copyright_file_id [ISODCL (703, 739)]; /* 7.5 dchars */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:133:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char abstract_file_id [ISODCL (740, 776)]; /* 7.5 dchars */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:134:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bibliographic_file_id [ISODCL (777, 813)]; /* 7.5 dchars */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:135:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char creation_date [ISODCL (814, 830)]; /* 8.4.26.1 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:136:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char modification_date [ISODCL (831, 847)]; /* 8.4.26.1 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:137:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char expiration_date [ISODCL (848, 864)]; /* 8.4.26.1 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:138:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char effective_date [ISODCL (865, 881)]; /* 8.4.26.1 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:139:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_structure_version [ISODCL (882, 882)]; /* 711 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:140:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unused4 [ISODCL (883, 883)]; data/makefs-20190105/src/sys/isofs/cd9660/iso.h:141:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char application_data [ISODCL (884, 1395)]; data/makefs-20190105/src/sys/isofs/cd9660/iso.h:142:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unused5 [ISODCL (1396, 2048)]; data/makefs-20190105/src/sys/isofs/cd9660/iso.h:146:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char length [ISODCL (1, 1)]; /* 711 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:147:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ext_attr_length [ISODCL (2, 2)]; /* 711 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:150:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char date [ISODCL (19, 25)]; /* 7 by 711 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:151:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flags [ISODCL (26, 26)]; data/makefs-20190105/src/sys/isofs/cd9660/iso.h:152:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_unit_size [ISODCL (27, 27)]; /* 711 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:153:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char interleave [ISODCL (28, 28)]; /* 711 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:154:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char volume_sequence_number [ISODCL (29, 32)]; /* 723 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:155:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_len [ISODCL (33, 33)]; /* 711 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:156:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name [1]; /* XXX */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:166:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ctime [ISODCL (11, 27)]; /* 8.4.26.1 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:167:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mtime [ISODCL (28, 44)]; /* 8.4.26.1 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:168:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char xtime [ISODCL (45, 61)]; /* 8.4.26.1 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:169:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ftime [ISODCL (62, 78)]; /* 8.4.26.1 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:170:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recfmt [ISODCL (79, 79)]; /* 711 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:171:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char recattr [ISODCL (80, 80)]; /* 711 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:173:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char system_id [ISODCL (85, 116)]; /* achars */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:174:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char system_use [ISODCL (117, 180)]; data/makefs-20190105/src/sys/isofs/cd9660/iso.h:175:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version [ISODCL (181, 181)]; /* 711 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:176:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char len_esc [ISODCL (182, 182)]; /* 711 */ data/makefs-20190105/src/sys/isofs/cd9660/iso.h:177:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reserved [ISODCL (183, 246)]; data/makefs-20190105/src/sys/ufs/ffs/ffs_inode.c:306:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((caddr_t)&oip->i_ffs_db[0], (caddr_t)oldblks, sizeof oldblks); data/makefs-20190105/src/sys/ufs/ffs/ffs_inode.c:323:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((caddr_t)&oip->i_ffs_db[0], (caddr_t)newblks, sizeof newblks); data/makefs-20190105/src/sys/ufs/ffs/ffs_inode.c:324:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((caddr_t)oldblks, (caddr_t)&oip->i_ffs_db[0], sizeof oldblks); data/makefs-20190105/src/sys/ufs/ffs/ffs_inode.c:486:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((caddr_t)bap, (caddr_t)copy, (u_int)fs->fs_bsize); data/makefs-20190105/src/sys/ufs/ffs/ffs_softdep.c:1271:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(&cstotal, &fs->fs_cstotal, sizeof cstotal); data/makefs-20190105/src/sys/ufs/ffs/ffs_softdep.c:1861:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(bp->b_data, newindirdep->ir_savebp->b_data, bp->b_bcount); data/makefs-20190105/src/sys/ufs/ffs/ffs_softdep.c:2071:4: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(bp->b_data, indirdep->ir_savebp->b_data, data/makefs-20190105/src/sys/ufs/ffs/ffs_softdep.c:2733:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(oldloc, newloc, entrysize); data/makefs-20190105/src/sys/ufs/ffs/ffs_softdep.c:3288:4: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(bp->b_data, indirdep->ir_saveddata, bp->b_bcount); data/makefs-20190105/src/sys/ufs/ffs/ffs_softdep.c:3289:4: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(indirdep->ir_savebp->b_data, bp->b_data, data/makefs-20190105/src/sys/ufs/ffs/ffs_softdep.c:3600:4: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(indirdep->ir_saveddata, bp->b_data, bp->b_bcount); data/makefs-20190105/src/sys/ufs/ffs/ffs_vfsops.c:578:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(newfs, fs, (u_int)fs->fs_sbsize); data/makefs-20190105/src/sys/ufs/ffs/ffs_vfsops.c:598:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(bp->b_data, space, (u_int)size); data/makefs-20190105/src/sys/ufs/ffs/ffs_vfsops.c:735:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(bp->b_data, ump->um_fs, (u_int)fs->fs_sbsize); data/makefs-20190105/src/sys/ufs/ffs/ffs_vfsops.c:758:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(bp->b_data, space, (u_int)size); data/makefs-20190105/src/sys/ufs/ffs/ffs_vfsops.c:1010:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(mp->mnt_stat.f_mntonname, sbp->f_mntonname, MNAMELEN); data/makefs-20190105/src/sys/ufs/ffs/ffs_vfsops.c:1011:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(mp->mnt_stat.f_mntfromname, sbp->f_mntfromname, MNAMELEN); data/makefs-20190105/src/sys/ufs/ffs/ffs_vfsops.c:1012:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(&mp->mnt_stat.mount_info.ufs_args, data/makefs-20190105/src/sys/ufs/ffs/ffs_vfsops.c:1322:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(space, bp->b_data, (u_int)size); data/makefs-20190105/src/sys/ufs/ffs/ffs_vfsops.c:1341:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((caddr_t)fs, bp->b_data, (u_int)fs->fs_sbsize); data/makefs-20190105/src/sys/ufs/ufs/dir.h:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char d_name[MAXNAMLEN + 1];/* name with length <= MAXNAMLEN */ data/makefs-20190105/src/sys/ufs/ufs/dir.h:135:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dot_name[4]; /* must be multiple of 4 */ data/makefs-20190105/src/sys/ufs/ufs/dir.h:140:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dotdot_name[4]; /* ditto */ data/makefs-20190105/src/sys/ufs/ufs/dir.h:150:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dot_name[4]; /* must be multiple of 4 */ data/makefs-20190105/src/sys/ufs/ufs/dir.h:154:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dotdot_name[4]; /* ditto */ data/makefs-20190105/src/sys/ufs/ufs/extattr.h:82:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uele_attrname[UFS_EXTATTR_MAXEXTATTRNAME]; data/makefs-20190105/src/sys/ufs/ufs/ufs_lookup.c:689:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(cnp->cn_nameptr, newdirp->d_name, (unsigned)cnp->cn_namelen + 1); data/makefs-20190105/src/sys/ufs/ufs/ufs_lookup.c:759:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((caddr_t)dirp, (caddr_t)bp->b_data + blkoff,newentrysize); data/makefs-20190105/src/sys/ufs/ufs/ufs_lookup.c:885:5: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((caddr_t)nep, (caddr_t)ep, dsize); data/makefs-20190105/src/sys/ufs/ufs/ufs_lookup.c:913:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((caddr_t)dirp, (caddr_t)ep, (u_int)newentrysize); data/makefs-20190105/src/sys/ufs/ufs/ufs_vnops.c:1275:2: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy((caddr_t)&dirtemplate, (caddr_t)bp->b_data, sizeof dirtemplate); data/makefs-20190105/src/sys/ufs/ufs/ufs_vnops.c:1472:3: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. bcopy(ap->a_target, (char *)ip->i_ffs_shortlink, len); data/makefs-20190105/src/sys/ufs/ufs/ufsmount.h:68:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char um_qflags[MAXQUOTAS]; /* quota specific flags */ data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:307:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, val, len); data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:680:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(diskStructure.primaryDescriptor.root_directory_record, data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:724:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(diskStructure.primaryDescriptor.expiration_date, data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:730:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(diskStructure.primaryDescriptor.creation_date, data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:733:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(diskStructure.primaryDescriptor.modification_date, data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:736:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(diskStructure.primaryDescriptor.expiration_date, data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:739:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(diskStructure.primaryDescriptor.effective_date, data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:742:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(diskStructure.primaryDescriptor.application_data, data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:744:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(diskStructure.primaryDescriptor.application_data + data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:755:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(record->name, name, name_len); data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:806:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp->volumeDescriptorData + 1, data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:847:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t->volumeDescriptorData + 1, data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:878:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[ISO_FILENAME_MAXLENGTH_WITH_PADDING]; data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:1194:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp, (iter->o_name), numbts); data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:1223:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((iter->isoDirRecord->name), tmp, numbts + 3); data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:1249:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cn->o_name, cn->isoDirRecord->name, data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:1317:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char newname[9]; data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:1864:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node->dot_record->isoDirRecord,node->isoDirRecord, 34); data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:1874:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node->dot_dot_record->isoDirRecord,node->isoDirRecord, data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:1879:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(node->dot_dot_record->isoDirRecord, data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:2154:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char na[2]; data/makefs-20190105/src/usr.sbin/makefs/cd9660.h:200:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name [ISO_FILENAME_MAXLENGTH_WITH_PADDING]; data/makefs-20190105/src/usr.sbin/makefs/cd9660.h:239:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char o_name [ISO_FILENAME_MAXLENGTH_WITH_PADDING]; data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_archimedes.c:108:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(arc->magic, "ARCHIMEDES", 10); data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_archimedes.h:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[10]; /* "ARCHIMEDES" */ data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_archimedes.h:35:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char loadaddr[4]; /* Load address, little-endian */ data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_archimedes.h:36:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char execaddr[4]; /* Exec address, little-endian */ data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_archimedes.h:45:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char reserved[12]; data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_conversion.c:67:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(twochar,&w,2); data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_conversion.c:76:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fourchar,&w,4); data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_conversion.c:86:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(twochar,&w,2); data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_conversion.c:95:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fourchar,&w,4); data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_conversion.c:116:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eightchar, &le, 4); data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_conversion.c:117:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((eightchar+4), &be, 4); data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_conversion.c:138:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fourchar, &le, 2); data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_conversion.c:139:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((fourchar+2), &be, 2); data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_conversion.c:177:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[18]; data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_conversion.c:188:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. (void)memcpy(buf, temp, 16); data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_debug.c:159:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp[2048]; data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_debug.c:165:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp, tmp->volumeDescriptorData + 1, 5); data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_debug.c:235:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[2048]; data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_debug.c:251:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&bootVD, buf, 2048); data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_debug.c:254:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&primaryVD, buf, 2048); data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_eltorito.c:486:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bvdData->identifier, ISO_VOLUME_DESCRIPTOR_STANDARD_ID, 5); data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_eltorito.c:488:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bvdData->boot_system_identifier, ET_ID, 23); data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_eltorito.c:489:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bvdData->identifier, ISO_VOLUME_DESCRIPTOR_STANDARD_ID, 5); data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_eltorito.c:542:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char cksum_buf[4]; data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_eltorito.c:543:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bitable[56]; data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_write.c:69:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_write.c:71:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(image, "w+")) == NULL) { data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_write.c:195:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(temp_entry.name, ptcur->isoDirRecord->name, data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_write.c:217:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, &temp_entry, len); data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_write.c:333:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&temp_record, temp->isoDirRecord, data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_write.c:426:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[2048]; data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_write.c:445:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((rf = fopen(filename, "rb")) == NULL) { data/makefs-20190105/src/usr.sbin/makefs/cd9660/iso9660_rrip.c:561:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_cr[255]; data/makefs-20190105/src/usr.sbin/makefs/cd9660/iso9660_rrip.c:562:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_sl[255]; /* used in copying continuation entry*/ data/makefs-20190105/src/usr.sbin/makefs/cd9660/iso9660_rrip.c:580:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(current->attr.rr_entry.SL.component + path_count, data/makefs-20190105/src/usr.sbin/makefs/cd9660/iso9660_rrip.c:627:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( data/makefs-20190105/src/usr.sbin/makefs/cd9660/iso9660_rrip.c:664:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(current->attr.rr_entry.SL.component + data/makefs-20190105/src/usr.sbin/makefs/cd9660/iso9660_rrip.c:846:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->attr.rr_entry.NM.altname, p, len); data/makefs-20190105/src/usr.sbin/makefs/cd9660/iso9660_rrip.c:891:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->attr.su_entry.ER.ext_data, ext_id, data/makefs-20190105/src/usr.sbin/makefs/cd9660/iso9660_rrip.c:894:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->attr.su_entry.ER.ext_data + l,ext_des, data/makefs-20190105/src/usr.sbin/makefs/cd9660/iso9660_rrip.c:898:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r->attr.su_entry.ER.ext_data + l,ext_src, data/makefs-20190105/src/usr.sbin/makefs/cd9660/iso9660_rrip.h:206:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type_of[2]; data/makefs-20190105/src/usr.sbin/makefs/ffs.c:490:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fsopts->fd = open(image, O_RDWR | O_CREAT | O_TRUNC, 0666)) data/makefs-20190105/src/usr.sbin/makefs/ffs.c:693:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dinp->di_db, cur->symlink, slen); data/makefs-20190105/src/usr.sbin/makefs/ffs.c:745:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dinp->di_db, cur->symlink, slen); data/makefs-20190105/src/usr.sbin/makefs/ffs.c:929:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((ffd = open((char *)buf, O_RDONLY, 0444)) == -1) { data/makefs-20190105/src/usr.sbin/makefs/ffs.c:974:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bp->b_data, p, chunk); data/makefs-20190105/src/usr.sbin/makefs/ffs.c:1066:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dp, &de, reclen); data/makefs-20190105/src/usr.sbin/makefs/ffs.c:1084:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sbbuf[FFS_MAXBSIZE]; data/makefs-20190105/src/usr.sbin/makefs/ffs/mkfs.c:97:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[SBLOCKSIZE]; data/makefs-20190105/src/usr.sbin/makefs/ffs/mkfs.c:104:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[FFS_MAXBSIZE]; data/makefs-20190105/src/usr.sbin/makefs/ffs/mkfs.c:111:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char writebuf[FFS_MAXBSIZE]; data/makefs-20190105/src/usr.sbin/makefs/ffs/mkfs.c:519:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(writebuf, &sblock, sbsize); data/makefs-20190105/src/usr.sbin/makefs/ffs/mkfs.c:522:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(iobuf, writebuf, SBLOCKSIZE); data/makefs-20190105/src/usr.sbin/makefs/ffs/mkfs.c:566:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(writebuf, &sblock, sbsize); data/makefs-20190105/src/usr.sbin/makefs/ffs/mkfs.c:598:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wrbuf, space, (u_int)size); data/makefs-20190105/src/usr.sbin/makefs/ffs/mkfs.c:758:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&iobuf[start], &acg, sblock.fs_cgsize); data/makefs-20190105/src/usr.sbin/makefs/mbsdtree.h:73:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *fparseln(FILE *, size_t *, size_t *, const char[3], int); data/makefs-20190105/src/usr.sbin/makefs/nbsrc/lib/libc/gen/pwcache.h:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[UNMLEN]; /* uid name */ data/makefs-20190105/src/usr.sbin/makefs/nbsrc/lib/libc/gen/pwcache.h:73:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[GNMLEN]; /* gid name */ data/makefs-20190105/src/usr.sbin/makefs/nbsrc/lib/libc/stdlib/strsuftoll.c:128:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuf[100]; data/makefs-20190105/src/usr.sbin/makefs/nbsrc/lib/libutil/stat_flags.c:77:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[128]; data/makefs-20190105/src/usr.sbin/makefs/nbsrc/sys/ufs/ffs/ffs_bswap.c:126:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(n->di_db, o->di_db, (NDADDR + NIADDR) * sizeof(u_int32_t)); data/makefs-20190105/src/usr.sbin/makefs/nbsrc/sys/ufs/ffs/ffs_bswap.c:156:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(n->di_extb, o->di_extb, (NXADDR + NDADDR + NIADDR) * 8); data/makefs-20190105/src/usr.sbin/makefs/nbsrc/sys/ufs/ufs/dir.h:86:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char d_name[FFS_MAXNAMLEN + 1];/* name with length <= FFS_MAXNAMLEN */ data/makefs-20190105/src/usr.sbin/makefs/nbsrc/sys/ufs/ufs/dir.h:139:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dot_name[4]; /* must be multiple of 4 */ data/makefs-20190105/src/usr.sbin/makefs/nbsrc/sys/ufs/ufs/dir.h:144:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dotdot_name[4]; /* ditto */ data/makefs-20190105/src/usr.sbin/makefs/nbsrc/sys/ufs/ufs/dir.h:154:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dot_name[4]; /* must be multiple of 4 */ data/makefs-20190105/src/usr.sbin/makefs/nbsrc/sys/ufs/ufs/dir.h:158:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dotdot_name[4]; /* ditto */ data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/getid.c:130:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *members[MAXGRP]; data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/getid.c:131:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char grline[MAXLINELENGTH]; data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/getid.c:132:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pwline[MAXLINELENGTH]; data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/getid.c:225:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return (_gr_fp = fopen(grfilep, "r")) ? 1 : 0; data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/getid.c:366:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return (_pw_fp = fopen(pwfilep, "r")) ? 1 : 0; data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/mtree.h:105:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1]; /* file name (must be last) */ data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/spec.c:237:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(centry->name, p, strlen(p)); data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/spec.c:344:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[MAXPATHLEN]; data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/spec.c:443:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pathbuf[4*MAXPATHLEN + 1]; data/makefs-20190105/src/usr.sbin/makefs/walk.c:258:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(specfile, "r")) == NULL) data/makefs-20190105/src/usr.sbin/mtree/compare.c:247:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(p->fts_accpath, O_RDONLY, 0)) < 0) { data/makefs-20190105/src/usr.sbin/mtree/compare.c:269:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *new_digest, buf[MD5_DIGEST_STRING_LENGTH]; data/makefs-20190105/src/usr.sbin/mtree/compare.c:285:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *new_digest, buf[RMD160_DIGEST_STRING_LENGTH]; data/makefs-20190105/src/usr.sbin/mtree/compare.c:301:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *new_digest, buf[SHA1_DIGEST_STRING_LENGTH]; data/makefs-20190105/src/usr.sbin/mtree/compare.c:413:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char lbuf[MAXPATHLEN]; data/makefs-20190105/src/usr.sbin/mtree/create.c:63:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char fullpath[MAXPATHLEN]; data/makefs-20190105/src/usr.sbin/mtree/create.c:79:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[2], host[MAXHOSTNAMELEN]; data/makefs-20190105/src/usr.sbin/mtree/create.c:200:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(p->fts_accpath, O_RDONLY, 0)) < 0 || data/makefs-20190105/src/usr.sbin/mtree/create.c:207:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *md5digest, buf[MD5_DIGEST_STRING_LENGTH]; data/makefs-20190105/src/usr.sbin/mtree/create.c:216:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *rmd160digest, buf[RMD160_DIGEST_STRING_LENGTH]; data/makefs-20190105/src/usr.sbin/mtree/create.c:225:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *sha1digest, buf[SHA1_DIGEST_STRING_LENGTH]; data/makefs-20190105/src/usr.sbin/mtree/create.c:371:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/makefs-20190105/src/usr.sbin/mtree/mtree.c:62:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullpath[MAXPATHLEN]; data/makefs-20190105/src/usr.sbin/mtree/mtree.h:102:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1]; /* file name (must be last) */ data/makefs-20190105/src/usr.sbin/mtree/spec.c:71:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/makefs-20190105/src/usr.sbin/mtree/verify.c:55:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char fullpath[MAXPATHLEN]; data/makefs-20190105/src/usr.sbin/mtree/verify.c:58:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char path[MAXPATHLEN]; data/makefs-20190105/src/usr.sbin/mtree/verify.c:81:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[2]; data/makefs-20190105/src/kern/c/strlfun.c:55:18: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define fn_len wcslen data/makefs-20190105/src/kern/c/strlfun.c:62:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define fn_len strlen data/makefs-20190105/src/lib/libc/gen/setmode.c:196:8: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). (void)umask(mask = umask(0)); data/makefs-20190105/src/lib/libc/gen/setmode.c:196:21: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). (void)umask(mask = umask(0)); data/makefs-20190105/src/lib/libutil/fparseln.c:173:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/makefs-20190105/src/sbin/mknod/mknod.c:116:9: [1] (access) umask: Ensure that umask is given most restrictive possible setting (e.g., 066 or 077) (CWE-732). (void)umask(0); data/makefs-20190105/src/sys/isofs/cd9660/cd9660_rrip.c:181:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wlen = strlen(inbuf); data/makefs-20190105/src/sys/isofs/cd9660/cd9660_vfsops.c:505:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(lp->d_typename, pri->volume_id, sizeof lp->d_typename); data/makefs-20190105/src/sys/isofs/cd9660/cd9660_vfsops.c:506:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(lp->d_packname, pri->volume_id+16, sizeof lp->d_packname); data/makefs-20190105/src/sys/ufs/ffs/ffs_vfsops.c:1015:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(sbp->f_fstypename, mp->mnt_vfc->vfc_name, MFSNAMELEN); data/makefs-20190105/src/sys/ufs/ufs/ufs_vnops.c:1469:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(ap->a_target); data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:301:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if ((len = strlen(val)) <= length) { data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:410:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). calloc(1, strlen(val) + 1)) == NULL) { data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:891:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flag, strlen(temp), temp); data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:1666:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (buf[strlen(buf) - 1] == '/') data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:1667:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf[strlen(buf) - 1] = '\0'; data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:1714:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *oldname == ',' && strlen(oldname) == 4) data/makefs-20190105/src/usr.sbin/makefs/cd9660.c:1783:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *oldname == ',' && strlen(oldname) == 4) data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_archimedes.c:90:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(node->node->name); data/makefs-20190105/src/usr.sbin/makefs/cd9660/cd9660_conversion.c:213:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (val == NULL || strlen(val) != 16) { data/makefs-20190105/src/usr.sbin/makefs/cd9660/iso9660_rrip.c:466:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ((strlen(node->node->name) != data/makefs-20190105/src/usr.sbin/makefs/cd9660/iso9660_rrip.c:730:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int nm_length = strlen(file_node->isoDirRecord->name) + 5; data/makefs-20190105/src/usr.sbin/makefs/cd9660/iso9660_rrip.c:838:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p); data/makefs-20190105/src/usr.sbin/makefs/cd9660/iso9660_rrip.c:876:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r->attr.su_entry.ER.len_id[0] = (u_char)strlen(ext_id); data/makefs-20190105/src/usr.sbin/makefs/cd9660/iso9660_rrip.c:877:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r->attr.su_entry.ER.len_des[0] = (u_char)strlen(ext_des); data/makefs-20190105/src/usr.sbin/makefs/cd9660/iso9660_rrip.c:878:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r->attr.su_entry.ER.len_src[0] = (u_char)strlen(ext_src); data/makefs-20190105/src/usr.sbin/makefs/ffs.c:575:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmpdir.d_namlen = strlen((e)); \ data/makefs-20190105/src/usr.sbin/makefs/ffs.c:615:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(node->symlink) + 1; data/makefs-20190105/src/usr.sbin/makefs/ffs.c:691:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(cur->symlink); data/makefs-20190105/src/usr.sbin/makefs/ffs.c:743:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(cur->symlink); data/makefs-20190105/src/usr.sbin/makefs/ffs.c:942:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). else if ((nread = read(ffd, fbuf, chunk)) == -1) data/makefs-20190105/src/usr.sbin/makefs/ffs.c:1033:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). de.d_namlen = (uint8_t)strlen(name); data/makefs-20190105/src/usr.sbin/makefs/ffs/buf.c:93:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rv = read((*bpp)->b_fd, (*bpp)->b_data, (*bpp)->b_bcount); data/makefs-20190105/src/usr.sbin/makefs/ffs/mkfs.c:808:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = read(fsopts->fd, bf, size); data/makefs-20190105/src/usr.sbin/makefs/makefs.c:168:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(optarg) - 1; data/makefs-20190105/src/usr.sbin/makefs/makefs.c:186:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(optarg) - 1; data/makefs-20190105/src/usr.sbin/makefs/nbsrc/lib/libc/gen/pwcache.c:418:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (name == NULL || ((namelen = strlen(name)) == 0)) data/makefs-20190105/src/usr.sbin/makefs/nbsrc/lib/libc/gen/pwcache.c:482:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (name == NULL || ((namelen = strlen(name)) == 0)) data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/getid.c:245:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = getc(_gr_fp)) != '\n' && ch != EOF) data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/getid.c:386:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((ch = getc(_pw_fp)) != '\n' && ch != EOF) data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/misc.c:206:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p) + 3; /* "," + p + ",\0" */ data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/spec.c:197:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = strlen(p) + 1; data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/spec.c:233:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((centry = calloc(1, sizeof(NODE) + strlen(p) + 1)) == NULL) data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/spec.c:237:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(centry->name, p, strlen(p)); data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/spec.c:238:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). centry->name[strlen(p)] = '\0'; data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/spec.c:421:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). q = p + strlen(p); data/makefs-20190105/src/usr.sbin/makefs/nbsrc/usr.sbin/mtree/spec.c:644:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(val) + 3; /* "," + str + ",\0" */ data/makefs-20190105/src/usr.sbin/mtree/crc.c:125:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((nr = read(fd, buf, sizeof(buf))) > 0) data/makefs-20190105/src/usr.sbin/mtree/create.c:236:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). esc_len = strlen(name) * 4 + 1; data/makefs-20190105/src/usr.sbin/mtree/create.c:377:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (*offset + strlen(buf) > MAXLINELEN - 3) { data/makefs-20190105/src/usr.sbin/mtree/spec.c:147:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p) + 1; /* NUL in struct _node */ data/makefs-20190105/src/usr.sbin/mtree/spec.c:255:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(val) + 1; ANALYSIS SUMMARY: Hits = 354 Lines analyzed = 45226 in approximately 1.23 seconds (36637 lines/second) Physical Source Lines of Code (SLOC) = 29883 Hits@level = [0] 370 [1] 52 [2] 278 [3] 6 [4] 11 [5] 7 Hits@level+ = [0+] 724 [1+] 354 [2+] 302 [3+] 24 [4+] 18 [5+] 7 Hits/KSLOC@level+ = [0+] 24.2278 [1+] 11.8462 [2+] 10.1061 [3+] 0.803132 [4+] 0.602349 [5+] 0.234247 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.