Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/nsf-2.3.0/win/nmakehlp.c
Examining data/nsf-2.3.0/library/mongodb/nsfmongo.c
Examining data/nsf-2.3.0/library/mongodb/mongoAPI.h
Examining data/nsf-2.3.0/generic/stubs8.5/nsfStubInit.c
Examining data/nsf-2.3.0/generic/stubs8.5/nsfDecls.h
Examining data/nsf-2.3.0/generic/stubs8.5/nsfIntDecls.h
Examining data/nsf-2.3.0/generic/nsfStack.c
Examining data/nsf-2.3.0/generic/nsfFunPtrHashTable.c
Examining data/nsf-2.3.0/generic/asm/asmExecuteTemplateCallThreading.c
Examining data/nsf-2.3.0/generic/asm/nsfAsmExecuteCallThreading.c
Examining data/nsf-2.3.0/generic/asm/asmExecuteTemplate.c
Examining data/nsf-2.3.0/generic/asm/asmAssembleTemplate.c
Examining data/nsf-2.3.0/generic/asm/nsfAsmAssemble.c
Examining data/nsf-2.3.0/generic/asm/asmExecuteTemplateLabelThreading.c
Examining data/nsf-2.3.0/generic/asm/nsfAsmExecuteLabelThreading.c
Examining data/nsf-2.3.0/generic/asm/nsfAssemble.c
Examining data/nsf-2.3.0/generic/asm/threaded.c
Examining data/nsf-2.3.0/generic/nsfUtil.c
Examining data/nsf-2.3.0/generic/nsfPointer.c
Examining data/nsf-2.3.0/generic/nsfObj.c
Examining data/nsf-2.3.0/generic/predefined.h
Examining data/nsf-2.3.0/generic/nsfCompile.c
Examining data/nsf-2.3.0/generic/nsf.h
Examining data/nsf-2.3.0/generic/nsfAPI.h
Examining data/nsf-2.3.0/generic/nsfEnumerationType.c
Examining data/nsf-2.3.0/generic/nsfDTrace.h
Examining data/nsf-2.3.0/generic/nsfCmdPtr.c
Examining data/nsf-2.3.0/generic/aolstub.c
Examining data/nsf-2.3.0/generic/nsfStubLib.c
Examining data/nsf-2.3.0/generic/nsfAccessInt.h
Examining data/nsf-2.3.0/generic/stubs8.6/nsfStubInit.c
Examining data/nsf-2.3.0/generic/stubs8.6/nsfDecls.h
Examining data/nsf-2.3.0/generic/stubs8.6/nsfIntDecls.h
Examining data/nsf-2.3.0/generic/nsfValgrind.c
Examining data/nsf-2.3.0/generic/stubs8.7/nsfStubInit.c
Examining data/nsf-2.3.0/generic/stubs8.7/nsfDecls.h
Examining data/nsf-2.3.0/generic/stubs8.7/nsfIntDecls.h
Examining data/nsf-2.3.0/generic/nsfError.c
Examining data/nsf-2.3.0/generic/nsfInt.h
Examining data/nsf-2.3.0/generic/nsfObjectData.c
Examining data/nsf-2.3.0/generic/nsfDebug.c
Examining data/nsf-2.3.0/generic/nsf.c
Examining data/nsf-2.3.0/generic/nsfCmdDefinitions.c
Examining data/nsf-2.3.0/generic/nsfProfile.c
Examining data/nsf-2.3.0/generic/nsfShadow.c
FINAL RESULTS:
data/nsf-2.3.0/generic/nsf.c:22938:58: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
nonnull(1) nonnull(2) nonnull(5) NSF_attribute_format((printf,5,6));
data/nsf-2.3.0/generic/nsf.h:441:55: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
NSF_nonnull(1) NSF_nonnull(3) NSF_attribute_format((printf,3,4));
data/nsf-2.3.0/generic/nsfError.c:106:12: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
result = vsnprintf(dsPtr->string + offset, (size_t)avail, fmt, argPtrCopy);
data/nsf-2.3.0/generic/nsfError.c:168:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
result = vsnprintf(dsPtr->string + offset, (size_t)avail, fmt, argPtrCopy);
data/nsf-2.3.0/generic/nsfInt.h:1385:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/nsf-2.3.0/generic/nsfPointer.c:80:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buffer, size, Tcl_DStringValue(dsPtr), (*counterPtr)++);
data/nsf-2.3.0/win/nmakehlp.c:38:11: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/nsf-2.3.0/win/nmakehlp.c:38:20: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/nsf-2.3.0/win/nmakehlp.c:237:5: [4] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
lstrcat(cmdline, option);
data/nsf-2.3.0/win/nmakehlp.c:371:5: [4] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
lstrcat(cmdline, option);
data/nsf-2.3.0/win/nmakehlp.c:656:6: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(szBuffer);
data/nsf-2.3.0/win/nmakehlp.c:245:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/nsf-2.3.0/win/nmakehlp.c:245:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/nsf-2.3.0/win/nmakehlp.c:373:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/nsf-2.3.0/win/nmakehlp.c:373:10: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
ok = CreateProcess(
data/nsf-2.3.0/generic/asm/nsfAssemble.c:355:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tov, objv, sizeof(Tcl_Obj *)*(objc));
data/nsf-2.3.0/generic/nsf.c:648:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dlPtr->data, &dlPtr->static_data[0], dlPtr->size * sizeof(dlPtr->data[0]));
data/nsf-2.3.0/generic/nsf.c:1007:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pcPtr->full_objv, &pcPtr->objv_static[0], sizeof(Tcl_Obj *) * PARSE_CONTEXT_PREALLOC);
data/nsf-2.3.0/generic/nsf.c:1008:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pcPtr->flags, &pcPtr->flags_static[0], sizeof(int) * PARSE_CONTEXT_PREALLOC);
data/nsf-2.3.0/generic/nsf.c:1025:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pcPtr->objv + from, source, sizeof(Tcl_Obj *) * (size_t)elts);
data/nsf-2.3.0/generic/nsf.c:1197:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tov+2, objv, sizeof(Tcl_Obj *) * ((size_t)objc - 2u));
data/nsf-2.3.0/generic/nsf.c:1253:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tov+3, objv, sizeof(Tcl_Obj *) * ((size_t)objc - 3u));
data/nsf-2.3.0/generic/nsf.c:1554:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tov+2, objv, sizeof(Tcl_Obj *) * (size_t)objc);
data/nsf-2.3.0/generic/nsf.c:7474:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1];
data/nsf-2.3.0/generic/nsf.c:13217:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[30];
data/nsf-2.3.0/generic/nsf.c:13220:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, "substdefault", (size_t)len);
data/nsf-2.3.0/generic/nsf.c:13223:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + len + 1, "=0b", 3u);
data/nsf-2.3.0/generic/nsf.c:13239:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option[10] = "....";
data/nsf-2.3.0/generic/nsf.c:16161:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tov + 3, objv + 1, sizeof(Tcl_Obj *) * ((size_t)objc - 1u));
data/nsf-2.3.0/generic/nsf.c:18886:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ttPtr, trtPtr, sizeof(Tcl_Time));
data/nsf-2.3.0/generic/nsf.c:20204:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)nobjv, cscPtr->objv, sizeof(Tcl_Obj *) * (size_t)methodNameLength);
data/nsf-2.3.0/generic/nsf.c:20225:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nobjv + methodNameLength, objv == NULL ? cscPtr->objv : objv, sizeof(Tcl_Obj *) * (size_t)objc);
data/nsf-2.3.0/generic/nsf.c:20793:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[LONG_AS_STRING];
data/nsf-2.3.0/generic/nsf.c:23419:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ov, objv, sizeof(Tcl_Obj *) * (size_t)objc);
data/nsf-2.3.0/generic/nsf.c:23493:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ov+outputArg, objv+inputArg, sizeof(Tcl_Obj *) * ((size_t)objc - (size_t)inputArg));
data/nsf-2.3.0/generic/nsf.c:27361:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char trailer[3] = "...";
data/nsf-2.3.0/generic/nsf.c:27362:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[NSF_DEBUG_SHOW_BYTES*2u + sizeof(trailer) + 1u];
data/nsf-2.3.0/generic/nsf.c:27742:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
NSF_DTRACE_CONFIGURE_PROBE((char *)Nsf_Configureoption[option-1],
data/nsf-2.3.0/generic/nsf.c:32980:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(xov+3, objv, sizeof(Tcl_Obj *) * (size_t)objc);
data/nsf-2.3.0/generic/nsf.c:33249:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ov+3, trailingObjv, sizeof(Tcl_Obj *) * (size_t)trailingObjc);
data/nsf-2.3.0/generic/nsfFunPtrHashTable.c:130:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&existingValue, &hPtr->key.oneWordValue, sizeof(Nsf_AnyFun *));
data/nsf-2.3.0/generic/nsfFunPtrHashTable.c:166:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hPtr->key.oneWordValue, &value, sizeof(Nsf_AnyFun *));
data/nsf-2.3.0/generic/nsfInt.h:750:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *methodNames[NSF_s_set_idx+2];
data/nsf-2.3.0/generic/nsfInt.h:753:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char protected[NSF_s_set_idx+2];
data/nsf-2.3.0/generic/nsfObj.c:113:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstMcPtr, srcMcPtr, sizeof(NsfMethodContext));
data/nsf-2.3.0/generic/nsfObj.c:256:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstPtr, srcPtr, sizeof(NsfFlag));
data/nsf-2.3.0/generic/nsfObj.c:402:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstPtr, srcPtr, sizeof(Mixinreg));
data/nsf-2.3.0/generic/nsfObj.c:685:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstPtr, srcPtr, sizeof(Filterreg));
data/nsf-2.3.0/generic/nsfShadow.c:532:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ov+1, objv+1, sizeof(Tcl_Obj *) * ((size_t)objc - 1u));
data/nsf-2.3.0/generic/nsfUtil.c:104:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[LONG_AS_STRING], *pointer = &tmp[1], *string, *p;
data/nsf-2.3.0/generic/nsfUtil.c:164:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char chartable[255] = {0};
data/nsf-2.3.0/generic/nsfUtil.c:193:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(currentChar, iss->buffer, iss->bufSize);
data/nsf-2.3.0/library/mongodb/nsfmongo.c:202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oidhex[25];
data/nsf-2.3.0/library/mongodb/nsfmongo.c:285:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[BSON_DECIMAL128_STRING];
data/nsf-2.3.0/library/mongodb/nsfmongo.c:681:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char channelName[80];
data/nsf-2.3.0/library/mongodb/nsfmongo.c:808:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/nsf-2.3.0/library/mongodb/nsfmongo.c:1286:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/nsf-2.3.0/library/mongodb/nsfmongo.c:1347:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/nsf-2.3.0/library/mongodb/nsfmongo.c:1429:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/nsf-2.3.0/library/mongodb/nsfmongo.c:1511:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(value, O_RDONLY);
data/nsf-2.3.0/library/mongodb/nsfmongo.c:1649:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/nsf-2.3.0/win/nmakehlp.c:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STATICBUFFERSIZE];
data/nsf-2.3.0/win/nmakehlp.c:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/nsf-2.3.0/win/nmakehlp.c:188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/nsf-2.3.0/win/nmakehlp.c:191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[100];
data/nsf-2.3.0/win/nmakehlp.c:231:5: [2] (buffer) lstrcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
lstrcpy(cmdline, "cl.exe -nologo -c -TC -Zs -X -Fp.\\_junk.pch ");
data/nsf-2.3.0/win/nmakehlp.c:243:5: [2] (buffer) lstrcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
lstrcat(cmdline, " .\\nul");
data/nsf-2.3.0/win/nmakehlp.c:322:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[300];
data/nsf-2.3.0/win/nmakehlp.c:325:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline[100];
data/nsf-2.3.0/win/nmakehlp.c:365:5: [2] (buffer) lstrcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
lstrcpy(cmdline, "link.exe -nologo ");
data/nsf-2.3.0/win/nmakehlp.c:486:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szBuffer[100];
data/nsf-2.3.0/win/nmakehlp.c:488:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(filename, "rt");
data/nsf-2.3.0/win/nmakehlp.c:519:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szBuffer, p, q - p);
data/nsf-2.3.0/win/nmakehlp.c:594:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szBuffer[1024], szCopy[1024];
data/nsf-2.3.0/win/nmakehlp.c:599:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "rt");
data/nsf-2.3.0/win/nmakehlp.c:606:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sp = fopen(substitutions, "rt");
data/nsf-2.3.0/win/nmakehlp.c:653:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szBuffer, szCopy, sizeof(szCopy));
data/nsf-2.3.0/win/nmakehlp.c:677:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szCwd[MAX_PATH + 1];
data/nsf-2.3.0/win/nmakehlp.c:678:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTmp[MAX_PATH + 1];
data/nsf-2.3.0/generic/nsf.c:1721:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = string + strlen(string);
data/nsf-2.3.0/generic/nsf.c:3672:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
objNameLength = strlen(methodName) - strlen(procName) - 2;
data/nsf-2.3.0/generic/nsf.c:3672:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
objNameLength = strlen(methodName) - strlen(procName) - 2;
data/nsf-2.3.0/generic/nsf.c:4810:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLength = (int)strlen(varName);
data/nsf-2.3.0/generic/nsf.c:5020:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLength = (int)strlen(varName);
data/nsf-2.3.0/generic/nsf.c:6729:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(n);
data/nsf-2.3.0/generic/nsf.c:6932:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *n = nameString + strlen(nameString);
data/nsf-2.3.0/generic/nsf.c:10702:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ObjStr(guardObj)) > 0) {
data/nsf-2.3.0/generic/nsf.c:12670:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(nameString);
data/nsf-2.3.0/generic/nsf.c:17599:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(stringTypeOpts[i]) == optionLength) {
data/nsf-2.3.0/generic/nsf.c:17704:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(argString);
data/nsf-2.3.0/generic/nsf.c:17899:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
converterNameObj = ParamCheckObj(paramPtr->type, strlen(paramPtr->type));
data/nsf-2.3.0/generic/nsf.c:27368:7: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buffer, trailer, sizeof(buffer) - strlen(buffer) - 1);
data/nsf-2.3.0/generic/nsf.c:27368:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buffer, trailer, sizeof(buffer) - strlen(buffer) - 1);
data/nsf-2.3.0/generic/nsf.c:29224:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(methodName);
data/nsf-2.3.0/generic/nsf.c:29294:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ObjStr(nameObj)) == 0) {
data/nsf-2.3.0/generic/nsfInt.h:246:82: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
# define STRING_NEW(target, p, l) {char *tempValue = ckalloc((unsigned)(l)+1u); strncpy((tempValue), (p), (l)+1u); *((tempValue)+(l)) = '\0'; target = tempValue; MEM_COUNT_ALLOC(#target, (target));}
data/nsf-2.3.0/generic/nsfPointer.c:122:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(prefix, key, strlen(prefix)) == 0) {
data/nsf-2.3.0/generic/nsfUtil.c:67:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needle_len = strlen(needle);
data/nsf-2.3.0/library/mongodb/nsfmongo.c:396:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int keyLength = (int)strlen(name);
data/nsf-2.3.0/library/mongodb/nsfmongo.c:404:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bson_append_utf8(bbPtr, name, keyLength, string, (int)strlen(string));
data/nsf-2.3.0/library/mongodb/nsfmongo.c:1519:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t n = read(fd, iov.iov_base, MONGOC_GRIDFS_READ_CHUNK);
data/nsf-2.3.0/library/mongodb/nsfmongo.c:1536:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mongoc_iovec_t iov = { (char *)value, strlen(value) };
data/nsf-2.3.0/win/nmakehlp.c:504:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(match);
data/nsf-2.3.0/win/nmakehlp.c:650:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
op += strlen(p->key);
ANALYSIS SUMMARY:
Hits = 104
Lines analyzed = 57405 in approximately 1.44 seconds (39960 lines/second)
Physical Source Lines of Code (SLOC) = 32800
Hits@level = [0] 228 [1] 25 [2] 64 [3] 4 [4] 11 [5] 0
Hits@level+ = [0+] 332 [1+] 104 [2+] 79 [3+] 15 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 10.122 [1+] 3.17073 [2+] 2.40854 [3+] 0.457317 [4+] 0.335366 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.