Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/par2cmdline-0.8.1/src/crc.cpp
Examining data/par2cmdline-0.8.1/src/crc.h
Examining data/par2cmdline-0.8.1/src/creatorpacket.cpp
Examining data/par2cmdline-0.8.1/src/creatorpacket.h
Examining data/par2cmdline-0.8.1/src/criticalpacket.cpp
Examining data/par2cmdline-0.8.1/src/criticalpacket.h
Examining data/par2cmdline-0.8.1/src/datablock.cpp
Examining data/par2cmdline-0.8.1/src/datablock.h
Examining data/par2cmdline-0.8.1/src/descriptionpacket.cpp
Examining data/par2cmdline-0.8.1/src/descriptionpacket.h
Examining data/par2cmdline-0.8.1/src/diskfile.cpp
Examining data/par2cmdline-0.8.1/src/diskfile.h
Examining data/par2cmdline-0.8.1/src/filechecksummer.cpp
Examining data/par2cmdline-0.8.1/src/filechecksummer.h
Examining data/par2cmdline-0.8.1/src/galois.cpp
Examining data/par2cmdline-0.8.1/src/galois.h
Examining data/par2cmdline-0.8.1/src/letype.h
Examining data/par2cmdline-0.8.1/src/mainpacket.cpp
Examining data/par2cmdline-0.8.1/src/mainpacket.h
Examining data/par2cmdline-0.8.1/src/md5.cpp
Examining data/par2cmdline-0.8.1/src/md5.h
Examining data/par2cmdline-0.8.1/src/par1fileformat.cpp
Examining data/par2cmdline-0.8.1/src/par1fileformat.h
Examining data/par2cmdline-0.8.1/src/par1repairer.cpp
Examining data/par2cmdline-0.8.1/src/par1repairer.h
Examining data/par2cmdline-0.8.1/src/par1repairersourcefile.cpp
Examining data/par2cmdline-0.8.1/src/par1repairersourcefile.h
Examining data/par2cmdline-0.8.1/src/par2creator.cpp
Examining data/par2cmdline-0.8.1/src/par2creator.h
Examining data/par2cmdline-0.8.1/src/par2creatorsourcefile.cpp
Examining data/par2cmdline-0.8.1/src/par2creatorsourcefile.h
Examining data/par2cmdline-0.8.1/src/par2fileformat.cpp
Examining data/par2cmdline-0.8.1/src/par2fileformat.h
Examining data/par2cmdline-0.8.1/src/par2repairer.cpp
Examining data/par2cmdline-0.8.1/src/par2repairer.h
Examining data/par2cmdline-0.8.1/src/par2repairersourcefile.cpp
Examining data/par2cmdline-0.8.1/src/par2repairersourcefile.h
Examining data/par2cmdline-0.8.1/src/recoverypacket.cpp
Examining data/par2cmdline-0.8.1/src/recoverypacket.h
Examining data/par2cmdline-0.8.1/src/reedsolomon.cpp
Examining data/par2cmdline-0.8.1/src/reedsolomon.h
Examining data/par2cmdline-0.8.1/src/verificationhashtable.cpp
Examining data/par2cmdline-0.8.1/src/verificationhashtable.h
Examining data/par2cmdline-0.8.1/src/verificationpacket.cpp
Examining data/par2cmdline-0.8.1/src/verificationpacket.h
Examining data/par2cmdline-0.8.1/src/libpar2.cpp
Examining data/par2cmdline-0.8.1/src/libpar2.h
Examining data/par2cmdline-0.8.1/src/libpar2internal.h
Examining data/par2cmdline-0.8.1/src/par2cmdline.cpp
Examining data/par2cmdline-0.8.1/src/commandline.cpp
Examining data/par2cmdline-0.8.1/src/commandline.h
Examining data/par2cmdline-0.8.1/src/commandline_test.cpp
Examining data/par2cmdline-0.8.1/src/crc_test.cpp
Examining data/par2cmdline-0.8.1/src/criticalpacket_test.cpp
Examining data/par2cmdline-0.8.1/src/descriptionpacket_test.cpp
Examining data/par2cmdline-0.8.1/src/diskfile_test.cpp
Examining data/par2cmdline-0.8.1/src/galois_test.cpp
Examining data/par2cmdline-0.8.1/src/letype_test.cpp
Examining data/par2cmdline-0.8.1/src/libpar2_test.cpp
Examining data/par2cmdline-0.8.1/src/md5_test.cpp
Examining data/par2cmdline-0.8.1/src/reedsolomon_test.cpp
FINAL RESULTS:
data/par2cmdline-0.8.1/src/diskfile.cpp:727:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(work, curdir);
data/par2cmdline-0.8.1/src/diskfile.cpp:733:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(work, filename.c_str());
data/par2cmdline-0.8.1/src/libpar2internal.h:40:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf_s
data/par2cmdline-0.8.1/src/libpar2internal.h:41:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define sprintf sprintf_s
data/par2cmdline-0.8.1/src/par2creator.cpp:591:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filenameformat, "%%s.vol%%0%dd+%%0%dd.par2", (int) digitsLow, (int) digitsCount);
data/par2cmdline-0.8.1/src/par2creator.cpp:598:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(filename, sizeof(filename), filenameformat, parfilename.c_str(), fileallocations[filenumber].exponent, fileallocations[filenumber].count);
data/par2cmdline-0.8.1/src/crc_test.cpp:80:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(345087209);
data/par2cmdline-0.8.1/src/crc_test.cpp:124:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(113450911);
data/par2cmdline-0.8.1/src/crc_test.cpp:162:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(113450911);
data/par2cmdline-0.8.1/src/diskfile_test.cpp:264:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(345087209);
data/par2cmdline-0.8.1/src/diskfile_test.cpp:433:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(23461119);
data/par2cmdline-0.8.1/src/galois_test.cpp:141:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(345087209);
data/par2cmdline-0.8.1/src/galois_test.cpp:273:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(14531119);
data/par2cmdline-0.8.1/src/letype_test.cpp:83:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(113450911);
data/par2cmdline-0.8.1/src/letype_test.cpp:127:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(84395311);
data/par2cmdline-0.8.1/src/md5_test.cpp:198:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(345087209);
data/par2cmdline-0.8.1/src/reedsolomon_test.cpp:190:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(seed);
data/par2cmdline-0.8.1/src/commandline_test.cpp:409:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
par2file.open("foo.par2");
data/par2cmdline-0.8.1/src/commandline_test.cpp:413:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
par2file_bar.open("bar.par2");
data/par2cmdline-0.8.1/src/commandline_test.cpp:418:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input1.open("input1.txt");
data/par2cmdline-0.8.1/src/commandline_test.cpp:422:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input2.open("input2.txt");
data/par2cmdline-0.8.1/src/commandline_test.cpp:688:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input1.open("input1.txt");
data/par2cmdline-0.8.1/src/commandline_test.cpp:693:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input2.open("input2.txt");
data/par2cmdline-0.8.1/src/commandline_test.cpp:701:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv_for_defaults[5] = {"par2", "create", "foo.par2", "input1.txt", "input2.txt"};
data/par2cmdline-0.8.1/src/commandline_test.cpp:917:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dashinput2.open("-input2.txt");
data/par2cmdline-0.8.1/src/commandline_test.cpp:1292:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
par2file.open("foo.par2");
data/par2cmdline-0.8.1/src/commandline_test.cpp:1297:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input1.open("input1.txt");
data/par2cmdline-0.8.1/src/commandline_test.cpp:1302:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input2.open("input2.txt");
data/par2cmdline-0.8.1/src/commandline_test.cpp:1309:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv_for_defaults[5] = {"par2", "repair", "foo.par2", "input1.txt", "input2.txt"};
data/par2cmdline-0.8.1/src/commandline_test.cpp:1516:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dashpar2file.open("-foo.par2");
data/par2cmdline-0.8.1/src/commandline_test.cpp:1542:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dashinput2.open("-input2.txt");
data/par2cmdline-0.8.1/src/commandline_test.cpp:1651:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
par1file.open("bar.par");
data/par2cmdline-0.8.1/src/commandline_test.cpp:1700:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv_for_help[5] = {"par2", "--help"};
data/par2cmdline-0.8.1/src/commandline_test.cpp:1708:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv_for_h[5] = {"par2", "-h"};
data/par2cmdline-0.8.1/src/commandline_test.cpp:1716:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv_for_help2[5] = {"par2create", "--help"};
data/par2cmdline-0.8.1/src/commandline_test.cpp:1724:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv_for_version[5] = {"par2", "--version"};
data/par2cmdline-0.8.1/src/commandline_test.cpp:1732:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv_for_V[5] = {"par2", "-V"};
data/par2cmdline-0.8.1/src/commandline_test.cpp:1740:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv_for_VV[5] = {"par2", "-VV"};
data/par2cmdline-0.8.1/src/commandline_test.cpp:1748:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv_for_version2[5] = {"par2create", "--version"};
data/par2cmdline-0.8.1/src/crc_test.cpp:81:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[32*1024];
data/par2cmdline-0.8.1/src/crc_test.cpp:125:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[32*1024];
data/par2cmdline-0.8.1/src/crc_test.cpp:163:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[32*1024];
data/par2cmdline-0.8.1/src/creatorpacket.cpp:51:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet->client, creator.c_str(), creator.size());
data/par2cmdline-0.8.1/src/descriptionpacket.cpp:52:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet->name, filename.c_str(), filename.size());
data/par2cmdline-0.8.1/src/diskfile.cpp:318:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[MAX_PATH];
data/par2cmdline-0.8.1/src/diskfile.cpp:523:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(_filename.c_str(), "wb");
data/par2cmdline-0.8.1/src/diskfile.cpp:632:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename.c_str(), "rb");
data/par2cmdline-0.8.1/src/diskfile.cpp:713:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char curdir[PATH_MAX];
data/par2cmdline-0.8.1/src/diskfile.cpp:1000:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newname[_MAX_PATH+1];
data/par2cmdline-0.8.1/src/diskfile.cpp:1065:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[40];
data/par2cmdline-0.8.1/src/diskfile_test.cpp:38:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input1.open("input1.txt", ofstream::out | ofstream::binary);
data/par2cmdline-0.8.1/src/diskfile_test.cpp:44:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input2.open("input2.txt", ofstream::out | ofstream::binary);
data/par2cmdline-0.8.1/src/diskfile_test.cpp:211:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input1.open("input1.txt", ofstream::out | ofstream::binary);
data/par2cmdline-0.8.1/src/diskfile_test.cpp:509:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input1.open("input1.txt", ofstream::out | ofstream::binary);
data/par2cmdline-0.8.1/src/diskfile_test.cpp:562:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input1.open("input1.txt", ofstream::out | ofstream::binary);
data/par2cmdline-0.8.1/src/diskfile_test.cpp:568:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input2.open("input2.txt", ofstream::out | ofstream::binary);
data/par2cmdline-0.8.1/src/diskfile_test.cpp:598:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
input1.open("input1.txt", ofstream::out | ofstream::binary);
data/par2cmdline-0.8.1/src/libpar2internal.h:104:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memcpy(d, s, n) bcopy((s), (d), (n))
data/par2cmdline-0.8.1/src/libpar2internal.h:104:29: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memcpy(d, s, n) bcopy((s), (d), (n))
data/par2cmdline-0.8.1/src/libpar2internal.h:105:29: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define memove(d, s, n) bcopy((s), (d), (n))
data/par2cmdline-0.8.1/src/md5.cpp:35:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[33];
data/par2cmdline-0.8.1/src/md5.cpp:37:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,
data/par2cmdline-0.8.1/src/md5.cpp:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[33];
data/par2cmdline-0.8.1/src/md5.cpp:51:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,
data/par2cmdline-0.8.1/src/md5.cpp:239:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&block[used], current, have);
data/par2cmdline-0.8.1/src/md5.cpp:262:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&block[used], current, length);
data/par2cmdline-0.8.1/src/md5.cpp:330:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[50];
data/par2cmdline-0.8.1/src/md5.cpp:332:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,
data/par2cmdline-0.8.1/src/md5.cpp:343:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[50];
data/par2cmdline-0.8.1/src/md5.cpp:345:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,
data/par2cmdline-0.8.1/src/md5.h:109:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[buffersize];
data/par2cmdline-0.8.1/src/md5_test.cpp:199:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[32*1024];
data/par2cmdline-0.8.1/src/par1repairer.cpp:412:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)fileentry, (void*)current, sizeof(PAR1FILEENTRY));
data/par2cmdline-0.8.1/src/par1repairer.cpp:428:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void*)fileentry, (void*)current, (size_t)(u64)fileentry->entrysize);
data/par2cmdline-0.8.1/src/par2creator.cpp:563:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filenameformat[_MAX_PATH];
data/par2cmdline-0.8.1/src/par2creator.cpp:597:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[_MAX_PATH];
data/par2cmdline-0.8.1/src/commandline_test.cpp:377:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int len = strlen(arg);
data/par2cmdline-0.8.1/src/commandline_test.cpp:572:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int len = strlen(arg);
data/par2cmdline-0.8.1/src/commandline_test.cpp:962:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int longestfilelen = max(strlen(input1_contents), strlen(input2_contents));
data/par2cmdline-0.8.1/src/commandline_test.cpp:962:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int longestfilelen = max(strlen(input1_contents), strlen(input2_contents));
data/par2cmdline-0.8.1/src/commandline_test.cpp:1002:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
default_sourceblockcount += strlen(input1_contents)/default_blocksize;
data/par2cmdline-0.8.1/src/commandline_test.cpp:1003:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(input1_contents) % default_blocksize != 0)
data/par2cmdline-0.8.1/src/commandline_test.cpp:1005:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
default_sourceblockcount += strlen(input2_contents)/default_blocksize;
data/par2cmdline-0.8.1/src/commandline_test.cpp:1006:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(input2_contents) % default_blocksize != 0)
data/par2cmdline-0.8.1/src/commandline_test.cpp:1181:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int len = strlen(arg);
data/par2cmdline-0.8.1/src/descriptionpacket.cpp:77:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+strlen((const char*)packet->name));
data/par2cmdline-0.8.1/src/diskfile.cpp:726:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *work = new char[strlen(curdir) + filename.size() + 2];
data/par2cmdline-0.8.1/src/diskfile.cpp:731:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (work[strlen(work)-1] != '/')
data/par2cmdline-0.8.1/src/diskfile.cpp:732:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(work, "/");
data/par2cmdline-0.8.1/src/diskfile_test.cpp:58:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (DiskFile::GetFileSize("input1.txt") != strlen(input1_contents)) {
data/par2cmdline-0.8.1/src/diskfile_test.cpp:243:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (diskfile.FileSize() != strlen(input1_contents)) {
data/par2cmdline-0.8.1/src/diskfile_test.cpp:247:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t buffer_len = strlen(input1_contents)+1; // for end-of-string
data/par2cmdline-0.8.1/src/diskfile_test.cpp:273:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cout << " strlen=" << strlen(input1_contents) << endl;
data/par2cmdline-0.8.1/src/diskfile_test.cpp:327:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!diskfile.Create("input2.txt", strlen(input2_contents))) {
data/par2cmdline-0.8.1/src/diskfile_test.cpp:339:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (diskfile.FileSize() != strlen(input2_contents)) {
data/par2cmdline-0.8.1/src/diskfile_test.cpp:347:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!diskfile.Write(0, input2_contents, strlen(input2_contents))) {
data/par2cmdline-0.8.1/src/diskfile_test.cpp:431:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t buffer_len = strlen(input2_contents);
data/par2cmdline-0.8.1/src/diskfile_test.cpp:438:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!diskfile.Create("input2.txt", strlen(input2_contents))) {
data/par2cmdline-0.8.1/src/diskfile_test.cpp:471:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!diskfile.Open("input2.txt", strlen(input2_contents))) {
data/par2cmdline-0.8.1/src/diskfile_test.cpp:577:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cache.get("input1.txt") != strlen(input1_contents)) {
data/par2cmdline-0.8.1/src/diskfile_test.cpp:581:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cache.get("input2.txt") != strlen(input2_contents)) {
data/par2cmdline-0.8.1/src/diskfile_test.cpp:604:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (diskfile.Create("input1.txt", strlen(input1_contents))) {
data/par2cmdline-0.8.1/src/diskfile_test.cpp:625:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!diskfile.Create("input1.txt", strlen(input1_contents))) {
data/par2cmdline-0.8.1/src/diskfile_test.cpp:630:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!diskfile.Write(0, input1_contents, strlen(input1_contents), 2)) {
data/par2cmdline-0.8.1/src/diskfile_test.cpp:646:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t buffer_len = strlen(input1_contents)+1; // for end-of-string
data/par2cmdline-0.8.1/src/diskfile_test.cpp:674:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!diskfile.Create("input2.txt", strlen(input2_contents))) {
data/par2cmdline-0.8.1/src/diskfile_test.cpp:679:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t midpoint = strlen(input2_contents);
data/par2cmdline-0.8.1/src/diskfile_test.cpp:680:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!diskfile.Write(midpoint, input2_contents + midpoint, strlen(input2_contents) - midpoint, 3)) {
data/par2cmdline-0.8.1/src/diskfile_test.cpp:701:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t buffer_len = strlen(input2_contents)+1; // for end-of-string
data/par2cmdline-0.8.1/src/diskfile_test.cpp:707:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t midpoint = strlen(input2_contents) - 2;
data/par2cmdline-0.8.1/src/diskfile_test.cpp:708:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!diskfile.Read(midpoint, buffer + midpoint, strlen(input2_contents) - midpoint, 4)) {
data/par2cmdline-0.8.1/src/libpar2internal.h:80:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define NAMELEN(dirent) strlen((dirent)->d_name)
ANALYSIS SUMMARY:
Hits = 112
Lines analyzed = 20763 in approximately 0.43 seconds (48326 lines/second)
Physical Source Lines of Code (SLOC) = 13911
Hits@level = [0] 3 [1] 36 [2] 59 [3] 11 [4] 6 [5] 0
Hits@level+ = [0+] 115 [1+] 112 [2+] 76 [3+] 17 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 8.26684 [1+] 8.05118 [2+] 5.4633 [3+] 1.22205 [4+] 0.431313 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.