Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c
Examining data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.h
Examining data/moarvm-2020.10+dfsg/3rdparty/cmp/examples/example1.c
Examining data/moarvm-2020.10+dfsg/3rdparty/cmp/examples/example2.c
Examining data/moarvm-2020.10+dfsg/3rdparty/cmp/test/buf.c
Examining data/moarvm-2020.10+dfsg/3rdparty/cmp/test/buf.h
Examining data/moarvm-2020.10+dfsg/3rdparty/cmp/test/test.c
Examining data/moarvm-2020.10+dfsg/3rdparty/cmp/test/utils.c
Examining data/moarvm-2020.10+dfsg/3rdparty/cmp/test/utils.h
Examining data/moarvm-2020.10+dfsg/3rdparty/dynasm/dasm_arm.h
Examining data/moarvm-2020.10+dfsg/3rdparty/dynasm/dasm_mips.h
Examining data/moarvm-2020.10+dfsg/3rdparty/dynasm/dasm_ppc.h
Examining data/moarvm-2020.10+dfsg/3rdparty/dynasm/dasm_proto.h
Examining data/moarvm-2020.10+dfsg/3rdparty/dynasm/dasm_x86.h
Examining data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c
Examining data/moarvm-2020.10+dfsg/3rdparty/freebsd/memmem.c
Examining data/moarvm-2020.10+dfsg/3rdparty/msinttypes/inttypes.h
Examining data/moarvm-2020.10+dfsg/3rdparty/msinttypes/stdint.h
Examining data/moarvm-2020.10+dfsg/3rdparty/sha1/sha1.c
Examining data/moarvm-2020.10+dfsg/3rdparty/sha1/sha1.h
Examining data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c
Examining data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.h
Examining data/moarvm-2020.10+dfsg/src/6model/6model.c
Examining data/moarvm-2020.10+dfsg/src/6model/6model.h
Examining data/moarvm-2020.10+dfsg/src/6model/bootstrap.c
Examining data/moarvm-2020.10+dfsg/src/6model/bootstrap.h
Examining data/moarvm-2020.10+dfsg/src/6model/containers.c
Examining data/moarvm-2020.10+dfsg/src/6model/containers.h
Examining data/moarvm-2020.10+dfsg/src/6model/parametric.c
Examining data/moarvm-2020.10+dfsg/src/6model/parametric.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprconv.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprconv.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/CArray.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/CArray.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/CPPStruct.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/CPPStruct.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/CPointer.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/CPointer.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/CStr.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/CStr.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/CStruct.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/CStruct.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/CUnion.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/CUnion.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/ConcBlockingQueue.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/ConcBlockingQueue.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/ConditionVariable.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/ConditionVariable.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/Decoder.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/Decoder.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/HashAttrStore.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/HashAttrStore.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/KnowHOWAttributeREPR.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/KnowHOWAttributeREPR.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/KnowHOWREPR.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/KnowHOWREPR.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMAsyncTask.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMAsyncTask.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMCFunction.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMCFunction.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMCallCapture.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMCallCapture.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMCode.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMCode.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMCompUnit.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMCompUnit.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMContext.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMContext.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMContinuation.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMContinuation.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMDLLSym.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMDLLSym.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMException.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMException.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMHash.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMHash.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMIter.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMIter.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMMultiCache.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMMultiCache.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMNull.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMNull.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMOSHandle.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMOSHandle.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMSpeshLog.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMSpeshLog.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMSpeshPluginState.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMSpeshPluginState.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMStaticFrame.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMStaticFrame.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMStaticFrameSpesh.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMStaticFrameSpesh.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMString.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMString.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMThread.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MVMThread.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MultiDimArray.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/MultiDimArray.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/NFA.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/NFA.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/NativeCall.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/NativeCall.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/NativeRef.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/NativeRef.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/P6bigint.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/P6bigint.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/P6int.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/P6int.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/P6num.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/P6num.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/P6opaque.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/P6opaque.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/P6str.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/P6str.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/ReentrantMutex.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/ReentrantMutex.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/SCRef.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/SCRef.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/Semaphore.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/Semaphore.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/Uninstantiable.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/Uninstantiable.h
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/VMArray.c
Examining data/moarvm-2020.10+dfsg/src/6model/reprs/VMArray.h
Examining data/moarvm-2020.10+dfsg/src/6model/sc.c
Examining data/moarvm-2020.10+dfsg/src/6model/sc.h
Examining data/moarvm-2020.10+dfsg/src/6model/serialization.c
Examining data/moarvm-2020.10+dfsg/src/6model/serialization.h
Examining data/moarvm-2020.10+dfsg/src/bithacks.h
Examining data/moarvm-2020.10+dfsg/src/core/alloc.h
Examining data/moarvm-2020.10+dfsg/src/core/args.c
Examining data/moarvm-2020.10+dfsg/src/core/args.h
Examining data/moarvm-2020.10+dfsg/src/core/bitmap.h
Examining data/moarvm-2020.10+dfsg/src/core/bytecode.c
Examining data/moarvm-2020.10+dfsg/src/core/bytecode.h
Examining data/moarvm-2020.10+dfsg/src/core/bytecodedump.c
Examining data/moarvm-2020.10+dfsg/src/core/bytecodedump.h
Examining data/moarvm-2020.10+dfsg/src/core/callsite.c
Examining data/moarvm-2020.10+dfsg/src/core/callsite.h
Examining data/moarvm-2020.10+dfsg/src/core/callstack.c
Examining data/moarvm-2020.10+dfsg/src/core/callstack.h
Examining data/moarvm-2020.10+dfsg/src/core/coerce.c
Examining data/moarvm-2020.10+dfsg/src/core/coerce.h
Examining data/moarvm-2020.10+dfsg/src/core/compunit.c
Examining data/moarvm-2020.10+dfsg/src/core/compunit.h
Examining data/moarvm-2020.10+dfsg/src/core/continuation.c
Examining data/moarvm-2020.10+dfsg/src/core/continuation.h
Examining data/moarvm-2020.10+dfsg/src/core/dll.c
Examining data/moarvm-2020.10+dfsg/src/core/dll.h
Examining data/moarvm-2020.10+dfsg/src/core/exceptions.c
Examining data/moarvm-2020.10+dfsg/src/core/exceptions.h
Examining data/moarvm-2020.10+dfsg/src/core/ext.c
Examining data/moarvm-2020.10+dfsg/src/core/ext.h
Examining data/moarvm-2020.10+dfsg/src/core/fixedsizealloc.c
Examining data/moarvm-2020.10+dfsg/src/core/fixedsizealloc.h
Examining data/moarvm-2020.10+dfsg/src/core/fixkey_hash_table.c
Examining data/moarvm-2020.10+dfsg/src/core/fixkey_hash_table.h
Examining data/moarvm-2020.10+dfsg/src/core/fixkey_hash_table_funcs.h
Examining data/moarvm-2020.10+dfsg/src/core/frame.c
Examining data/moarvm-2020.10+dfsg/src/core/frame.h
Examining data/moarvm-2020.10+dfsg/src/core/hll.c
Examining data/moarvm-2020.10+dfsg/src/core/hll.h
Examining data/moarvm-2020.10+dfsg/src/core/index_hash_table.c
Examining data/moarvm-2020.10+dfsg/src/core/index_hash_table.h
Examining data/moarvm-2020.10+dfsg/src/core/index_hash_table_funcs.h
Examining data/moarvm-2020.10+dfsg/src/core/instance.h
Examining data/moarvm-2020.10+dfsg/src/core/intcache.c
Examining data/moarvm-2020.10+dfsg/src/core/intcache.h
Examining data/moarvm-2020.10+dfsg/src/core/interp.c
Examining data/moarvm-2020.10+dfsg/src/core/interp.h
Examining data/moarvm-2020.10+dfsg/src/core/loadbytecode.c
Examining data/moarvm-2020.10+dfsg/src/core/loadbytecode.h
Examining data/moarvm-2020.10+dfsg/src/core/nativecall.c
Examining data/moarvm-2020.10+dfsg/src/core/nativecall.h
Examining data/moarvm-2020.10+dfsg/src/core/nativecall_dyncall.c
Examining data/moarvm-2020.10+dfsg/src/core/nativecall_dyncall.h
Examining data/moarvm-2020.10+dfsg/src/core/nativecall_libffi.c
Examining data/moarvm-2020.10+dfsg/src/core/nativecall_libffi.h
Examining data/moarvm-2020.10+dfsg/src/core/oplabels.h
Examining data/moarvm-2020.10+dfsg/src/core/ops.c
Examining data/moarvm-2020.10+dfsg/src/core/ops.h
Examining data/moarvm-2020.10+dfsg/src/core/ptr_hash_table.c
Examining data/moarvm-2020.10+dfsg/src/core/ptr_hash_table.h
Examining data/moarvm-2020.10+dfsg/src/core/ptr_hash_table_funcs.h
Examining data/moarvm-2020.10+dfsg/src/core/regionalloc.c
Examining data/moarvm-2020.10+dfsg/src/core/regionalloc.h
Examining data/moarvm-2020.10+dfsg/src/core/str_hash_table.c
Examining data/moarvm-2020.10+dfsg/src/core/str_hash_table.h
Examining data/moarvm-2020.10+dfsg/src/core/str_hash_table_funcs.h
Examining data/moarvm-2020.10+dfsg/src/core/threadcontext.c
Examining data/moarvm-2020.10+dfsg/src/core/threadcontext.h
Examining data/moarvm-2020.10+dfsg/src/core/threads.c
Examining data/moarvm-2020.10+dfsg/src/core/threads.h
Examining data/moarvm-2020.10+dfsg/src/core/uni_hash_table.c
Examining data/moarvm-2020.10+dfsg/src/core/uni_hash_table.h
Examining data/moarvm-2020.10+dfsg/src/core/uni_hash_table_funcs.h
Examining data/moarvm-2020.10+dfsg/src/core/validation.h
Examining data/moarvm-2020.10+dfsg/src/core/vector.h
Examining data/moarvm-2020.10+dfsg/src/core/validation.c
Examining data/moarvm-2020.10+dfsg/src/debug/debugserver.c
Examining data/moarvm-2020.10+dfsg/src/debug/debugserver.h
Examining data/moarvm-2020.10+dfsg/src/gc/allocation.c
Examining data/moarvm-2020.10+dfsg/src/gc/allocation.h
Examining data/moarvm-2020.10+dfsg/src/gc/collect.c
Examining data/moarvm-2020.10+dfsg/src/gc/collect.h
Examining data/moarvm-2020.10+dfsg/src/gc/debug.c
Examining data/moarvm-2020.10+dfsg/src/gc/debug.h
Examining data/moarvm-2020.10+dfsg/src/gc/finalize.c
Examining data/moarvm-2020.10+dfsg/src/gc/finalize.h
Examining data/moarvm-2020.10+dfsg/src/gc/gen2.c
Examining data/moarvm-2020.10+dfsg/src/gc/gen2.h
Examining data/moarvm-2020.10+dfsg/src/gc/objectid.c
Examining data/moarvm-2020.10+dfsg/src/gc/objectid.h
Examining data/moarvm-2020.10+dfsg/src/gc/orchestrate.c
Examining data/moarvm-2020.10+dfsg/src/gc/orchestrate.h
Examining data/moarvm-2020.10+dfsg/src/gc/roots.c
Examining data/moarvm-2020.10+dfsg/src/gc/roots.h
Examining data/moarvm-2020.10+dfsg/src/gc/wb.c
Examining data/moarvm-2020.10+dfsg/src/gc/wb.h
Examining data/moarvm-2020.10+dfsg/src/gc/worklist.c
Examining data/moarvm-2020.10+dfsg/src/gc/worklist.h
Examining data/moarvm-2020.10+dfsg/src/gcc_diag.h
Examining data/moarvm-2020.10+dfsg/src/instrument/crossthreadwrite.c
Examining data/moarvm-2020.10+dfsg/src/instrument/crossthreadwrite.h
Examining data/moarvm-2020.10+dfsg/src/instrument/line_coverage.c
Examining data/moarvm-2020.10+dfsg/src/instrument/line_coverage.h
Examining data/moarvm-2020.10+dfsg/src/io/asyncsocket.c
Examining data/moarvm-2020.10+dfsg/src/io/asyncsocket.h
Examining data/moarvm-2020.10+dfsg/src/io/asyncsocketudp.c
Examining data/moarvm-2020.10+dfsg/src/io/asyncsocketudp.h
Examining data/moarvm-2020.10+dfsg/src/io/dirops.c
Examining data/moarvm-2020.10+dfsg/src/io/dirops.h
Examining data/moarvm-2020.10+dfsg/src/io/eventloop.c
Examining data/moarvm-2020.10+dfsg/src/io/eventloop.h
Examining data/moarvm-2020.10+dfsg/src/io/fileops.c
Examining data/moarvm-2020.10+dfsg/src/io/fileops.h
Examining data/moarvm-2020.10+dfsg/src/io/filewatchers.c
Examining data/moarvm-2020.10+dfsg/src/io/filewatchers.h
Examining data/moarvm-2020.10+dfsg/src/io/io.c
Examining data/moarvm-2020.10+dfsg/src/io/io.h
Examining data/moarvm-2020.10+dfsg/src/io/procops.c
Examining data/moarvm-2020.10+dfsg/src/io/procops.h
Examining data/moarvm-2020.10+dfsg/src/io/signals.c
Examining data/moarvm-2020.10+dfsg/src/io/signals.h
Examining data/moarvm-2020.10+dfsg/src/io/syncfile.c
Examining data/moarvm-2020.10+dfsg/src/io/syncfile.h
Examining data/moarvm-2020.10+dfsg/src/io/syncsocket.c
Examining data/moarvm-2020.10+dfsg/src/io/syncsocket.h
Examining data/moarvm-2020.10+dfsg/src/io/timers.c
Examining data/moarvm-2020.10+dfsg/src/io/timers.h
Examining data/moarvm-2020.10+dfsg/src/jit/compile.c
Examining data/moarvm-2020.10+dfsg/src/jit/compile.h
Examining data/moarvm-2020.10+dfsg/src/jit/dump.c
Examining data/moarvm-2020.10+dfsg/src/jit/dump.h
Examining data/moarvm-2020.10+dfsg/src/jit/expr.c
Examining data/moarvm-2020.10+dfsg/src/jit/expr.h
Examining data/moarvm-2020.10+dfsg/src/jit/expr_ops.h
Examining data/moarvm-2020.10+dfsg/src/jit/graph.c
Examining data/moarvm-2020.10+dfsg/src/jit/graph.h
Examining data/moarvm-2020.10+dfsg/src/jit/interface.c
Examining data/moarvm-2020.10+dfsg/src/jit/interface.h
Examining data/moarvm-2020.10+dfsg/src/jit/internal.h
Examining data/moarvm-2020.10+dfsg/src/jit/label.c
Examining data/moarvm-2020.10+dfsg/src/jit/label.h
Examining data/moarvm-2020.10+dfsg/src/jit/linear_scan.c
Examining data/moarvm-2020.10+dfsg/src/jit/register.h
Examining data/moarvm-2020.10+dfsg/src/jit/stub.c
Examining data/moarvm-2020.10+dfsg/src/jit/tile.c
Examining data/moarvm-2020.10+dfsg/src/jit/tile.h
Examining data/moarvm-2020.10+dfsg/src/jit/x64/arch.c
Examining data/moarvm-2020.10+dfsg/src/jit/x64/arch.h
Examining data/moarvm-2020.10+dfsg/src/main.c
Examining data/moarvm-2020.10+dfsg/src/math/bigintops.c
Examining data/moarvm-2020.10+dfsg/src/math/bigintops.h
Examining data/moarvm-2020.10+dfsg/src/math/grisu.c
Examining data/moarvm-2020.10+dfsg/src/math/grisu.h
Examining data/moarvm-2020.10+dfsg/src/math/num.c
Examining data/moarvm-2020.10+dfsg/src/math/num.h
Examining data/moarvm-2020.10+dfsg/src/memdebug.h
Examining data/moarvm-2020.10+dfsg/src/moar.c
Examining data/moarvm-2020.10+dfsg/src/moar.h
Examining data/moarvm-2020.10+dfsg/src/platform/fork.h
Examining data/moarvm-2020.10+dfsg/src/platform/inttypes.h
Examining data/moarvm-2020.10+dfsg/src/platform/io.h
Examining data/moarvm-2020.10+dfsg/src/platform/malloc_trim.c
Examining data/moarvm-2020.10+dfsg/src/platform/malloc_trim.h
Examining data/moarvm-2020.10+dfsg/src/platform/memmem.h
Examining data/moarvm-2020.10+dfsg/src/platform/memmem32.c
Examining data/moarvm-2020.10+dfsg/src/platform/memmem32.h
Examining data/moarvm-2020.10+dfsg/src/platform/mmap.h
Examining data/moarvm-2020.10+dfsg/src/platform/posix/fork.c
Examining data/moarvm-2020.10+dfsg/src/platform/posix/io.c
Examining data/moarvm-2020.10+dfsg/src/platform/posix/mmap.c
Examining data/moarvm-2020.10+dfsg/src/platform/posix/time.c
Examining data/moarvm-2020.10+dfsg/src/platform/random.c
Examining data/moarvm-2020.10+dfsg/src/platform/random.h
Examining data/moarvm-2020.10+dfsg/src/platform/setjmp.h
Examining data/moarvm-2020.10+dfsg/src/platform/stdint.h
Examining data/moarvm-2020.10+dfsg/src/platform/sys.c
Examining data/moarvm-2020.10+dfsg/src/platform/sys.h
Examining data/moarvm-2020.10+dfsg/src/platform/threads.h
Examining data/moarvm-2020.10+dfsg/src/platform/time.h
Examining data/moarvm-2020.10+dfsg/src/platform/win32/fork.c
Examining data/moarvm-2020.10+dfsg/src/platform/win32/io.c
Examining data/moarvm-2020.10+dfsg/src/platform/win32/mmap.c
Examining data/moarvm-2020.10+dfsg/src/platform/win32/time.c
Examining data/moarvm-2020.10+dfsg/src/profiler/configuration.c
Examining data/moarvm-2020.10+dfsg/src/profiler/configuration.h
Examining data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c
Examining data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.h
Examining data/moarvm-2020.10+dfsg/src/profiler/instrument.c
Examining data/moarvm-2020.10+dfsg/src/profiler/instrument.h
Examining data/moarvm-2020.10+dfsg/src/profiler/log.c
Examining data/moarvm-2020.10+dfsg/src/profiler/log.h
Examining data/moarvm-2020.10+dfsg/src/profiler/profile.c
Examining data/moarvm-2020.10+dfsg/src/profiler/profile.h
Examining data/moarvm-2020.10+dfsg/src/profiler/telemeh.c
Examining data/moarvm-2020.10+dfsg/src/profiler/telemeh.h
Examining data/moarvm-2020.10+dfsg/src/spesh/arg_guard.c
Examining data/moarvm-2020.10+dfsg/src/spesh/arg_guard.h
Examining data/moarvm-2020.10+dfsg/src/spesh/args.c
Examining data/moarvm-2020.10+dfsg/src/spesh/args.h
Examining data/moarvm-2020.10+dfsg/src/spesh/candidate.c
Examining data/moarvm-2020.10+dfsg/src/spesh/candidate.h
Examining data/moarvm-2020.10+dfsg/src/spesh/codegen.c
Examining data/moarvm-2020.10+dfsg/src/spesh/codegen.h
Examining data/moarvm-2020.10+dfsg/src/spesh/dead_bb_elimination.c
Examining data/moarvm-2020.10+dfsg/src/spesh/dead_bb_elimination.h
Examining data/moarvm-2020.10+dfsg/src/spesh/dead_ins_elimination.c
Examining data/moarvm-2020.10+dfsg/src/spesh/dead_ins_elimination.h
Examining data/moarvm-2020.10+dfsg/src/spesh/debug.c
Examining data/moarvm-2020.10+dfsg/src/spesh/debug.h
Examining data/moarvm-2020.10+dfsg/src/spesh/deopt.c
Examining data/moarvm-2020.10+dfsg/src/spesh/deopt.h
Examining data/moarvm-2020.10+dfsg/src/spesh/dump.c
Examining data/moarvm-2020.10+dfsg/src/spesh/dump.h
Examining data/moarvm-2020.10+dfsg/src/spesh/facts.c
Examining data/moarvm-2020.10+dfsg/src/spesh/facts.h
Examining data/moarvm-2020.10+dfsg/src/spesh/frame_walker.c
Examining data/moarvm-2020.10+dfsg/src/spesh/frame_walker.h
Examining data/moarvm-2020.10+dfsg/src/spesh/graph.c
Examining data/moarvm-2020.10+dfsg/src/spesh/graph.h
Examining data/moarvm-2020.10+dfsg/src/spesh/inline.c
Examining data/moarvm-2020.10+dfsg/src/spesh/inline.h
Examining data/moarvm-2020.10+dfsg/src/spesh/iterator.c
Examining data/moarvm-2020.10+dfsg/src/spesh/iterator.h
Examining data/moarvm-2020.10+dfsg/src/spesh/log.c
Examining data/moarvm-2020.10+dfsg/src/spesh/log.h
Examining data/moarvm-2020.10+dfsg/src/spesh/lookup.c
Examining data/moarvm-2020.10+dfsg/src/spesh/lookup.h
Examining data/moarvm-2020.10+dfsg/src/spesh/manipulate.c
Examining data/moarvm-2020.10+dfsg/src/spesh/manipulate.h
Examining data/moarvm-2020.10+dfsg/src/spesh/optimize.c
Examining data/moarvm-2020.10+dfsg/src/spesh/optimize.h
Examining data/moarvm-2020.10+dfsg/src/spesh/osr.c
Examining data/moarvm-2020.10+dfsg/src/spesh/osr.h
Examining data/moarvm-2020.10+dfsg/src/spesh/pea.c
Examining data/moarvm-2020.10+dfsg/src/spesh/pea.h
Examining data/moarvm-2020.10+dfsg/src/spesh/plan.c
Examining data/moarvm-2020.10+dfsg/src/spesh/plan.h
Examining data/moarvm-2020.10+dfsg/src/spesh/plugin.c
Examining data/moarvm-2020.10+dfsg/src/spesh/plugin.h
Examining data/moarvm-2020.10+dfsg/src/spesh/stats.c
Examining data/moarvm-2020.10+dfsg/src/spesh/stats.h
Examining data/moarvm-2020.10+dfsg/src/spesh/threshold.c
Examining data/moarvm-2020.10+dfsg/src/spesh/threshold.h
Examining data/moarvm-2020.10+dfsg/src/spesh/usages.c
Examining data/moarvm-2020.10+dfsg/src/spesh/usages.h
Examining data/moarvm-2020.10+dfsg/src/spesh/worker.c
Examining data/moarvm-2020.10+dfsg/src/spesh/worker.h
Examining data/moarvm-2020.10+dfsg/src/strings/ascii.c
Examining data/moarvm-2020.10+dfsg/src/strings/ascii.h
Examining data/moarvm-2020.10+dfsg/src/strings/decode_stream.c
Examining data/moarvm-2020.10+dfsg/src/strings/decode_stream.h
Examining data/moarvm-2020.10+dfsg/src/strings/gb18030.c
Examining data/moarvm-2020.10+dfsg/src/strings/gb18030.h
Examining data/moarvm-2020.10+dfsg/src/strings/gb18030_codeindex.h
Examining data/moarvm-2020.10+dfsg/src/strings/gb2312.c
Examining data/moarvm-2020.10+dfsg/src/strings/gb2312.h
Examining data/moarvm-2020.10+dfsg/src/strings/gb2312_codeindex.h
Examining data/moarvm-2020.10+dfsg/src/strings/iter.h
Examining data/moarvm-2020.10+dfsg/src/strings/latin1.c
Examining data/moarvm-2020.10+dfsg/src/strings/latin1.h
Examining data/moarvm-2020.10+dfsg/src/strings/nfg.c
Examining data/moarvm-2020.10+dfsg/src/strings/nfg.h
Examining data/moarvm-2020.10+dfsg/src/strings/normalize.c
Examining data/moarvm-2020.10+dfsg/src/strings/normalize.h
Examining data/moarvm-2020.10+dfsg/src/strings/ops.c
Examining data/moarvm-2020.10+dfsg/src/strings/ops.h
Examining data/moarvm-2020.10+dfsg/src/strings/parse_num.c
Examining data/moarvm-2020.10+dfsg/src/strings/parse_num.h
Examining data/moarvm-2020.10+dfsg/src/strings/shiftjis.c
Examining data/moarvm-2020.10+dfsg/src/strings/shiftjis.h
Examining data/moarvm-2020.10+dfsg/src/strings/shiftjis_codeindex.h
Examining data/moarvm-2020.10+dfsg/src/strings/siphash/csiphash.h
Examining data/moarvm-2020.10+dfsg/src/strings/siphash/test.c
Examining data/moarvm-2020.10+dfsg/src/strings/unicode.c
Examining data/moarvm-2020.10+dfsg/src/strings/unicode.h
Examining data/moarvm-2020.10+dfsg/src/strings/unicode_db.c
Examining data/moarvm-2020.10+dfsg/src/strings/unicode_gen.h
Examining data/moarvm-2020.10+dfsg/src/strings/unicode_ops.c
Examining data/moarvm-2020.10+dfsg/src/strings/unicode_ops.h
Examining data/moarvm-2020.10+dfsg/src/strings/unicode_prop_macros.h
Examining data/moarvm-2020.10+dfsg/src/strings/unicode_uca.c
Examining data/moarvm-2020.10+dfsg/src/strings/utf16.c
Examining data/moarvm-2020.10+dfsg/src/strings/utf16.h
Examining data/moarvm-2020.10+dfsg/src/strings/utf8.c
Examining data/moarvm-2020.10+dfsg/src/strings/utf8.h
Examining data/moarvm-2020.10+dfsg/src/strings/utf8_c8.c
Examining data/moarvm-2020.10+dfsg/src/strings/utf8_c8.h
Examining data/moarvm-2020.10+dfsg/src/strings/windows1252.c
Examining data/moarvm-2020.10+dfsg/src/strings/windows1252.h
Examining data/moarvm-2020.10+dfsg/src/types.h
Examining data/moarvm-2020.10+dfsg/tools/repr_size_table.c

FINAL RESULTS:

data/moarvm-2020.10+dfsg/src/core/interp.c:4521:16:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
            OP(readlink):
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/utils.c:44:3:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
  vfprintf(stderr, msg, args);
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/utils.c:53:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(out, s);
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/utils.h:32:29:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    __attribute__ ((format (printf, 1, 2)));
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:747:1:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
strcat(out,source);
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:759:1:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
strcat(out,source);
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:7601:1:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
sprintf(buff,form,(int)luaL_checknumber(L,arg));
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:7606:1:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
sprintf(buff,form,(long)luaL_checknumber(L,arg));
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:7611:1:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
sprintf(buff,form,(unsigned long)luaL_checknumber(L,arg));
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:7616:1:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
sprintf(buff,form,(double)luaL_checknumber(L,arg));
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:7632:1:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
sprintf(buff,form,s);
data/moarvm-2020.10+dfsg/src/6model/reprs/NativeCall.c:28:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(dest_body->lib_name, src_body->lib_name);
data/moarvm-2020.10+dfsg/src/6model/reprs/P6opaque.c:2107:13:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            fprintf(stderr, nested ? ")" : ")\n");
data/moarvm-2020.10+dfsg/src/6model/reprs/P6opaque.c:2166:33:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                                fprintf(stderr, "=%"PRIi64, val);
data/moarvm-2020.10+dfsg/src/6model/reprs/P6opaque.c:2183:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        fprintf(stderr, nested ? ")" : ")\n");
data/moarvm-2020.10+dfsg/src/6model/serialization.c:1518:97:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                             const char *messageFormat, ...) MVM_NO_RETURN_ATTRIBUTE MVM_FORMAT(printf, 4, 5);
data/moarvm-2020.10+dfsg/src/core/bytecodedump.c:4:12:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
MVM_FORMAT(printf, 4, 5)
data/moarvm-2020.10+dfsg/src/core/bytecodedump.c:12:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(string, line_length, str, args);
data/moarvm-2020.10+dfsg/src/core/coerce.c:6:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _snprintf
data/moarvm-2020.10+dfsg/src/core/coerce.c:6:18:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _snprintf
data/moarvm-2020.10+dfsg/src/core/exceptions.c:4:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _snprintf
data/moarvm-2020.10+dfsg/src/core/exceptions.c:4:18:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _snprintf
data/moarvm-2020.10+dfsg/src/core/exceptions.c:5:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define vsnprintf _vsnprintf
data/moarvm-2020.10+dfsg/src/core/exceptions.c:848:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, messageFormat, args);
data/moarvm-2020.10+dfsg/src/core/exceptions.c:867:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, messageFormat, args);
data/moarvm-2020.10+dfsg/src/core/exceptions.c:911:32:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        int        bytes     = vsnprintf(c_message, 1024, messageFormat, args);
data/moarvm-2020.10+dfsg/src/core/exceptions.c:944:13:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            vfprintf(stderr, messageFormat, args);
data/moarvm-2020.10+dfsg/src/core/exceptions.h:91:127:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
MVM_PUBLIC MVM_NO_RETURN void MVM_panic(MVMint32 exitCode, const char *messageFormat, ...) MVM_NO_RETURN_ATTRIBUTE MVM_FORMAT(printf, 2, 3);
data/moarvm-2020.10+dfsg/src/core/exceptions.h:92:129:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
MVM_PUBLIC MVM_NO_RETURN void MVM_oops(MVMThreadContext *tc, const char *messageFormat, ...) MVM_NO_RETURN_ATTRIBUTE MVM_FORMAT(printf, 2, 3);
data/moarvm-2020.10+dfsg/src/core/exceptions.h:93:146:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
MVM_PUBLIC MVM_NO_RETURN void MVM_exception_throw_adhoc(MVMThreadContext *tc, const char *messageFormat, ...) MVM_NO_RETURN_ATTRIBUTE MVM_FORMAT(printf, 2, 3);
data/moarvm-2020.10+dfsg/src/core/exceptions.h:95:165:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
MVM_PUBLIC MVM_NO_RETURN void MVM_exception_throw_adhoc_free(MVMThreadContext *tc, char **waste, const char *messageFormat, ...) MVM_NO_RETURN_ATTRIBUTE MVM_FORMAT(printf, 3, 4);
data/moarvm-2020.10+dfsg/src/core/validation.c:62:81:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
MVM_NO_RETURN static void fail(Validator *val, const char *msg, ...) MVM_FORMAT(printf, 2, 3) MVM_NO_RETURN_ATTRIBUTE;
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:1311:13:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            fprintf(stderr, "could not retrieve object of handle %"PRId64, argument->handle_id);
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:1343:13:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
            fprintf(stderr, "could not retrieve object of handle %"PRId64, argument->handle_id);
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:2671:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        snprintf(portstr, 16, "%"PRIu64, port);
data/moarvm-2020.10+dfsg/src/gc/orchestrate.h:56:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf((msg), (tc)->thread_id, \
data/moarvm-2020.10+dfsg/src/gc/orchestrate.h:61:9:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        printf((msg), (tc)->thread_id, \
data/moarvm-2020.10+dfsg/src/instrument/line_coverage.c:4:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _snprintf
data/moarvm-2020.10+dfsg/src/instrument/line_coverage.c:4:18:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _snprintf
data/moarvm-2020.10+dfsg/src/io/dirops.c:92:9:  [4] (buffer) wcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
        wcscat(wpathname, abs_dirname);
data/moarvm-2020.10+dfsg/src/io/dirops.c:242:13:  [4] (buffer) wcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
            wcscat(dir_name, abs_dirname);
data/moarvm-2020.10+dfsg/src/io/dirops.c:245:13:  [4] (buffer) wcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer.
            wcscpy(dir_name, wname);
data/moarvm-2020.10+dfsg/src/io/syncsocket.c:21:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _snprintf
data/moarvm-2020.10+dfsg/src/io/syncsocket.c:21:18:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _snprintf
data/moarvm-2020.10+dfsg/src/io/syncsocket.c:332:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(result_un->sun_path, host_cstr);
data/moarvm-2020.10+dfsg/src/jit/dump.c:43:14:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
        j += snprintf(nargs + j, sizeof(nargs)-j-3, "%"PRId32, arg);
data/moarvm-2020.10+dfsg/src/jit/dump.c:74:30:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    char *ptr = node_label + sprintf(node_label, "%s%s", op_name,
data/moarvm-2020.10+dfsg/src/jit/dump.c:77:16:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        ptr += sprintf(ptr, "%" PRId32 "%s", args[i],
data/moarvm-2020.10+dfsg/src/jit/dump.c:81:16:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        ptr += sprintf(ptr, ":%s", MVM_register_type(info->type));
data/moarvm-2020.10+dfsg/src/jit/linear_scan.c:10:31:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define _DEBUG(fmt, ...) do { fprintf(stderr, fmt "%s", __VA_ARGS__, "\n"); } while(0)
data/moarvm-2020.10+dfsg/src/main.c:32:11:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define snprintf _snprintf
data/moarvm-2020.10+dfsg/src/main.c:32:20:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#  define snprintf _snprintf
data/moarvm-2020.10+dfsg/src/moar.c:9:9:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _snprintf
data/moarvm-2020.10+dfsg/src/moar.c:9:18:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define snprintf _snprintf
data/moarvm-2020.10+dfsg/src/moar.c:62:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf(fixed_path, path_length + 16, path, pid);
data/moarvm-2020.10+dfsg/src/moar.c:328:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf(jit_bytecode_dir, len+32, "%s/moar-jit.%"PRIi64,
data/moarvm-2020.10+dfsg/src/platform/win32/io.c:73:9:  [4] (buffer) wcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120).
        wcscat(wpathname, abs_wpathname);
data/moarvm-2020.10+dfsg/src/profiler/configuration.c:25:19:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define junkprint fprintf
data/moarvm-2020.10+dfsg/src/profiler/configuration.c:41:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        vfprintf(stderr, str, args);
data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c:839:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(&filename, 1022, format, args);
data/moarvm-2020.10+dfsg/src/profiler/log.c:11:9:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        vfprintf(stderr, str, args);
data/moarvm-2020.10+dfsg/src/spesh/debug.c:7:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(tc->instance->spesh_log_fh, format, list);
data/moarvm-2020.10+dfsg/src/spesh/dump.c:33:12:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
MVM_FORMAT(printf, 2, 3)
data/moarvm-2020.10+dfsg/src/spesh/dump.c:38:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(c_message, 1023, fmt, args);
data/moarvm-2020.10+dfsg/src/spesh/graph.c:82:12:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
MVM_FORMAT(printf, 4, 5)
data/moarvm-2020.10+dfsg/src/spesh/graph.c:95:12:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    size = vsnprintf(NULL, 0, fmt, ap);
data/moarvm-2020.10+dfsg/src/spesh/graph.c:109:5:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    vsnprintf(comment, size, fmt, ap);
data/moarvm-2020.10+dfsg/src/spesh/pea.c:10:5:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    vfprintf(stderr, fmt, args);
data/moarvm-2020.10+dfsg/src/strings/ops.c:50:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(result, "%s%s%5i%s%.10"PRIi32",%.10"PRIi32"", synthtype_str, format_str, synth->num_codes, format_str2, synth->codes[0], synth->codes[1]);
data/moarvm-2020.10+dfsg/src/strings/ops.c:61:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(result, picked);
data/moarvm-2020.10+dfsg/src/strings/ops.c:105:17:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
                snprintf(out, out_size,
data/moarvm-2020.10+dfsg/src/strings/unicode_ops.c:135:30:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    #define DEBUG_PRINT(...) fprintf (stderr, __VA_ARGS__)
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:68:44:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
static void tinymt64_next_state(uint64_t * random) {
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:71:5:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    random[0] &= TINYMT64_MASK;
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:72:9:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    x = random[0] ^ random[1];
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:72:21:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    x = random[0] ^ random[1];
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:77:5:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    random[0] = random[1];
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:77:17:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    random[0] = random[1];
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:78:5:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    random[1] = x;
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:79:5:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    random[0] ^= -((int64_t)(x & 1)) & mat1;
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:80:5:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    random[1] ^= -((int64_t)(x & 1)) & (((uint64_t)mat2) << 32);
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:89:42:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
static uint64_t uint64_temper(uint64_t * random) {
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:91:9:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    x = random[0] + random[1];
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:91:21:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    x = random[0] + random[1];
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:92:10:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    x ^= random[0] >> TINYMT64_SH8;
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:102:46:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
uint64_t tinymt64_generate_uint64(uint64_t * random) {
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:103:25:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    tinymt64_next_state(random);
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:104:26:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    return uint64_temper(random);
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:113:44:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
double tinymt64_generate_double(uint64_t * random) {
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:114:25:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    tinymt64_next_state(random);
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:115:27:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    return (uint64_temper(random) >> 11) * TINYMT64_MUL;
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:124:31:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
void tinymt64_init(uint64_t * random, uint64_t seed) {
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:126:5:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    random[0] = seed ^ ((uint64_t)mat1 << 32);
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:127:5:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    random[1] = mat2 ^ tmat;
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:129:9:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
        random[i & 1] ^= i + UINT64_C(6364136223846793005)
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:130:16:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
            * (random[(i - 1) & 1]
data/moarvm-2020.10+dfsg/3rdparty/tinymt/tinymt64.c:131:19:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
               ^ (random[(i - 1) & 1] >> 62));
data/moarvm-2020.10+dfsg/src/core/interp.c:3750:16:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
            OP(srand):
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:2921:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("MDS_NETWORK")) {
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:2927:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("MDS_PROTOCOL")) {
data/moarvm-2020.10+dfsg/src/io/fileops.c:242:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            char *pext = getenv("PATHEXT");
data/moarvm-2020.10+dfsg/src/main.c:218:33:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                spesh_disable = getenv("MVM_SPESH_DISABLE");
data/moarvm-2020.10+dfsg/src/main.c:219:31:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
                jit_disable = getenv("MVM_JIT_DISABLE");
data/moarvm-2020.10+dfsg/src/main.c:254:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("MVM_TELEMETRY_LOG")) {
data/moarvm-2020.10+dfsg/src/main.c:257:38:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        snprintf(path, 255, "%s.%d", getenv("MVM_TELEMETRY_LOG"),
data/moarvm-2020.10+dfsg/src/main.c:308:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("MVM_TELEMETRY_LOG") && telemeh_inited) {
data/moarvm-2020.10+dfsg/src/moar.c:246:17:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    spesh_log = getenv("MVM_SPESH_LOG");
data/moarvm-2020.10+dfsg/src/moar.c:250:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    spesh_disable = getenv("MVM_SPESH_DISABLE");
data/moarvm-2020.10+dfsg/src/moar.c:253:32:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        spesh_inline_disable = getenv("MVM_SPESH_INLINE_DISABLE");
data/moarvm-2020.10+dfsg/src/moar.c:256:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        spesh_osr_disable = getenv("MVM_SPESH_OSR_DISABLE");
data/moarvm-2020.10+dfsg/src/moar.c:259:29:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        spesh_pea_disable = getenv("MVM_SPESH_PEA_DISABLE");
data/moarvm-2020.10+dfsg/src/moar.c:268:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    spesh_nodelay = getenv("MVM_SPESH_NODELAY");
data/moarvm-2020.10+dfsg/src/moar.c:275:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    spesh_limit = getenv("MVM_SPESH_LIMIT");
data/moarvm-2020.10+dfsg/src/moar.c:282:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    spesh_blocking = getenv("MVM_SPESH_BLOCKING");
data/moarvm-2020.10+dfsg/src/moar.c:287:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    spesh_inline_log = getenv("MVM_SPESH_INLINE_LOG");
data/moarvm-2020.10+dfsg/src/moar.c:292:19:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    jit_disable = getenv("MVM_JIT_DISABLE");
data/moarvm-2020.10+dfsg/src/moar.c:296:24:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    jit_expr_disable = getenv("MVM_JIT_EXPR_DISABLE");
data/moarvm-2020.10+dfsg/src/moar.c:302:27:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        char *jit_debug = getenv("MVM_JIT_DEBUG");
data/moarvm-2020.10+dfsg/src/moar.c:309:30:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        char *jit_perf_map = getenv("MVM_JIT_PERF_MAP");
data/moarvm-2020.10+dfsg/src/moar.c:320:35:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        char *jit_dump_bytecode = getenv("MVM_JIT_DUMP_BYTECODE");
data/moarvm-2020.10+dfsg/src/moar.c:338:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    jit_last_frame = getenv("MVM_JIT_EXPR_LAST_FRAME");
data/moarvm-2020.10+dfsg/src/moar.c:339:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    jit_last_bb    = getenv("MVM_JIT_EXPR_LAST_BB");
data/moarvm-2020.10+dfsg/src/moar.c:348:37:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        char *jit_breakpoints_str = getenv("MVM_JIT_BREAKPOINTS");
data/moarvm-2020.10+dfsg/src/moar.c:379:18:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    dynvar_log = getenv("MVM_DYNVAR_LOG");
data/moarvm-2020.10+dfsg/src/moar.c:388:35:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    instance->nfa_debug_enabled = getenv("MVM_NFA_DEB") ? 1 : 0;
data/moarvm-2020.10+dfsg/src/moar.c:389:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("MVM_CROSS_THREAD_WRITE_LOG")) {
data/moarvm-2020.10+dfsg/src/moar.c:392:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            getenv("MVM_CROSS_THREAD_WRITE_LOG_INCLUDE_LOCKED") ? 1 : 0;
data/moarvm-2020.10+dfsg/src/moar.c:401:9:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    if (getenv("MVM_COVERAGE_LOG")) {
data/moarvm-2020.10+dfsg/src/moar.c:402:30:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        char *coverage_log = getenv("MVM_COVERAGE_LOG");
data/moarvm-2020.10+dfsg/src/moar.c:411:13:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        if (getenv("MVM_COVERAGE_CONTROL")) {
data/moarvm-2020.10+dfsg/src/moar.c:412:38:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            char *coverage_control = getenv("MVM_COVERAGE_CONTROL");
data/moarvm-2020.10+dfsg/src/profiler/configuration.c:515:28:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    MVMuint8 debug_level = getenv("MVM_CONFPROG_DEBUG") != NULL ? atoi(getenv("MVM_CONFPROG_DEBUG")) : 0;
data/moarvm-2020.10+dfsg/src/profiler/configuration.c:515:72:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    MVMuint8 debug_level = getenv("MVM_CONFPROG_DEBUG") != NULL ? atoi(getenv("MVM_CONFPROG_DEBUG")) : 0;
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:104:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const char *cmp_error_messages[ERROR_MAX + 1] = {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:647:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char bytes[4];
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:658:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char bytes[8];
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:917:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char swapped[sizeof(float)];
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:936:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char swapped[sizeof(double)];
data/moarvm-2020.10+dfsg/3rdparty/cmp/examples/example1.c:58:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hello[6] = {0, 0, 0, 0, 0, 0};
data/moarvm-2020.10+dfsg/3rdparty/cmp/examples/example1.c:59:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char message_pack[12] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
data/moarvm-2020.10+dfsg/3rdparty/cmp/examples/example1.c:61:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fh = fopen("cmp_data.dat", "w+b");
data/moarvm-2020.10+dfsg/3rdparty/cmp/examples/example2.c:74:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char sbuf[12] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
data/moarvm-2020.10+dfsg/3rdparty/cmp/examples/example2.c:76:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fh = fopen("cmp_data.dat", "w+b");
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/buf.c:166:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if ((fp = fopen(filename, "rb")) == NULL)
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/buf.c:220:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf->data + buf->cursor, data, size);
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/buf.c:365:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data, buf->data + buf->cursor, size);
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/buf.c:493:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new_buf, buf->data, buf->size);
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/test.c:75:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ldata[len + 1];                                                      \
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/test.c:166:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char data[255];                                                             \
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/test.c:183:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char data[255];                                                    \
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/test.c:248:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char edata[esize];                                                        \
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/test.c:269:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char edata[esize];                                                        \
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/test.c:3091:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char outfixedbuf1[1];
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/test.c:3092:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char outfixedbuf2[2];
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/test.c:3093:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char outfixedbuf4[4];
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/test.c:3094:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char outfixedbuf8[8];
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/test.c:3095:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char outfixedbuf16[16];
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/test.c:4157:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char init[4];
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/test.c:4158:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char outnit[4];
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/test.c:4195:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(outnit, &out, sizeof(out));
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:145:28:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
#define lua_number2str(s,n)sprintf((s),"%.14g",(n))
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:203:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char short_src[60];
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:680:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buff[2];
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:697:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buff[4*sizeof(void*)+8];
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:698:1:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff,"%p",va_arg(argp,void*));
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:707:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buff[3];
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:745:1:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
strcat(out,"...");
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:753:1:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
strcpy(out,"[string \"");
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:756:1:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
strcat(out,"...");
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:760:1:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
strcat(out,"\"]");
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:1295:1:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
memcpy(ts+1,str,l*sizeof(char));
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:2571:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buff[60];
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:2711:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buff[80];
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:4702:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char s[32];
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:4905:1:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
memcpy(buffer+tl,svalue(top-i),l);
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:5866:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buffer[BUFSIZ];
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:6102:1:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
memcpy(B->p,s,vl);
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:6121:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buff[BUFSIZ];
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:6154:6:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
lf.f=fopen(filename,"r");
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:6699:5:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
*pf=fopen(filename,mode);
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:6715:5:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
*pf=fopen(filename,mode);
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:6753:5:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
*pf=fopen(filename,"r");
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:7594:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char form[(sizeof("-+ #0")+sizeof("l")+10)];
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:7595:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buff[512];
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:7726:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buf[8];
data/moarvm-2020.10+dfsg/3rdparty/sha1/sha1.c:85:59:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void SHA1_Transform(unsigned int state[5], const unsigned char buffer[64]);
data/moarvm-2020.10+dfsg/3rdparty/sha1/sha1.c:109:59:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void SHA1_Transform(unsigned int state[5], const unsigned char buffer[64])
data/moarvm-2020.10+dfsg/3rdparty/sha1/sha1.c:113:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        unsigned char c[64];
data/moarvm-2020.10+dfsg/3rdparty/sha1/sha1.c:183:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&context->buffer[j], data, (i = 64-j));
data/moarvm-2020.10+dfsg/3rdparty/sha1/sha1.c:191:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&context->buffer[j], &data[i], len - i);
data/moarvm-2020.10+dfsg/3rdparty/sha1/sha1.c:196:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void SHA1_Digest(SHA1Context* context, unsigned char digest[SHA1_DIGEST_SIZE])
data/moarvm-2020.10+dfsg/3rdparty/sha1/sha1.c:199:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char  finalcount[8];
data/moarvm-2020.10+dfsg/3rdparty/sha1/sha1.c:227:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char digest[20];
data/moarvm-2020.10+dfsg/3rdparty/sha1/sha1.c:235:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(c,"%02X", digest[i*4+j]);
data/moarvm-2020.10+dfsg/3rdparty/sha1/sha1.h:14:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char buffer[64];
data/moarvm-2020.10+dfsg/3rdparty/sha1/sha1.h:21:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void SHA1_Digest(SHA1Context* context, unsigned char digest[SHA1_DIGEST_SIZE]);
data/moarvm-2020.10+dfsg/src/6model/reprs/CArray.c:125:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dest_body->storage, src_body->storage, alsize);
data/moarvm-2020.10+dfsg/src/6model/reprs/CStruct.c:619:29:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                            memcpy((char *)body->cstruct + repr_data->struct_offsets[slot],
data/moarvm-2020.10+dfsg/src/6model/reprs/Decoder.c:237:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(copy, output, output_size);
data/moarvm-2020.10+dfsg/src/6model/reprs/MVMCallCapture.c:27:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(args, src_body->apc->args, arg_size);
data/moarvm-2020.10+dfsg/src/6model/reprs/MVMContext.c:325:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(new_traversals, ctx->body.traversals, ctx->body.num_traversals);
data/moarvm-2020.10+dfsg/src/6model/reprs/MVMMultiCache.c:272:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new_head, cache->node_hash_head, cache->cache_memory_size);
data/moarvm-2020.10+dfsg/src/6model/reprs/MVMMultiCache.c:320:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(new_results, cache->results, cache->num_results * sizeof(MVMObject *));
data/moarvm-2020.10+dfsg/src/6model/reprs/MVMStaticFrame.c:42:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dest_body->bytecode, src_body->bytecode, src_body->bytecode_size);
data/moarvm-2020.10+dfsg/src/6model/reprs/MVMStaticFrame.c:53:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(local_types, src_body->local_types, sizeof(MVMuint16) * src_body->num_locals);
data/moarvm-2020.10+dfsg/src/6model/reprs/MVMStaticFrame.c:64:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(lexical_types, src_body->lexical_types,
data/moarvm-2020.10+dfsg/src/6model/reprs/MVMStaticFrame.c:102:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dest_body->static_env, src_body->static_env, src_body->env_size);
data/moarvm-2020.10+dfsg/src/6model/reprs/MVMStaticFrame.c:104:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dest_body->static_env_flags, src_body->static_env_flags, src_body->num_lexicals);
data/moarvm-2020.10+dfsg/src/6model/reprs/MVMStaticFrame.c:124:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dest_body->handlers, src_body->handlers,
data/moarvm-2020.10+dfsg/src/6model/reprs/MVMString.c:32:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(dest_body->storage.blob_32, src_body->storage.blob_32,
data/moarvm-2020.10+dfsg/src/6model/reprs/MVMString.c:40:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(dest_body->storage.blob_8, src_body->storage.blob_8,
data/moarvm-2020.10+dfsg/src/6model/reprs/MVMString.c:46:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(dest_body->storage.strands, src_body->storage.strands,
data/moarvm-2020.10+dfsg/src/6model/reprs/MultiDimArray.c:219:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dest_body->dimensions, src_body->dimensions, dim_size);
data/moarvm-2020.10+dfsg/src/6model/reprs/MultiDimArray.c:220:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dest_body->slots.any, src_body->slots.any, data_size);
data/moarvm-2020.10+dfsg/src/6model/reprs/MultiDimArray.c:680:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(body->dimensions, dimensions, num_dimensions * sizeof(MVMint64));
data/moarvm-2020.10+dfsg/src/6model/reprs/NFA.c:205:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(new_edges + 1, body->states[s], num_orig_edges * sizeof(MVMNFAStateInfo));
data/moarvm-2020.10+dfsg/src/6model/reprs/NativeCall.c:38:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dest_body->arg_types, src_body->arg_types, src_body->num_args * sizeof(MVMint16));
data/moarvm-2020.10+dfsg/src/6model/reprs/P6opaque.c:1329:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(new, old, STABLE(obj)->size - sizeof(MVMObject));
data/moarvm-2020.10+dfsg/src/6model/reprs/VMArray.c:57:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(dest_body->slots.any, copy_start, mem_size);
data/moarvm-2020.10+dfsg/src/6model/reprs/VMArray.c:819:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( d_body->slots.u8 + (d_start + d_offset) * d_repr_data->elem_size,
data/moarvm-2020.10+dfsg/src/6model/reprs/VMArray.c:898:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(body->slots.u8 + (start + offset) * repr_data->elem_size, from, count);
data/moarvm-2020.10+dfsg/src/6model/reprs/VMArray.c:911:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(((char*)&result)
data/moarvm-2020.10+dfsg/src/6model/serialization.c:227:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer + offset, &value, 4);
data/moarvm-2020.10+dfsg/src/6model/serialization.c:235:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer + offset, &value, 2);
data/moarvm-2020.10+dfsg/src/6model/serialization.c:243:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buffer + offset, &value, 8);
data/moarvm-2020.10+dfsg/src/6model/serialization.c:339:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(*(writer->cur_write_buffer) + *(writer->cur_write_offset), string, len);
data/moarvm-2020.10+dfsg/src/6model/serialization.c:385:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buffer + offset, &value, 8);
data/moarvm-2020.10+dfsg/src/6model/serialization.c:398:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buffer + offset, (char *)&value + 8 - rest, rest);
data/moarvm-2020.10+dfsg/src/6model/serialization.c:401:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buffer + offset, &value, rest);
data/moarvm-2020.10+dfsg/src/6model/serialization.c:842:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(output + offset, writer->root.dependencies_table,
data/moarvm-2020.10+dfsg/src/6model/serialization.c:849:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(output + offset, writer->root.stables_table,
data/moarvm-2020.10+dfsg/src/6model/serialization.c:855:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(output + offset, writer->root.stables_data,
data/moarvm-2020.10+dfsg/src/6model/serialization.c:862:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(output + offset, writer->root.objects_table,
data/moarvm-2020.10+dfsg/src/6model/serialization.c:868:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(output + offset, writer->root.objects_data,
data/moarvm-2020.10+dfsg/src/6model/serialization.c:875:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(output + offset, writer->root.closures_table,
data/moarvm-2020.10+dfsg/src/6model/serialization.c:882:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(output + offset, writer->root.contexts_table,
data/moarvm-2020.10+dfsg/src/6model/serialization.c:888:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(output + offset, writer->root.contexts_data,
data/moarvm-2020.10+dfsg/src/6model/serialization.c:895:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(output + offset, writer->root.repos_table,
data/moarvm-2020.10+dfsg/src/6model/serialization.c:902:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(output + offset, writer->root.param_interns_data,
data/moarvm-2020.10+dfsg/src/6model/serialization.c:1480:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&value, buffer + offset, 8);
data/moarvm-2020.10+dfsg/src/6model/serialization.c:1490:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&value, buffer + offset, 4);
data/moarvm-2020.10+dfsg/src/6model/serialization.c:1499:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&value, buffer + offset, 2);
data/moarvm-2020.10+dfsg/src/6model/serialization.c:1509:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&value, buffer + offset, 8);
data/moarvm-2020.10+dfsg/src/6model/serialization.c:1636:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&result, read_at, 8);
data/moarvm-2020.10+dfsg/src/6model/serialization.c:1659:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(write_to, read_at, need);
data/moarvm-2020.10+dfsg/src/6model/serialization.c:1689:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&result, read_at, need);
data/moarvm-2020.10+dfsg/src/6model/serialization.c:1741:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(strbuf, read_at, len);
data/moarvm-2020.10+dfsg/src/6model/serialization.c:3291:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char          output[80];
data/moarvm-2020.10+dfsg/src/core/args.c:72:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(flags, src_flags, fsize * sizeof(MVMCallsiteEntry));
data/moarvm-2020.10+dfsg/src/core/args.c:106:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(args, frame->params.args, arg_size);
data/moarvm-2020.10+dfsg/src/core/bytecode.c:86:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dest, src, size);
data/moarvm-2020.10+dfsg/src/core/bytecode.c:361:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(operand_descriptor, pos, 8);
data/moarvm-2020.10+dfsg/src/core/bytecodedump.c:7:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char string[line_length];
data/moarvm-2020.10+dfsg/src/core/bytecodedump.c:22:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(*out + *length, string, len);
data/moarvm-2020.10+dfsg/src/core/bytecodedump.c:146:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(tmp_extop_info.operands, r.operand_descriptor, 8);
data/moarvm-2020.10+dfsg/src/core/callsite.c:116:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(copy->arg_flags, cs->arg_flags, cs->flag_count);
data/moarvm-2020.10+dfsg/src/core/callsite.c:123:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(copy->arg_names, cs->arg_names, num_named * sizeof(MVMString *));
data/moarvm-2020.10+dfsg/src/core/coerce.c:176:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char temp[20];
data/moarvm-2020.10+dfsg/src/core/coerce.c:203:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/moarvm-2020.10+dfsg/src/core/coerce.c:217:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(blob, buffer, len);
data/moarvm-2020.10+dfsg/src/core/coerce.c:229:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[20];
data/moarvm-2020.10+dfsg/src/core/coerce.c:243:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(blob, buffer, len);
data/moarvm-2020.10+dfsg/src/core/coerce.c:265:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[64];
data/moarvm-2020.10+dfsg/src/core/coerce.c:271:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(blob, buf, len);
data/moarvm-2020.10+dfsg/src/core/compunit.c:115:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(new_callsites, cu->body.callsites, orig_size);
data/moarvm-2020.10+dfsg/src/core/compunit.c:149:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(new_strings, cu->body.strings, orig_size);
data/moarvm-2020.10+dfsg/src/core/ext.c:160:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(entry->info.operands, operands, num_operands);
data/moarvm-2020.10+dfsg/src/core/fixedsizealloc.c:229:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(allocd, p, new_bin > old_bin ? old_bytes : new_bytes);
data/moarvm-2020.10+dfsg/src/core/fixedsizealloc.c:243:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new_p, (char *)p, new_bytes > old_bytes ? old_bytes : new_bytes);
data/moarvm-2020.10+dfsg/src/core/fixedsizealloc.c:254:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(allocd, p, new_bin > old_bin ? old_bytes : new_bytes);
data/moarvm-2020.10+dfsg/src/core/fixedsizealloc.c:296:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char command[128];
data/moarvm-2020.10+dfsg/src/core/fixedsizealloc.c:344:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char command[128]; snprintf(&command, 128, "check_memory defined %p %lu", dbg, bytes + 8); VALGRIND_MONITOR_COMMAND(command);
data/moarvm-2020.10+dfsg/src/core/frame.c:208:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(frame->env, static_frame->body.static_env, static_frame->body.env_size);
data/moarvm-2020.10+dfsg/src/core/frame.c:320:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(frame->work, static_frame_body->work_initial,
data/moarvm-2020.10+dfsg/src/core/frame.c:374:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(frame->work, static_frame_body->work_initial,
data/moarvm-2020.10+dfsg/src/core/frame.c:430:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char *waste[7] = { frame_cuuid, outer_cuuid, frame_outer_cuuid, NULL, NULL, NULL, NULL };
data/moarvm-2020.10+dfsg/src/core/frame.c:671:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(
data/moarvm-2020.10+dfsg/src/core/frame.c:779:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(
data/moarvm-2020.10+dfsg/src/core/frame.c:1820:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(new->arg_flags + 1, orig->arg_flags, fsize);
data/moarvm-2020.10+dfsg/src/core/instance.h:368:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char     *lib_path[8];
data/moarvm-2020.10+dfsg/src/core/interp.c:6745:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(backup_interp_jump, tc->interp_jump, sizeof(jmp_buf));
data/moarvm-2020.10+dfsg/src/core/interp.c:6765:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(tc->interp_jump, backup_interp_jump, sizeof(jmp_buf));
data/moarvm-2020.10+dfsg/src/core/loadbytecode.c:47:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data_start, (MVMuint8 *)(((MVMArray *)buf)->body.slots.i8 + ((MVMArray *)buf)->body.start), data_size);
data/moarvm-2020.10+dfsg/src/core/loadbytecode.c:71:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data_start, (MVMuint8 *)(((MVMArray *)buf)->body.slots.i8 + ((MVMArray *)buf)->body.start), data_size);
data/moarvm-2020.10+dfsg/src/core/nativecall.c:401:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[32];
data/moarvm-2020.10+dfsg/src/core/nativecall.c:415:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(node->u.call.args, args, num_args * sizeof(MVMJitCallArg));
data/moarvm-2020.10+dfsg/src/core/nativecall_libffi.c:242:44:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                args[i - 1].i64 = *(signed char *)cb_args[i - 1];
data/moarvm-2020.10+dfsg/src/core/nativecall_libffi.c:265:79:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                args[i - 1].o = MVM_nativecall_make_str(tc, type, typeinfo, *(char **)cb_args[i - 1]);
data/moarvm-2020.10+dfsg/src/core/nativecall_libffi.c:304:46:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                args[i - 1].i64 = *(unsigned char *)cb_args[i - 1];
data/moarvm-2020.10+dfsg/src/core/nativecall_libffi.c:710:81:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    MVM_6model_container_assign_i(tc, value, (MVMint64)*(signed char *)*(void **)values[i]);
data/moarvm-2020.10+dfsg/src/core/nativecall_libffi.c:731:83:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    MVM_6model_container_assign_i(tc, value, (MVMint64)*(unsigned char *)*(void **)values[i]);
data/moarvm-2020.10+dfsg/src/core/str_hash_table.c:246:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(new_entry, old_entry, hashtable->entry_size);
data/moarvm-2020.10+dfsg/src/core/str_hash_table.c:454:26:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                    char open;
data/moarvm-2020.10+dfsg/src/core/str_hash_table.c:475:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                                open, len, close, key, c_key);
data/moarvm-2020.10+dfsg/src/core/str_hash_table.c:486:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                                    open, len, close, key,
data/moarvm-2020.10+dfsg/src/core/str_hash_table.c:494:37:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
                                    open, len, close, key,
data/moarvm-2020.10+dfsg/src/core/vector.h:69:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(MVM_VECTOR_TOP(x), ar, _l * sizeof(x[0])); \
data/moarvm-2020.10+dfsg/src/core/vector.h:76:28:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        if (buf != NULL) { memcpy(buf, (x) + _o, _l * sizeof(x[0])); } \
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:452:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[24] = "MOARVM-REMOTE-DEBUG\0";
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:467:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[24];
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:2389:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dump[1024];
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:2502:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char key_str[16];
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:2668:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char portstr[16];
data/moarvm-2020.10+dfsg/src/gc/collect.c:289:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(new_addr, item, item->size);
data/moarvm-2020.10+dfsg/src/gc/collect.c:327:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(new_addr, item, item->size);
data/moarvm-2020.10+dfsg/src/gc/gen2.c:245:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(
data/moarvm-2020.10+dfsg/src/instrument/line_coverage.c:310:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char composed_line[256];
data/moarvm-2020.10+dfsg/src/io/asyncsocket.c:480:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char addrstr[INET6_ADDRSTRLEN + 1];
data/moarvm-2020.10+dfsg/src/io/asyncsocketudp.c:35:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char addrstr[INET6_ADDRSTRLEN + 1];
data/moarvm-2020.10+dfsg/src/io/dirops.c:15:30:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
     const int         len = MultiByteToWideChar(CP_UTF8, 0, str, -1, NULL, 0);
data/moarvm-2020.10+dfsg/src/io/dirops.c:18:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
     MultiByteToWideChar(CP_UTF8, 0, str, -1, result, len);
data/moarvm-2020.10+dfsg/src/io/dirops.c:76:9:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        wchar_t  abs_dirname[4096]; /* 4096 should be enough for absolute path */
data/moarvm-2020.10+dfsg/src/io/dirops.c:91:9:  [2] (buffer) wcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer. Risk is low because the source is a constant string.
        wcscpy(wpathname, L"\\\\?\\");
data/moarvm-2020.10+dfsg/src/io/dirops.c:131:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[MAX_PATH];
data/moarvm-2020.10+dfsg/src/io/dirops.c:135:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[PATH_MAX];
data/moarvm-2020.10+dfsg/src/io/dirops.c:226:13:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            wchar_t  abs_dirname[4096]; /* 4096 should be enough for absolute path */
data/moarvm-2020.10+dfsg/src/io/dirops.c:241:13:  [2] (buffer) wcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer. Risk is low because the source is a constant string.
            wcscpy(dir_name, L"\\\\?\\");
data/moarvm-2020.10+dfsg/src/io/dirops.c:249:9:  [2] (buffer) wcscat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Risk is low because the source is a constant string.
        wcscat(dir_name, L"\\*");     /* Three characters are for the "\*" plus NULL appended.
data/moarvm-2020.10+dfsg/src/io/dirops.c:294:5:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    TCHAR dir[MAX_PATH];
data/moarvm-2020.10+dfsg/src/io/fileops.c:350:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(new_path, lib_path[lib_path_i], lib_path_len);
data/moarvm-2020.10+dfsg/src/io/fileops.c:353:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(new_path + lib_path_len + 1, orig_cstr, orig_len);
data/moarvm-2020.10+dfsg/src/io/fileops.c:356:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(new_path + lib_path_len, orig_cstr, orig_len);
data/moarvm-2020.10+dfsg/src/io/procops.c:27:31:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
     const int          len = MultiByteToWideChar(acp, 0, str, -1, NULL, 0);
data/moarvm-2020.10+dfsg/src/io/procops.c:30:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
     MultiByteToWideChar(acp, 0, str, -1, (LPWSTR)result, len);
data/moarvm-2020.10+dfsg/src/io/signals.c:123:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char const * const SIG_WANTED[NUM_SIG_WANTED] = {
data/moarvm-2020.10+dfsg/src/io/syncfile.c:19:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define open _open
data/moarvm-2020.10+dfsg/src/io/syncfile.c:214:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(data->output_buffer + data->output_buffer_used, buf, bytes);
data/moarvm-2020.10+dfsg/src/io/syncsocket.c:108:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(*buf, data->last_packet + data->last_packet_start, bytes);
data/moarvm-2020.10+dfsg/src/io/syncsocket.c:138:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(*buf, use_last_packet + use_last_packet_start, last_available);
data/moarvm-2020.10+dfsg/src/io/syncsocket.c:139:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(*buf + last_available, data->last_packet, bytes - last_available);
data/moarvm-2020.10+dfsg/src/io/syncsocket.c:161:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(*buf, data->last_packet, bytes);
data/moarvm-2020.10+dfsg/src/io/syncsocket.c:170:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(*buf, use_last_packet + use_last_packet_start, bytes);
data/moarvm-2020.10+dfsg/src/io/syncsocket.c:288:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  port_cstr[8];
data/moarvm-2020.10+dfsg/src/io/syncsocket.c:401:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(address, result->ai_addr, address_len);
data/moarvm-2020.10+dfsg/src/io/syncsocket.c:586:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char hostname[UV_MAXHOSTNAMESIZE];
data/moarvm-2020.10+dfsg/src/jit/compile.c:12:38:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define COPY_ARRAY(a, n) ((n) > 0) ? memcpy(MVM_malloc((n) * sizeof(a[0])), a, (n) * sizeof(a[0])) : NULL;
data/moarvm-2020.10+dfsg/src/jit/compile.c:132:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char symbol_name[1024];
data/moarvm-2020.10+dfsg/src/jit/compile.c:203:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(code->local_types, jg->sg->local_types, sizeof(MVMuint16)*sg_num_locals);
data/moarvm-2020.10+dfsg/src/jit/compile.c:205:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(code->local_types, code->sf->body.local_types, sizeof(MVMuint16)*sg_num_locals);
data/moarvm-2020.10+dfsg/src/jit/dump.c:6:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[1024];
data/moarvm-2020.10+dfsg/src/jit/dump.c:32:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char indent[64];
data/moarvm-2020.10+dfsg/src/jit/dump.c:33:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char nargs[80];
data/moarvm-2020.10+dfsg/src/jit/dump.c:45:18:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            j += sprintf(nargs + j, ", ");
data/moarvm-2020.10+dfsg/src/jit/dump.c:73:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char node_label[80];
data/moarvm-2020.10+dfsg/src/jit/expr.h:22:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
#define MVM_STATIC_ASSERT(x) typedef char __ASSERT[(x)?1:-1]
data/moarvm-2020.10+dfsg/src/jit/graph.c:46:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(node->u.call.args, call_args, args_size);
data/moarvm-2020.10+dfsg/src/jit/linear_scan.c:452:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(live_in, _BITMAP(_SUCC(j, 0)),
data/moarvm-2020.10+dfsg/src/main.c:149:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char  *lib_path[8];
data/moarvm-2020.10+dfsg/src/main.c:255:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char path[256];
data/moarvm-2020.10+dfsg/src/math/bigintops.c:893:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(i_cpy, i, sizeof(mp_int));
data/moarvm-2020.10+dfsg/src/math/bigintops.c:918:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(buf, s->body.storage.blob_8, sizeof(MVMGrapheme8) * s->body.num_graphs);
data/moarvm-2020.10+dfsg/src/moar.c:277:33:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        instance->spesh_limit = atoi(spesh_limit);
data/moarvm-2020.10+dfsg/src/moar.c:311:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char perf_map_filename[32];
data/moarvm-2020.10+dfsg/src/moar.c:322:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char tmpdir[1024];
data/moarvm-2020.10+dfsg/src/moar.c:342:62:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    instance->jit_expr_last_frame = jit_last_frame != NULL ? atoi(jit_last_frame) : -1;
data/moarvm-2020.10+dfsg/src/moar.c:343:62:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    instance->jit_expr_last_bb    =    jit_last_bb != NULL ? atoi(jit_last_bb) : -1;
data/moarvm-2020.10+dfsg/src/moar.c:414:46:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
                instance->coverage_control = atoi(coverage_control);
data/moarvm-2020.10+dfsg/src/platform/io.h:11:27:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define MVM_platform_open open
data/moarvm-2020.10+dfsg/src/platform/io.h:12:28:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define MVM_platform_fopen fopen
data/moarvm-2020.10+dfsg/src/platform/win32/io.c:14:30:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
     const int         len = MultiByteToWideChar(CP_UTF8, 0, str, -1, NULL, 0);
data/moarvm-2020.10+dfsg/src/platform/win32/io.c:17:6:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
     MultiByteToWideChar(CP_UTF8, 0, str, -1, result, len);
data/moarvm-2020.10+dfsg/src/platform/win32/io.c:57:9:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        wchar_t  abs_wpathname[4096]; /* 4096 should be enough for absolute path */
data/moarvm-2020.10+dfsg/src/platform/win32/io.c:72:9:  [2] (buffer) wcscpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using a function version that stops copying at the end
  of the buffer. Risk is low because the source is a constant string.
        wcscpy(wpathname, L"\\\\?\\");
data/moarvm-2020.10+dfsg/src/profiler/configuration.c:515:67:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
    MVMuint8 debug_level = getenv("MVM_CONFPROG_DEBUG") != NULL ? atoi(getenv("MVM_CONFPROG_DEBUG")) : 0;
data/moarvm-2020.10+dfsg/src/profiler/configuration.c:588:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(confprog->bytecode, array_contents, bytecode_size);
data/moarvm-2020.10+dfsg/src/profiler/configuration.c:590:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(confprog->entrypoints, entrypoint_array, sizeof(entrypoint_array));
data/moarvm-2020.10+dfsg/src/profiler/configuration.c:717:39:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                        *((void **)(((char *)reg_base[REGISTER_STRUCT_ACCUMULATOR].any) + GET_UI16(cur_op, 10)));
data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c:64:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char *waste[2] = {path, NULL};
data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c:316:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char anon_with_repr[256] = {0};
data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c:836:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char filename[1024] = {0};
data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c:893:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char namebuf[8] = {0};
data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c:894:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(namebuf, name, 8);
data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c:978:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char typename[8] = "strings\0";
data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c:995:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(result_buffer_insert_pos, &output_size, sizeof(MVMuint32));
data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c:998:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(result_buffer_insert_pos, str, output_size);
data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c:1220:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char text[9] = {0};
data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c:1732:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char typename[8] = "filemeta";
data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c:1780:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char typename[8] = "snapmeta";
data/moarvm-2020.10+dfsg/src/spesh/candidate.c:174:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(new_candidate_list, spesh->body.spesh_candidates, orig_size);
data/moarvm-2020.10+dfsg/src/spesh/codegen.c:47:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ws->bytecode + ws->bytecode_pos, &value, 8);
data/moarvm-2020.10+dfsg/src/spesh/codegen.c:52:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ws->bytecode + ws->bytecode_pos, &value, 4);
data/moarvm-2020.10+dfsg/src/spesh/codegen.c:57:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ws->bytecode + ws->bytecode_pos, &value, 2);
data/moarvm-2020.10+dfsg/src/spesh/codegen.c:62:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ws->bytecode + ws->bytecode_pos, &value, 1);
data/moarvm-2020.10+dfsg/src/spesh/codegen.c:67:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ws->bytecode + ws->bytecode_pos, &value, 4);
data/moarvm-2020.10+dfsg/src/spesh/codegen.c:72:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ws->bytecode + ws->bytecode_pos, &value, 8);
data/moarvm-2020.10+dfsg/src/spesh/codegen.c:352:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ws->handlers, g->handlers, hanlen);
data/moarvm-2020.10+dfsg/src/spesh/codegen.c:383:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((ws->bytecode + ws->fixup_locations[i]),
data/moarvm-2020.10+dfsg/src/spesh/deopt.c:50:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(uf->work, f->work + cand->inlines[i].locals_start,
data/moarvm-2020.10+dfsg/src/spesh/deopt.c:53:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(uf->env, f->env + cand->inlines[i].lexicals_start,
data/moarvm-2020.10+dfsg/src/spesh/dump.c:17:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ds->buffer + ds->pos, to_add, len);
data/moarvm-2020.10+dfsg/src/spesh/facts.c:420:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(g->log_guards, orig_log_guards,
data/moarvm-2020.10+dfsg/src/spesh/graph.c:806:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(new_pred, tgt->pred, tgt->num_pred * sizeof(MVMSpeshBB *));
data/moarvm-2020.10+dfsg/src/spesh/graph.c:946:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(new_children, target->children, target->num_children * sizeof(MVMSpeshBB *));
data/moarvm-2020.10+dfsg/src/spesh/graph.c:974:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(new_df, target->df, target->num_df * sizeof(MVMSpeshBB *));
data/moarvm-2020.10+dfsg/src/spesh/graph.c:1355:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(g->spesh_slots, cand->spesh_slots, sizeof(MVMCollectable *) * g->num_spesh_slots);
data/moarvm-2020.10+dfsg/src/spesh/inline.c:29:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(new_extops, target_cu->body.extops, orig_size);
data/moarvm-2020.10+dfsg/src/spesh/inline.c:30:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&new_extops[target_cu->body.num_extops], &extops[i], sizeof(MVMExtOpRecord));
data/moarvm-2020.10+dfsg/src/spesh/inline.c:446:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(new_handlers, inliner->handlers,
data/moarvm-2020.10+dfsg/src/spesh/inline.c:773:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(merged_facts, inliner->facts,
data/moarvm-2020.10+dfsg/src/spesh/inline.c:775:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(merged_facts + inliner->num_locals, inlinee->facts,
data/moarvm-2020.10+dfsg/src/spesh/inline.c:780:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(merged_fact_counts, inliner->fact_counts,
data/moarvm-2020.10+dfsg/src/spesh/inline.c:782:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(merged_fact_counts + inliner->num_locals, inlinee->fact_counts,
data/moarvm-2020.10+dfsg/src/spesh/inline.c:820:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(inliner->deopt_addrs + inliner->num_deopt_addrs * 2,
data/moarvm-2020.10+dfsg/src/spesh/inline.c:832:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(inliner->inlines + inliner->num_inlines, inlinee->inlines,
data/moarvm-2020.10+dfsg/src/spesh/inline.c:882:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(inliner->local_types, inliner->sf->body.local_types, local_types_size);
data/moarvm-2020.10+dfsg/src/spesh/inline.c:887:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(inliner->local_types + inliner->num_locals,
data/moarvm-2020.10+dfsg/src/spesh/inline.c:893:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(inliner->lexical_types, inliner->sf->body.lexical_types, lexical_types_size);
data/moarvm-2020.10+dfsg/src/spesh/inline.c:898:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(inliner->lexical_types + inliner->num_lexicals,
data/moarvm-2020.10+dfsg/src/spesh/inline.c:906:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(new_uh, inlinee->unreachable_handlers,
data/moarvm-2020.10+dfsg/src/spesh/inline.c:910:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(new_uh + inlinee->num_handlers + 1, inliner->unreachable_handlers, inliner->num_handlers);
data/moarvm-2020.10+dfsg/src/spesh/inline.c:922:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(inliner->handlers, inlinee->handlers,
data/moarvm-2020.10+dfsg/src/spesh/iterator.c:11:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(to, from, sizeof(MVMSpeshIterator));
data/moarvm-2020.10+dfsg/src/spesh/manipulate.c:205:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(new_succ, bb->succ, bb->num_succ * sizeof(MVMSpeshBB *));
data/moarvm-2020.10+dfsg/src/spesh/manipulate.c:213:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(new_pred, succ->pred, succ->num_pred * sizeof(MVMSpeshBB *));
data/moarvm-2020.10+dfsg/src/spesh/manipulate.c:280:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(new_temps, g->temps, g->num_temps * sizeof(MVMSpeshTemporary));
data/moarvm-2020.10+dfsg/src/spesh/manipulate.c:292:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new_fact_row, g->facts[orig],
data/moarvm-2020.10+dfsg/src/spesh/manipulate.c:312:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(new_fact_row, g->facts[orig],
data/moarvm-2020.10+dfsg/src/spesh/manipulate.c:344:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(g->local_types, g->sf->body.local_types, local_types_size);
data/moarvm-2020.10+dfsg/src/spesh/manipulate.c:352:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new_facts, g->facts, g->num_locals * sizeof(MVMSpeshFacts *));
data/moarvm-2020.10+dfsg/src/spesh/manipulate.c:353:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(new_fact_counts, g->fact_counts, g->num_locals * sizeof(MVMuint16));
data/moarvm-2020.10+dfsg/src/spesh/optimize.c:219:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(ins->operands, orig_o, 3 * sizeof(MVMSpeshOperand));
data/moarvm-2020.10+dfsg/src/spesh/optimize.c:2687:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(target_facts->log_guards + insert_pos, cur_operand_facts->log_guards,
data/moarvm-2020.10+dfsg/src/spesh/osr.c:44:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(new_work, tc->cur_frame->work,
data/moarvm-2020.10+dfsg/src/spesh/osr.c:46:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(new_args, tc->cur_frame->args,
data/moarvm-2020.10+dfsg/src/spesh/osr.c:71:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(new_env, tc->cur_frame->env,
data/moarvm-2020.10+dfsg/src/spesh/plan.c:74:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(result, to_copy, stats_size);
data/moarvm-2020.10+dfsg/src/spesh/plugin.c:148:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(result->guards, base_guards->guards,
data/moarvm-2020.10+dfsg/src/spesh/plugin.c:164:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(result->guards, base_guards->guards,
data/moarvm-2020.10+dfsg/src/spesh/stats.c:235:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(oss->type_tuples[found].arg_types, info->arg_types, tt_size);
data/moarvm-2020.10+dfsg/src/strings/ascii.c:164:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(result, str->body.storage.blob_ascii, lengthu);
data/moarvm-2020.10+dfsg/src/strings/ascii.c:187:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(result + i, repl_bytes, repl_length);
data/moarvm-2020.10+dfsg/src/strings/decode_stream.c:242:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(result->body.storage.blob_32 + result_found,
data/moarvm-2020.10+dfsg/src/strings/decode_stream.c:249:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(result->body.storage.blob_32 + result_found,
data/moarvm-2020.10+dfsg/src/strings/decode_stream.c:267:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(result->body.storage.blob_32 + result_found,
data/moarvm-2020.10+dfsg/src/strings/decode_stream.c:490:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(result->body.storage.blob_32 + pos, cur_chars->chars + ds->chars_head_pos,
data/moarvm-2020.10+dfsg/src/strings/decode_stream.c:495:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(result->body.storage.blob_32 + pos, cur_chars->chars,
data/moarvm-2020.10+dfsg/src/strings/decode_stream.c:570:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(*buf + taken, cur_bytes->bytes + ds->bytes_head_pos, available);
data/moarvm-2020.10+dfsg/src/strings/decode_stream.c:581:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(*buf + taken, cur_bytes->bytes + ds->bytes_head_pos, required);
data/moarvm-2020.10+dfsg/src/strings/gb18030.c:292:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(result, str->body.storage.blob_ascii, lengthu);
data/moarvm-2020.10+dfsg/src/strings/gb2312.c:231:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(result, str->body.storage.blob_ascii, lengthu);
data/moarvm-2020.10+dfsg/src/strings/latin1.c:164:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(result, str->body.storage.blob_ascii, lengthu);
data/moarvm-2020.10+dfsg/src/strings/latin1.c:188:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(result + i, repl_bytes, repl_length);
data/moarvm-2020.10+dfsg/src/strings/nfg.c:62:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(new_next_codes, current->next_codes, the_size);
data/moarvm-2020.10+dfsg/src/strings/nfg.c:158:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(new_synthetics, nfg->synthetics, orig_size);
data/moarvm-2020.10+dfsg/src/strings/nfg.c:202:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(synth->codes, codes, (synth->num_codes * sizeof(MVMCodepoint)));
data/moarvm-2020.10+dfsg/src/strings/ops.c:52:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            sprintf(result, "WARNING synth has less than 2 codes");
data/moarvm-2020.10+dfsg/src/strings/ops.c:72:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char *waste[2] = { out, NULL };
data/moarvm-2020.10+dfsg/src/strings/ops.c:174:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(
data/moarvm-2020.10+dfsg/src/strings/ops.c:221:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&gi, gi_orig, sizeof(MVMGraphemeIter));
data/moarvm-2020.10+dfsg/src/strings/ops.c:276:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(
data/moarvm-2020.10+dfsg/src/strings/ops.c:320:21:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                    memcpy(
data/moarvm-2020.10+dfsg/src/strings/ops.c:363:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(graphs_so_far + result->body.storage.BLOB_TYPE, \
data/moarvm-2020.10+dfsg/src/strings/ops.c:1910:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(
data/moarvm-2020.10+dfsg/src/strings/parse_num.c:180:86:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static int match_word(MVMThreadContext *tc,  MVMCodepointIter *ci, MVMCodepoint *cp, char word[3], MVMString *s) {
data/moarvm-2020.10+dfsg/src/strings/shiftjis.c:47:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(result, str->body.storage.blob_ascii, lengthu);
data/moarvm-2020.10+dfsg/src/strings/siphash/csiphash.h:189:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&in_64, in, sizeof(uint64_t));
data/moarvm-2020.10+dfsg/src/strings/siphash/test.c:68:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[16] = {0,1,2,3,4,5,6,7,8,9,0xa,0xb,0xc,0xd,0xe,0xf};
data/moarvm-2020.10+dfsg/src/strings/siphash/test.c:128:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char key[16] = {0,1,2,3,4,5,6,7,8,9,0xa,0xb,0xc,0xd,0xe,0xf};
data/moarvm-2020.10+dfsg/src/strings/siphash/test.c:133:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(plaintext_32, plaintext, 64);
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:12274:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *codepoint_names[55009] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:100161:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *Decomp_Spec_enums[5725] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:105889:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *Joining_Group_enums[102] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:106418:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *Block_enums[301] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:106722:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *East_Asian_Width_enums[6] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:106731:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *Numeric_Value_enums[143] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:106877:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *Script_enums[153] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:107033:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *Numeric_Value_Numerator_enums[101] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:107137:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *NFC_QC_enums[3] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:107143:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *Canonical_Combining_Class_enums[56] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:107202:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *Line_Break_enums[43] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:107248:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *Age_enums[23] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:107274:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *Bidi_Class_enums[23] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:107300:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *Decomposition_Type_enums[18] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:107321:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *General_Category_enums[30] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:107354:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *Numeric_Value_Denominator_enums[20] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:107377:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *Word_Break_enums[19] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:107399:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *Grapheme_Cluster_Break_enums[14] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:107416:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *Sentence_Break_enums[15] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:107434:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *Hangul_Syllable_Type_enums[6] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:107443:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *Joining_Type_enums[6] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:107452:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *NFG_QC_enums[3] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:107458:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *NFKC_QC_enums[3] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_db.c:107464:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char *Numeric_Type_enums[4] = {
data/moarvm-2020.10+dfsg/src/strings/unicode_ops.c:472:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(buffer->codes_out, buffer->codes, sizeof(MVMCodepoint) * buffer->codes_out_count);
data/moarvm-2020.10+dfsg/src/strings/unicode_ops.c:683:15:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        const char *prefixes[prefixes_len] = {
data/moarvm-2020.10+dfsg/src/strings/utf16.c:390:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(result_pos, repl_bytes, repl_length);
data/moarvm-2020.10+dfsg/src/strings/utf8.c:597:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(result + result_pos, repl_bytes, repl_length);
data/moarvm-2020.10+dfsg/src/strings/utf8.c:628:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(result, utf8_string, output_size);
data/moarvm-2020.10+dfsg/src/strings/utf8_c8.c:440:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(state.norm), &(ds->norm), sizeof(MVMNormalizer));
data/moarvm-2020.10+dfsg/src/strings/utf8_c8.c:448:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(state.orig_codes, saved + 1, saved[0] * sizeof(MVMCodepoint));
data/moarvm-2020.10+dfsg/src/strings/utf8_c8.c:588:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&(ds->norm), &(state.norm), sizeof(MVMNormalizer));
data/moarvm-2020.10+dfsg/src/strings/utf8_c8.c:595:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(saved + 1, state.orig_codes + state.orig_codes_unnormalized,
data/moarvm-2020.10+dfsg/src/strings/utf8_c8.c:621:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(*result + *result_pos, repl_bytes, repl_length);
data/moarvm-2020.10+dfsg/src/strings/utf8_c8.c:709:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(result, utf8_string, output_size);
data/moarvm-2020.10+dfsg/src/strings/windows1252.c:593:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(result, str->body.storage.blob_ascii, lengthu);
data/moarvm-2020.10+dfsg/src/strings/windows1252.c:623:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(result + pos, repl_bytes, repl_length);
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:220:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  return ctx->read(ctx, x, sizeof(uint8_t));
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:236:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &floor, sizeof(uint8_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:422:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &u8temp, sizeof(uint8_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:429:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &u16temp, sizeof(uint16_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:436:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &u32temp, sizeof(uint32_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:443:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &u8temp, sizeof(uint8_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:450:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &u16temp, sizeof(uint16_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:457:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &u32temp, sizeof(uint32_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:509:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &u8temp, sizeof(uint8_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:516:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &u16temp, sizeof(uint16_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:523:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &u32temp, sizeof(uint32_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:530:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &u16temp, sizeof(uint16_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:537:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &u32temp, sizeof(uint32_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:544:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &u16temp, sizeof(uint16_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:551:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &u32temp, sizeof(uint32_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:592:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &obj->as.u8, sizeof(uint8_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:598:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &obj->as.u16, sizeof(uint16_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:605:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &obj->as.u32, sizeof(uint32_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:612:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &obj->as.u64, sizeof(uint64_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:619:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &obj->as.s8, sizeof(int8_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:625:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &obj->as.s16, sizeof(int16_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:632:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &obj->as.s32, sizeof(int32_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:639:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &obj->as.s64, sizeof(int64_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:649:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, bytes, 4)) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:660:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, bytes, 8)) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:685:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &obj->as.ext.type, sizeof(int8_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:692:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &obj->as.ext.type, sizeof(int8_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:699:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &obj->as.ext.type, sizeof(int8_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:706:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &obj->as.ext.type, sizeof(int8_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:713:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &obj->as.ext.type, sizeof(int8_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:723:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &obj->as.ext.type, sizeof(int8_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:732:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &obj->as.ext.type, sizeof(int8_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:742:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, &obj->as.ext.type, sizeof(int8_t))) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:756:53:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
void cmp_init(cmp_ctx_t *ctx, void *buf, cmp_reader read,
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:761:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  ctx->read = read;
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:2310:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (!ctx->read(ctx, data, str_size)) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:2350:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (!ctx->read(ctx, data, bin_size)) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:2414:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (ctx->read(ctx, data, 1))
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:2440:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (ctx->read(ctx, data, 2))
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:2466:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (ctx->read(ctx, data, 4))
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:2492:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (ctx->read(ctx, data, 8))
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:2518:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (ctx->read(ctx, data, 16))
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:2546:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (ctx->read(ctx, data, *size))
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:2574:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (ctx->read(ctx, data, *size))
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:2602:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (ctx->read(ctx, data, *size))
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:2637:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  if (ctx->read(ctx, data, *size))
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:3318:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, data, str_size)) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.c:3344:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      if (!ctx->read(ctx, data, bin_size)) {
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.h:100:16:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  cmp_reader   read;
data/moarvm-2020.10+dfsg/3rdparty/cmp/cmp.h:131:53:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
void cmp_init(cmp_ctx_t *ctx, void *buf, cmp_reader read,
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/buf.c:326:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
  strncpy(buf->data + buf->cursor, string, length + 1);
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/buf.c:466:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t length = strlen(d);
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/buf.c:477:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t length = strlen(s);
data/moarvm-2020.10+dfsg/3rdparty/cmp/test/utils.c:51:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  char *out = calloc(strlen(s) + 1, sizeof(char));
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:592:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define luaS_new(L,s)(luaS_newlstr(L,s,strlen(s)))
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:733:1:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
strncpy(out,source+1,bufflen);
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:741:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(source);
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:742:1:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
strcpy(out,"");
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:755:1:  [1] (buffer) strncat:
  Easily used incorrectly (e.g., incorrectly computing the correct maximum
  size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
  or automatically resizing strings.
strncat(out,source,len);
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:4823:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len=strlen(l);
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:5540:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
lua_pushlstring(L,s,strlen(s));
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:5960:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
*len=(def?strlen(def):0);
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:6035:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(e==NULL)e=fname+strlen(fname);
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:6157:3:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
c=getc(lf.f);
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:6160:10:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
while((c=getc(lf.f))!=EOF&&c!='\n');
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:6161:14:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
if(c=='\n')c=getc(lf.f);
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:6166:10:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
while((c=getc(lf.f))!=EOF&&c!="\033Lua"[0]);
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:6772:7:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
int c=getc(f);
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:6787:3:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(p);
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:7568:1:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
strncpy(form,strfrmt,p-strfrmt+1);
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:7574:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l=strlen(form);
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:7576:1:  [1] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant character.
strcpy(form+l-1,"l");
data/moarvm-2020.10+dfsg/3rdparty/dynasm/minilua.c:7641:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
luaL_addlstring(&b,buff,strlen(buff));
data/moarvm-2020.10+dfsg/src/6model/reprs/CArray.c:244:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                (char *)data, strlen((char *)data));
data/moarvm-2020.10+dfsg/src/6model/reprs/CPPStruct.c:495:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                        cobj, strlen(cobj));
data/moarvm-2020.10+dfsg/src/6model/reprs/CStruct.c:521:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                            cobj, strlen(cobj));
data/moarvm-2020.10+dfsg/src/6model/reprs/CUnion.c:456:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                            cobj, strlen(cobj));
data/moarvm-2020.10+dfsg/src/6model/reprs/Decoder.c:315:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    MVMint64 read;
data/moarvm-2020.10+dfsg/src/6model/reprs/Decoder.c:340:43:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ((MVMArray *)result)->body.ssize    = read;
data/moarvm-2020.10+dfsg/src/6model/reprs/Decoder.c:341:43:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ((MVMArray *)result)->body.elems    = read;
data/moarvm-2020.10+dfsg/src/6model/reprs/NativeCall.c:27:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        dest_body->lib_name = MVM_malloc(strlen(src_body->lib_name) + 1);
data/moarvm-2020.10+dfsg/src/6model/serialization.c:180:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(s);
data/moarvm-2020.10+dfsg/src/6model/serialization.c:333:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        len = strlen(string);
data/moarvm-2020.10+dfsg/src/core/bytecodedump.c:15:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(string);
data/moarvm-2020.10+dfsg/src/core/coerce.c:269:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            MVMStringIndex len = strlen(buf);
data/moarvm-2020.10+dfsg/src/core/exceptions.c:615:96:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                MVMString *line_str = MVM_string_utf8_decode(tc, tc->instance->VMString, line, strlen(line));
data/moarvm-2020.10+dfsg/src/core/hll.c:74:85:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    MVMString *key = MVM_string_utf8_decode((tc), (tc)->instance->VMString, (name), strlen((name))); \
data/moarvm-2020.10+dfsg/src/core/hll.c:79:85:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    MVMString *key = MVM_string_utf8_decode((tc), (tc)->instance->VMString, (name), strlen((name))); \
data/moarvm-2020.10+dfsg/src/core/interp.c:5671:39:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                        double_memory read;
data/moarvm-2020.10+dfsg/src/core/interp.c:5672:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                        read.u = REPR(buf)->pos_funcs.read_buf(tc, STABLE(buf),
data/moarvm-2020.10+dfsg/src/core/interp.c:5675:29:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                            read.u = switch_endian(read.u, size);
data/moarvm-2020.10+dfsg/src/core/interp.c:5675:52:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                            read.u = switch_endian(read.u, size);
data/moarvm-2020.10+dfsg/src/core/interp.c:5677:50:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                        GET_REG(cur_op, 0).n64 = read.d;
data/moarvm-2020.10+dfsg/src/core/interp.c:5681:38:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                        float_memory read;
data/moarvm-2020.10+dfsg/src/core/interp.c:5682:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                        read.u = (MVMuint32)REPR(buf)->pos_funcs.read_buf(tc, STABLE(buf),
data/moarvm-2020.10+dfsg/src/core/interp.c:5685:29:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                            read.u = switch_endian(read.u, size);
data/moarvm-2020.10+dfsg/src/core/interp.c:5685:52:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                            read.u = switch_endian(read.u, size);
data/moarvm-2020.10+dfsg/src/core/interp.c:5687:50:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                        GET_REG(cur_op, 0).n64 = read.f;
data/moarvm-2020.10+dfsg/src/core/nativecall.c:144:86:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                value = MVM_string_ascii_decode(tc, tc->instance->VMString, cstring, strlen(cstring));
data/moarvm-2020.10+dfsg/src/core/nativecall.c:147:85:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                value = MVM_string_utf8_decode(tc, tc->instance->VMString, cstring, strlen(cstring));
data/moarvm-2020.10+dfsg/src/core/nativecall.c:150:86:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                value = MVM_string_utf16_decode(tc, tc->instance->VMString, cstring, strlen(cstring));
data/moarvm-2020.10+dfsg/src/core/threads.c:357:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(c_name) > 0 && pthread_setname_np(pthread_self(), c_name) == 0) {
data/moarvm-2020.10+dfsg/src/core/threads.c:360:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            if (strlen(c_name) == 0) {
data/moarvm-2020.10+dfsg/src/core/uni_hash_table.c:192:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    MVMuint32 hash_val = MVM_uni_hash_code(key, strlen(key));
data/moarvm-2020.10+dfsg/src/core/uni_hash_table.c:213:57:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            MVMuint32 hash_val = MVM_uni_hash_code(key, strlen(key));
data/moarvm-2020.10+dfsg/src/core/uni_hash_table_funcs.h:52:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    MVMuint32 hash_val = MVM_uni_hash_code(key, strlen(key));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:196:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(found->filename, filename, filename_len);
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:454:47:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    MVMuint16 *verptr = (MVMuint16 *)(&buffer[strlen("MOARVM-REMOTE-DEBUG") + 1]);
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:840:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cmp_write_str(ctx, tmp1, tmp1 ? strlen(tmp1) : 0);
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:845:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            cmp_write_str(ctx, filename_c, strlen(filename_c));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:849:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cmp_write_str(ctx, name_c, name_c ? strlen(name_c) : 0);
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:851:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cmp_write_str(ctx, debugname, strlen(debugname));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:918:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cmp_write_map(ctx, 5 + (threadname != NULL && strlen(threadname)));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:935:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (threadname != NULL && strlen(threadname)) {
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:937:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            cmp_write_str(ctx, threadname, strlen(threadname));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:1008:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    MVM_debugserver_register_line(tc, argument->file, strlen(argument->file), argument->line, &index);
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:1088:55:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    MVM_debugserver_register_line(tc, argument->file, strlen(argument->file), argument->line, &index);
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:1316:86:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    method_name = MVM_string_utf8_decode(tc, tc->instance->VMString, argument->name, strlen(argument->name));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:1433:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cmp_write_str(ctx, c_key_name, strlen(c_key_name));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:1452:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cmp_write_str(ctx, debugname, strlen(debugname));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:1477:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                cmp_write_str(ctx, c_value, strlen(c_value));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:1688:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                cmp_write_str(ctx, name, strlen(name));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:1691:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                cmp_write_str(ctx, class_name, strlen(class_name));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:1700:70:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                cmp_write_str(ctx, value_debug_name, strlen(value_debug_name));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:1720:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                cmp_write_str(ctx, name, strlen(name));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:1723:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                cmp_write_str(ctx, class_name, strlen(class_name));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:1746:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                            cmp_write_str(ctx, str, strlen(str));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:1813:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cmp_write_str(ctx, text, strlen(text));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:1838:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cmp_write_str(ctx, text, strlen(text));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:1923:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            cmp_write_str(ctx, debugname, strlen(debugname));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:1982:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cmp_write_str(ctx, name, strlen(name));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:1984:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cmp_write_str(ctx, cuuid, strlen(cuuid));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:2045:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cmp_write_str(ctx, value, strlen(value));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:2133:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    cmp_write_str(ctx, REPR(target)->name, strlen(REPR(target)->name));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:2138:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        cmp_write_str(ctx, debug_name, strlen(debug_name));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:2188:58:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    cmp_write_str(ctx, value_debug_name, strlen(value_debug_name));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:2209:49:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    cmp_write_str(ctx, c_value, strlen(c_value));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:2259:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            cmp_write_str(ctx, key, strlen(key));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:2267:50:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            cmp_write_str(ctx, value_debug_name, strlen(value_debug_name));
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:2292:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    ssize_t read;
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:2307:37:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            fprintf(stderr, "%zu ", read);
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:2308:45:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        data = (void *)(((MVMuint8*)data) + read);
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:2309:31:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        total_read += (size_t)read;
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:2606:24:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            CHECK(ctx->read(ctx, string, strsize), "Couldn't read string for a key");
data/moarvm-2020.10+dfsg/src/debug/debugserver.c:2750:66:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                cmp_write_str(&ctx, argument.parse_fail_message, strlen(argument.parse_fail_message));
data/moarvm-2020.10+dfsg/src/instrument/line_coverage.c:61:61:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            MVM_debugserver_register_line(tc, filename_buf, strlen(filename_buf), line_number, &file_bp_idx);
data/moarvm-2020.10+dfsg/src/instrument/line_coverage.c:97:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    MVM_debugserver_register_line(tc, filename_buf, strlen(filename_buf), line_number, &file_bp_idx);
data/moarvm-2020.10+dfsg/src/io/dirops.c:72:19:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int str_len = wcslen(wpathname);
data/moarvm-2020.10+dfsg/src/io/dirops.c:89:20:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        str_len  = wcslen(abs_dirname);
data/moarvm-2020.10+dfsg/src/io/dirops.c:144:72:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return MVM_string_utf8_c8_decode(tc, tc->instance->VMString, path, strlen(path));
data/moarvm-2020.10+dfsg/src/io/dirops.c:223:19:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        str_len = wcslen(wname);
data/moarvm-2020.10+dfsg/src/io/dirops.c:239:24:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            str_len  = wcslen(abs_dirname);
data/moarvm-2020.10+dfsg/src/io/dirops.c:310:81:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        result = MVM_string_utf8_c8_decode(tc, tc->instance->VMString, dir_str, strlen(dir_str));
data/moarvm-2020.10+dfsg/src/io/dirops.c:316:74:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        result  = MVM_string_decode(tc, tc->instance->VMString, dir_str, strlen(dir_str),
data/moarvm-2020.10+dfsg/src/io/dirops.c:338:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen(entry->d_name), MVM_encoding_type_utf8_c8);
data/moarvm-2020.10+dfsg/src/io/fileops.c:243:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            int plen   = strlen(pext);
data/moarvm-2020.10+dfsg/src/io/fileops.c:344:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                size_t lib_path_len = strlen(lib_path[lib_path_i]);
data/moarvm-2020.10+dfsg/src/io/fileops.c:345:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                size_t orig_len     = strlen(orig_cstr);
data/moarvm-2020.10+dfsg/src/io/fileops.c:424:77:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    result = MVM_string_utf8_c8_decode(tc, tc->instance->VMString, req.ptr, strlen(req.ptr));
data/moarvm-2020.10+dfsg/src/io/filewatchers.c:22:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                tc->instance->VMString, filename, strlen(filename));
data/moarvm-2020.10+dfsg/src/io/io.c:397:56:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
int MVM_set_std_handle_to_nul(FILE *file, int fd, BOOL read, int std_handle_type) {
data/moarvm-2020.10+dfsg/src/io/io.c:426:36:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    if (freopen_s(&stream, "NUL:", read ? "r" : "w", file) != 0)
data/moarvm-2020.10+dfsg/src/io/io.h:117:56:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
int MVM_set_std_handle_to_nul(FILE* file, int fd, BOOL read, int std_handle_type);
data/moarvm-2020.10+dfsg/src/io/procops.c:93:88:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            MVMString    *str = MVM_string_utf8_c8_decode(tc, instance->VMString, env, strlen(env));
data/moarvm-2020.10+dfsg/src/io/procops.c:97:89:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            MVMString    *str = MVM_string_utf8_c8_decode(tc, instance->VMString, _env, strlen(_env));
data/moarvm-2020.10+dfsg/src/io/procops.c:131:21:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
        MVMROOT(tc, equal, { \
data/moarvm-2020.10+dfsg/src/io/procops.c:137:79:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
                env_str = MVM_string_concatenate(tc, MVM_iterkey_s(tc, iter), equal); \
data/moarvm-2020.10+dfsg/src/io/procops.c:1112:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            instance->exec_name, strlen(instance->exec_name));
data/moarvm-2020.10+dfsg/src/io/procops.c:1128:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                instance->prog_name, strlen(instance->prog_name));
data/moarvm-2020.10+dfsg/src/io/procops.c:1136:52:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    instance->VMString, raw_clarg, strlen(raw_clarg));
data/moarvm-2020.10+dfsg/src/io/signals.c:276:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    tc, instance->VMString, SIG_WANTED[i], strlen(SIG_WANTED[i])
data/moarvm-2020.10+dfsg/src/io/syncfile.c:21:9:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define read _read
data/moarvm-2020.10+dfsg/src/io/syncfile.c:144:22:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        bytes_read = read(data->fd, buf, bytes);
data/moarvm-2020.10+dfsg/src/main.c:112:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t str_len  = strlen(str);
data/moarvm-2020.10+dfsg/src/main.c:113:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t want_len = strlen(want);
data/moarvm-2020.10+dfsg/src/main.c:198:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            executable_name = argv[argi] + strlen("--execname=");
data/moarvm-2020.10+dfsg/src/main.c:207:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            lib_path[lib_path_i++] = argv[argi] + strlen("--libpath=");
data/moarvm-2020.10+dfsg/src/main.c:220:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                if (spesh_disable && strlen(spesh_disable) != 0) {
data/moarvm-2020.10+dfsg/src/main.c:222:43:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                } else if (jit_disable && strlen(jit_disable) != 0) {
data/moarvm-2020.10+dfsg/src/main.c:232:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                char *portstr = argv[argi] + strlen("--debug-port=");
data/moarvm-2020.10+dfsg/src/moar.c:38:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        MVMuint64 path_length = strlen(path);
data/moarvm-2020.10+dfsg/src/moar.c:297:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (!jit_expr_disable || strlen(jit_expr_disable) == 0)
data/moarvm-2020.10+dfsg/src/moar.c:478:88:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    MVMString *const str = MVM_string_utf8_c8_decode(tc, instance->VMString, filename, strlen(filename));
data/moarvm-2020.10+dfsg/src/moar.c:536:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    void *bytecode_start = MVM_memmem(block, size, (void *)needle, strlen(needle));
data/moarvm-2020.10+dfsg/src/moar.c:546:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t dumplen = strlen(dump);
data/moarvm-2020.10+dfsg/src/platform/random.c:75:35:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
        if (fd < 0 || (num_read = read(fd, out, size) <= 0)) {
data/moarvm-2020.10+dfsg/src/platform/sys.c:37:79:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            MVM_string_utf8_decode(tc, tc->instance->VMString, uname.sysname, strlen((char *)uname.sysname))
data/moarvm-2020.10+dfsg/src/platform/sys.c:43:79:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            MVM_string_utf8_decode(tc, tc->instance->VMString, uname.release, strlen((char *)uname.release))
data/moarvm-2020.10+dfsg/src/platform/sys.c:49:79:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            MVM_string_utf8_decode(tc, tc->instance->VMString, uname.version, strlen((char *)uname.version))
data/moarvm-2020.10+dfsg/src/platform/sys.c:55:79:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            MVM_string_utf8_decode(tc, tc->instance->VMString, uname.machine, strlen((char *)uname.machine))
data/moarvm-2020.10+dfsg/src/platform/win32/io.c:51:19:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int str_len = wcslen(wpathname);
data/moarvm-2020.10+dfsg/src/platform/win32/io.c:70:20:  [1] (buffer) wcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        str_len  = wcslen(abs_wpathname);
data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c:312:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(debug_name) != 0) {
data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c:986:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        MVMuint32 output_size = strlen(str);
data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c:1232:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant string.
        strncpy(text, "toc", 8);
data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c:1238:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(text, to_write->toc_words[i], 8);
data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c:1448:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        MVMuint64 output_size = strlen(str);
data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c:1462:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        MVMuint32 smaller_size = strlen(str);
data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c:1753:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size = strlen(metadata) + 1;
data/moarvm-2020.10+dfsg/src/profiler/heapsnapshot.c:1804:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size = strlen(metadata) + 1;
data/moarvm-2020.10+dfsg/src/profiler/instrument.c:576:64:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                                      pcn->native_target_name, strlen(pcn->native_target_name));
data/moarvm-2020.10+dfsg/src/profiler/telemeh.c:51:28:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command by
  the same name). The interaction of this function with SIGALRM and other
  timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
  unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#define MVM_sleep(ms) do { usleep(ms * 1000); } while (0)
data/moarvm-2020.10+dfsg/src/spesh/dump.c:10:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(to_add);
data/moarvm-2020.10+dfsg/src/spesh/manipulate.c:138:17:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                read.reg.i--;
data/moarvm-2020.10+dfsg/src/spesh/manipulate.c:139:55:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
                MVM_spesh_usages_delete_by_reg(tc, g, read, ins);
data/moarvm-2020.10+dfsg/src/spesh/usages.c:226:13:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            read.reg.i--;
data/moarvm-2020.10+dfsg/src/spesh/usages.c:227:49:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
            process_read(tc, state, g, bb, ins, read);
data/moarvm-2020.10+dfsg/src/strings/ascii.c:38:60:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return MVM_string_ascii_decode(tc, result_type, ascii, strlen(ascii));
data/moarvm-2020.10+dfsg/src/strings/normalize.c:309:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            char *end = spec + strlen(spec);
data/moarvm-2020.10+dfsg/src/strings/normalize.c:343:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        return !ccc_str || strlen(ccc_str) > 3 ? 0 : fast_atoi(ccc_str);
data/moarvm-2020.10+dfsg/src/strings/ops.c:47:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int this_len = strlen(format_str) + strlen(synthtype_str) + 6 + strlen(format_str2) + 11 + 1 + 11 + 1;
data/moarvm-2020.10+dfsg/src/strings/ops.c:47:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int this_len = strlen(format_str) + strlen(synthtype_str) + 6 + strlen(format_str2) + 11 + 1 + 11 + 1;
data/moarvm-2020.10+dfsg/src/strings/ops.c:47:73:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        int this_len = strlen(format_str) + strlen(synthtype_str) + 6 + strlen(format_str2) + 11 + 1 + 11 + 1;
data/moarvm-2020.10+dfsg/src/strings/ops.c:60:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        result = MVM_malloc(sizeof(char) * (strlen(picked) + 1));
data/moarvm-2020.10+dfsg/src/strings/ops.c:100:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                int out_size = strlen(orig_render) + strlen(renorm_render)
data/moarvm-2020.10+dfsg/src/strings/ops.c:100:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                int out_size = strlen(orig_render) + strlen(renorm_render)
data/moarvm-2020.10+dfsg/src/strings/ops.c:101:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    + strlen(varname) + strlen(format) + (5 * 7) + 1;
data/moarvm-2020.10+dfsg/src/strings/ops.c:101:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                    + strlen(varname) + strlen(format) + (5 * 7) + 1;
data/moarvm-2020.10+dfsg/src/strings/unicode_gen.h:21:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    MVMint16 strlen;
data/moarvm-2020.10+dfsg/src/strings/unicode_ops.c:692:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t cname_len = strlen((const char *) cname );
data/moarvm-2020.10+dfsg/src/strings/unicode_ops.c:695:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            size_t str_len = strlen(prefixes[i]);
data/moarvm-2020.10+dfsg/src/strings/unicode_ops.c:707:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                MVMint64 rtrn = strtol(cname + strlen(prefixes[i]), &reject, 16);
data/moarvm-2020.10+dfsg/src/strings/unicode_ops.c:744:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        name_len = strlen(name);
data/moarvm-2020.10+dfsg/src/strings/unicode_ops.c:759:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        name_len = strlen(name);
data/moarvm-2020.10+dfsg/src/strings/unicode_ops.c:802:69:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return MVM_string_ascii_decode(tc, tc->instance->VMString, str, strlen(str));
data/moarvm-2020.10+dfsg/src/strings/utf8_c8.c:223:14:  [1] (buffer) mismatch:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
        if (!mismatch) {

ANALYSIS SUMMARY:

Hits = 722
Lines analyzed = 291963 in approximately 13.70 seconds (21306 lines/second)
Physical Source Lines of Code (SLOC) = 264093
Hits@level = [0] 330 [1] 226 [2] 363 [3]  61 [4]  71 [5]   1
Hits@level+ = [0+] 1052 [1+] 722 [2+] 496 [3+] 133 [4+]  72 [5+]   1
Hits/KSLOC@level+ = [0+] 3.98345 [1+] 2.73389 [2+] 1.87813 [3+] 0.50361 [4+] 0.272631 [5+] 0.00378654
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.