Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/racket-7.8+dfsg1/share/pkgs/mzscheme-lib/mzscheme/examples/bitmatrix.c Examining data/racket-7.8+dfsg1/share/pkgs/mzscheme-lib/mzscheme/examples/catch.c Examining data/racket-7.8+dfsg1/share/pkgs/mzscheme-lib/mzscheme/examples/curses.c Examining data/racket-7.8+dfsg1/share/pkgs/mzscheme-lib/mzscheme/examples/fmod.c Examining data/racket-7.8+dfsg1/share/pkgs/mzscheme-lib/mzscheme/examples/hello.c Examining data/racket-7.8+dfsg1/share/pkgs/mzscheme-lib/mzscheme/examples/helloprint.c Examining data/racket-7.8+dfsg1/share/pkgs/mzscheme-lib/mzscheme/examples/idmodule.c Examining data/racket-7.8+dfsg1/share/pkgs/mzscheme-lib/mzscheme/examples/makeadder.c Examining data/racket-7.8+dfsg1/share/pkgs/mzscheme-lib/mzscheme/examples/makeadder3m.c Examining data/racket-7.8+dfsg1/share/pkgs/mzscheme-lib/mzscheme/examples/tree.cxx Examining data/racket-7.8+dfsg1/src/ChezScheme/c/alloc.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/arm32le.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/compress-io.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/compress-io.h Examining data/racket-7.8+dfsg1/src/ChezScheme/c/expeditor.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/externs.h Examining data/racket-7.8+dfsg1/src/ChezScheme/c/fasl.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/flushcache.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/foreign.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/gc-ocd.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/gc-oce.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/gc.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/gcwrapper.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/globals.h Examining data/racket-7.8+dfsg1/src/ChezScheme/c/i3le.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/intern.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/io.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/itest.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/main.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/new-io.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/nocurses.h Examining data/racket-7.8+dfsg1/src/ChezScheme/c/number.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/popcount.h Examining data/racket-7.8+dfsg1/src/ChezScheme/c/ppc32.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/ppc32le.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/prim.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/print.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/random.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/scheme.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/schlib.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/schsig.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/segment.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/segment.h Examining data/racket-7.8+dfsg1/src/ChezScheme/c/sort.h Examining data/racket-7.8+dfsg1/src/ChezScheme/c/statics.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/stats.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/symbol.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/system.h Examining data/racket-7.8+dfsg1/src/ChezScheme/c/thread.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/thread.h Examining data/racket-7.8+dfsg1/src/ChezScheme/c/types.h Examining data/racket-7.8+dfsg1/src/ChezScheme/c/version.h Examining data/racket-7.8+dfsg1/src/ChezScheme/c/vfasl.c Examining data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c Examining data/racket-7.8+dfsg1/src/ChezScheme/examples/crepl.c Examining data/racket-7.8+dfsg1/src/ChezScheme/examples/csocket.c Examining data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c Examining data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.h Examining data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c Examining data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.h Examining data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame_static.h Examining data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4hc.c Examining data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4hc.h Examining data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/xxhash.c Examining data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/xxhash.h Examining data/racket-7.8+dfsg1/src/ChezScheme/mats/cat_flush.c Examining data/racket-7.8+dfsg1/src/ChezScheme/mats/foreign1.c Examining data/racket-7.8+dfsg1/src/ChezScheme/mats/foreign2.c Examining data/racket-7.8+dfsg1/src/ChezScheme/mats/foreign3.c Examining data/racket-7.8+dfsg1/src/ChezScheme/mats/foreign4.c Examining data/racket-7.8+dfsg1/src/ChezScheme/mats/ftype.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/adler32.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/compress.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/blast/blast.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/blast/blast.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/infback9/infback9.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/infback9/infback9.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/infback9/inffix9.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/infback9/inflate9.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/infback9/inftree9.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/infback9/inftree9.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/inflate86/inffas86.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream/test.cpp Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream/zfstream.cpp Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream/zfstream.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream2/zstream.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream2/zstream_test.cpp Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/test.cc Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/masmx64/inffas8664.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/crypt.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/ioapi.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/ioapi.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/iowin32.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/iowin32.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/miniunz.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/minizip.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/mztools.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/mztools.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/unzip.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/unzip.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/zip.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/zip.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/puff/puff.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/puff/puff.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/puff/pufftest.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/testzlib/testzlib.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/crc32.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/crc32.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/deflate.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/deflate.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/enough.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/fitblk.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gun.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzappend.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzjoin.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zpipe.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zran.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzclose.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzguts.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzlib.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzread.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzwrite.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/infback.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/inffast.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/inffast.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/inffixed.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/inflate.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/inflate.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/inftrees.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/inftrees.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/example.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/infcover.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/trees.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/trees.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/uncompr.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/zconf.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/zlib.h Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/zutil.c Examining data/racket-7.8+dfsg1/src/ChezScheme/zlib/zutil.h Examining data/racket-7.8+dfsg1/src/cs/c/api.h Examining data/racket-7.8+dfsg1/src/cs/c/boot.c Examining data/racket-7.8+dfsg1/src/cs/c/boot.h Examining data/racket-7.8+dfsg1/src/cs/c/grmain.c Examining data/racket-7.8+dfsg1/src/cs/c/main.c Examining data/racket-7.8+dfsg1/src/foreign/foreign.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/include/ffi_common.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/aarch64/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/aarch64/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/alpha/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/alpha/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/arc/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/arc/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/arm/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/arm/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/avr32/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/avr32/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/bfin/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/bfin/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/closures.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/cris/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/cris/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/debug.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/dlmalloc.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/frv/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/frv/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/ia64/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/ia64/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/ia64/ia64_flags.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/java_raw_api.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/m32r/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/m32r/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/m68k/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/m68k/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/m88k/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/m88k/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/metag/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/metag/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/microblaze/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/microblaze/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/mips/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/mips/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/moxie/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/moxie/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/nios2/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/nios2/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/pa/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/pa/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/asm.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi_darwin.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi_linux64.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi_powerpc.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi_sysv.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/prep_cif.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/raw_api.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/s390/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/s390/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/sh/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/sh/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/sh64/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/sh64/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/sparc/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/sparc/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/tile/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/tile/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/types.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/vax/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/vax/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/x86/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/x86/ffi64.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/x86/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/xtensa/ffi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/src/xtensa/ffitarget.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/closure_fn0.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/closure_fn1.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/closure_fn2.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/closure_fn3.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/closure_fn4.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/closure_fn5.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/closure_fn6.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/closure_loc_fn0.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/closure_simple.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_12byte.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_16byte.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_18byte.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_19byte.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_1_1byte.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_20byte.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_20byte1.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_24byte.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_2byte.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_3_1byte.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_3byte1.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_3byte2.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_4_1byte.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_4byte.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_5_1_byte.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_5byte.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_64byte.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_6_1_byte.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_6byte.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_7_1_byte.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_7byte.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_8byte.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_9byte1.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_9byte2.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_align_double.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_align_float.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_align_longdouble.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_align_longdouble_split.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_align_longdouble_split2.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_align_pointer.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_align_sint16.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_align_sint32.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_align_sint64.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_align_uint16.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_align_uint32.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_align_uint64.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_dbls_struct.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_double.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_double_va.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_float.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_longdouble.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_longdouble_va.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_multi_schar.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_multi_sshort.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_multi_sshortchar.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_multi_uchar.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_multi_ushort.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_multi_ushortchar.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_pointer.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_pointer_stack.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_schar.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_sint.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_sshort.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_struct_va1.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_uchar.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_uchar_va.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_uint.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_uint_va.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_ulong_va.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_ulonglong.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_ushort.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_ushort_va.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/err_bad_abi.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/err_bad_typedef.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/ffitest.h Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/float.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/float1.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/float2.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/float3.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/float4.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/float_va.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/huge_struct.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/many.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/many2.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/negint.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/nested_struct.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/nested_struct1.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/nested_struct10.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/nested_struct11.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/nested_struct2.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/nested_struct3.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/nested_struct4.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/nested_struct5.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/nested_struct6.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/nested_struct7.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/nested_struct8.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/nested_struct9.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/problem1.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/promotion.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/pyobjc-tc.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/return_dbl.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/return_dbl1.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/return_dbl2.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/return_fl.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/return_fl1.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/return_fl2.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/return_fl3.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/return_ldl.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/return_ll.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/return_ll1.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/return_sc.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/return_sl.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/return_uc.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/return_ul.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/stret_large.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/stret_large2.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/stret_medium.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/stret_medium2.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/strlen.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/strlen2.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/strlen3.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/strlen4.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/struct1.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/struct2.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/struct3.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/struct4.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/struct5.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/struct6.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/struct7.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/struct8.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/struct9.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/testclosure.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/uninitialized.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/unwindtest.cc Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/unwindtest_ffi_call.cc Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/va_1.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/va_struct1.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/va_struct2.c Examining data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/va_struct3.c Examining data/racket-7.8+dfsg1/src/gracket/grmain.c Examining data/racket-7.8+dfsg1/src/myssink/comtypes.cxx Examining data/racket-7.8+dfsg1/src/myssink/comtypes.h Examining data/racket-7.8+dfsg1/src/myssink/myssink.cxx Examining data/racket-7.8+dfsg1/src/myssink/resource.h Examining data/racket-7.8+dfsg1/src/myssink/sink.cxx Examining data/racket-7.8+dfsg1/src/myssink/sink.h Examining data/racket-7.8+dfsg1/src/myssink/sinktbl.h Examining data/racket-7.8+dfsg1/src/myssink/stdafx.cxx Examining data/racket-7.8+dfsg1/src/myssink/stdafx.h Examining data/racket-7.8+dfsg1/src/mzcom/com_glue.c Examining data/racket-7.8+dfsg1/src/mzcom/com_glue.h Examining data/racket-7.8+dfsg1/src/mzcom/mzcom.cxx Examining data/racket-7.8+dfsg1/src/mzcom/mzobj.cxx Examining data/racket-7.8+dfsg1/src/mzcom/mzobj.h Examining data/racket-7.8+dfsg1/src/mzcom/resource.h Examining data/racket-7.8+dfsg1/src/racket/dynsrc/dynexmpl.c Examining data/racket-7.8+dfsg1/src/racket/dynsrc/fixup.c Examining data/racket-7.8+dfsg1/src/racket/dynsrc/init.cc Examining data/racket-7.8+dfsg1/src/racket/dynsrc/mzdyn.c Examining data/racket-7.8+dfsg1/src/racket/gc/AmigaOS.c Examining data/racket-7.8+dfsg1/src/racket/gc/MacOS.c Examining data/racket-7.8+dfsg1/src/racket/gc/Mac_files/MacOS_Test_config.h Examining data/racket-7.8+dfsg1/src/racket/gc/Mac_files/MacOS_config.h Examining data/racket-7.8+dfsg1/src/racket/gc/Mac_files/dataend.c Examining data/racket-7.8+dfsg1/src/racket/gc/Mac_files/datastart.c Examining data/racket-7.8+dfsg1/src/racket/gc/add_gc_prefix.c Examining data/racket-7.8+dfsg1/src/racket/gc/allchblk.c Examining data/racket-7.8+dfsg1/src/racket/gc/alloc.c Examining data/racket-7.8+dfsg1/src/racket/gc/backgraph.c Examining data/racket-7.8+dfsg1/src/racket/gc/blacklst.c Examining data/racket-7.8+dfsg1/src/racket/gc/checksums.c Examining data/racket-7.8+dfsg1/src/racket/gc/cord/cordbscs.c Examining data/racket-7.8+dfsg1/src/racket/gc/cord/cordprnt.c Examining data/racket-7.8+dfsg1/src/racket/gc/cord/cordtest.c Examining data/racket-7.8+dfsg1/src/racket/gc/cord/cordxtra.c Examining data/racket-7.8+dfsg1/src/racket/gc/cord/de.c Examining data/racket-7.8+dfsg1/src/racket/gc/cord/de_cmds.h Examining data/racket-7.8+dfsg1/src/racket/gc/cord/de_win.c Examining data/racket-7.8+dfsg1/src/racket/gc/cord/de_win.h Examining data/racket-7.8+dfsg1/src/racket/gc/darwin_stop_world.c Examining data/racket-7.8+dfsg1/src/racket/gc/dbg_mlc.c Examining data/racket-7.8+dfsg1/src/racket/gc/dyn_load.c Examining data/racket-7.8+dfsg1/src/racket/gc/finalize.c Examining data/racket-7.8+dfsg1/src/racket/gc/gc.h Examining data/racket-7.8+dfsg1/src/racket/gc/gc_cpp.cc Examining data/racket-7.8+dfsg1/src/racket/gc/gc_cpp.cpp Examining data/racket-7.8+dfsg1/src/racket/gc/gc_dlopen.c Examining data/racket-7.8+dfsg1/src/racket/gc/gcc_support.c Examining data/racket-7.8+dfsg1/src/racket/gc/gcj_mlc.c Examining data/racket-7.8+dfsg1/src/racket/gc/gcname.c Examining data/racket-7.8+dfsg1/src/racket/gc/headers.c Examining data/racket-7.8+dfsg1/src/racket/gc/if_mach.c Examining data/racket-7.8+dfsg1/src/racket/gc/if_not_there.c Examining data/racket-7.8+dfsg1/src/racket/gc/include/cord.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/ec.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/extra/gc.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/extra/gc_cpp.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/gc.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/gc_alloc.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/gc_allocator.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/gc_amiga_redirects.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/gc_backptr.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/gc_config_macros.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/gc_cpp.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/gc_gcj.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/gc_inl.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/gc_inline.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/gc_local_alloc.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/gc_mark.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/gc_pthread_redirects.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/gc_tiny_fl.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/gc_typed.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/gc_version.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/javaxfc.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/leak_detector.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/new_gc_alloc.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/private/cord_pos.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/private/darwin_semaphore.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/private/darwin_stop_world.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/private/dbg_mlc.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/private/gc_hdrs.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/private/gc_locks.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/private/gc_pmark.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/private/gc_priv.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/private/gcconfig.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/private/msvc_dbg.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/private/openbsd_stop_world.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/private/pthread_stop_world.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/private/pthread_support.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/private/solaris_threads.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/private/specific.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/private/thread_local_alloc.h Examining data/racket-7.8+dfsg1/src/racket/gc/include/weakpointer.h Examining data/racket-7.8+dfsg1/src/racket/gc/mach_dep.c Examining data/racket-7.8+dfsg1/src/racket/gc/mach_dep1.c Examining data/racket-7.8+dfsg1/src/racket/gc/malloc.c Examining data/racket-7.8+dfsg1/src/racket/gc/mallocx.c Examining data/racket-7.8+dfsg1/src/racket/gc/mark.c Examining data/racket-7.8+dfsg1/src/racket/gc/mark_rts.c Examining data/racket-7.8+dfsg1/src/racket/gc/misc.c Examining data/racket-7.8+dfsg1/src/racket/gc/msvc_dbg.c Examining data/racket-7.8+dfsg1/src/racket/gc/new_hblk.c Examining data/racket-7.8+dfsg1/src/racket/gc/obj_map.c Examining data/racket-7.8+dfsg1/src/racket/gc/openbsd_stop_world.c Examining data/racket-7.8+dfsg1/src/racket/gc/os_dep.c Examining data/racket-7.8+dfsg1/src/racket/gc/pcr_interface.c Examining data/racket-7.8+dfsg1/src/racket/gc/pthread_stop_world.c Examining data/racket-7.8+dfsg1/src/racket/gc/pthread_support.c Examining data/racket-7.8+dfsg1/src/racket/gc/ptr_chck.c Examining data/racket-7.8+dfsg1/src/racket/gc/real_malloc.c Examining data/racket-7.8+dfsg1/src/racket/gc/reclaim.c Examining data/racket-7.8+dfsg1/src/racket/gc/setjmp_t.c Examining data/racket-7.8+dfsg1/src/racket/gc/solaris_pthreads.c Examining data/racket-7.8+dfsg1/src/racket/gc/solaris_threads.c Examining data/racket-7.8+dfsg1/src/racket/gc/specific.c Examining data/racket-7.8+dfsg1/src/racket/gc/stubborn.c Examining data/racket-7.8+dfsg1/src/racket/gc/tests/huge_test.c Examining data/racket-7.8+dfsg1/src/racket/gc/tests/leak_test.c Examining data/racket-7.8+dfsg1/src/racket/gc/tests/middle.c Examining data/racket-7.8+dfsg1/src/racket/gc/tests/smash_test.c Examining data/racket-7.8+dfsg1/src/racket/gc/tests/test.c Examining data/racket-7.8+dfsg1/src/racket/gc/tests/test_cpp.cc Examining data/racket-7.8+dfsg1/src/racket/gc/tests/thread_leak_test.c Examining data/racket-7.8+dfsg1/src/racket/gc/tests/trace_test.c Examining data/racket-7.8+dfsg1/src/racket/gc/thread_local_alloc.c Examining data/racket-7.8+dfsg1/src/racket/gc/threadlibs.c Examining data/racket-7.8+dfsg1/src/racket/gc/typd_mlc.c Examining data/racket-7.8+dfsg1/src/racket/gc/version.h Examining data/racket-7.8+dfsg1/src/racket/gc/win32_threads.c Examining data/racket-7.8+dfsg1/src/racket/gc2/alloc_cache.c Examining data/racket-7.8+dfsg1/src/racket/gc2/backtrace.c Examining data/racket-7.8+dfsg1/src/racket/gc2/block_cache.c Examining data/racket-7.8+dfsg1/src/racket/gc2/commongc_internal.h Examining data/racket-7.8+dfsg1/src/racket/gc2/fnls.c Examining data/racket-7.8+dfsg1/src/racket/gc2/gc.h Examining data/racket-7.8+dfsg1/src/racket/gc2/gc2.c Examining data/racket-7.8+dfsg1/src/racket/gc2/gc2.h Examining data/racket-7.8+dfsg1/src/racket/gc2/gc2_dump.h Examining data/racket-7.8+dfsg1/src/racket/gc2/gc2_obj.h Examining data/racket-7.8+dfsg1/src/racket/gc2/gclist.h Examining data/racket-7.8+dfsg1/src/racket/gc2/immobile_boxes.c Examining data/racket-7.8+dfsg1/src/racket/gc2/mem_account.c Examining data/racket-7.8+dfsg1/src/racket/gc2/msgprint.c Examining data/racket-7.8+dfsg1/src/racket/gc2/my_qsort.c Examining data/racket-7.8+dfsg1/src/racket/gc2/newgc.c Examining data/racket-7.8+dfsg1/src/racket/gc2/newgc.h Examining data/racket-7.8+dfsg1/src/racket/gc2/page_range.c Examining data/racket-7.8+dfsg1/src/racket/gc2/places_gc.c Examining data/racket-7.8+dfsg1/src/racket/gc2/platforms.h Examining data/racket-7.8+dfsg1/src/racket/gc2/precomp.c Examining data/racket-7.8+dfsg1/src/racket/gc2/rlimit_heapsize.c Examining data/racket-7.8+dfsg1/src/racket/gc2/roots.c Examining data/racket-7.8+dfsg1/src/racket/gc2/sighand.c Examining data/racket-7.8+dfsg1/src/racket/gc2/stack_comp.c Examining data/racket-7.8+dfsg1/src/racket/gc2/testing.c Examining data/racket-7.8+dfsg1/src/racket/gc2/var_stack.c Examining data/racket-7.8+dfsg1/src/racket/gc2/vm.c Examining data/racket-7.8+dfsg1/src/racket/gc2/vm_memalign.c Examining data/racket-7.8+dfsg1/src/racket/gc2/vm_mmap.c Examining data/racket-7.8+dfsg1/src/racket/gc2/vm_osk.c Examining data/racket-7.8+dfsg1/src/racket/gc2/vm_osx.c Examining data/racket-7.8+dfsg1/src/racket/gc2/vm_win.c Examining data/racket-7.8+dfsg1/src/racket/gc2/weak.c Examining data/racket-7.8+dfsg1/src/racket/include/cgc2.h Examining data/racket-7.8+dfsg1/src/racket/include/escheme.h Examining data/racket-7.8+dfsg1/src/racket/include/scheme.h Examining data/racket-7.8+dfsg1/src/racket/include/schthread.h Examining data/racket-7.8+dfsg1/src/racket/main.c Examining data/racket-7.8+dfsg1/src/racket/sconfig.h Examining data/racket-7.8+dfsg1/src/racket/sgc/gc.h Examining data/racket-7.8+dfsg1/src/racket/sgc/sgc.c Examining data/racket-7.8+dfsg1/src/racket/sgc/sgc.h Examining data/racket-7.8+dfsg1/src/racket/sgc/test.c Examining data/racket-7.8+dfsg1/src/racket/src/bignum.c Examining data/racket-7.8+dfsg1/src/racket/src/bool.c Examining data/racket-7.8+dfsg1/src/racket/src/char.c Examining data/racket-7.8+dfsg1/src/racket/src/compenv.c Examining data/racket-7.8+dfsg1/src/racket/src/compile.c Examining data/racket-7.8+dfsg1/src/racket/src/complex.c Examining data/racket-7.8+dfsg1/src/racket/src/dynext.c Examining data/racket-7.8+dfsg1/src/racket/src/env.c Examining data/racket-7.8+dfsg1/src/racket/src/error.c Examining data/racket-7.8+dfsg1/src/racket/src/eval.c Examining data/racket-7.8+dfsg1/src/racket/src/file.c Examining data/racket-7.8+dfsg1/src/racket/src/fun.c Examining data/racket-7.8+dfsg1/src/racket/src/future.c Examining data/racket-7.8+dfsg1/src/racket/src/future.h Examining data/racket-7.8+dfsg1/src/racket/src/gmp/gmp-impl.h Examining data/racket-7.8+dfsg1/src/racket/src/gmp/gmp-mparam.h Examining data/racket-7.8+dfsg1/src/racket/src/gmp/gmp.c Examining data/racket-7.8+dfsg1/src/racket/src/gmp/gmp.h Examining data/racket-7.8+dfsg1/src/racket/src/gmp/gmplonglong.h Examining data/racket-7.8+dfsg1/src/racket/src/hash.c Examining data/racket-7.8+dfsg1/src/racket/src/jit.c Examining data/racket-7.8+dfsg1/src/racket/src/jit.h Examining data/racket-7.8+dfsg1/src/racket/src/jit_ts.c Examining data/racket-7.8+dfsg1/src/racket/src/jit_ts_def.c Examining data/racket-7.8+dfsg1/src/racket/src/jit_ts_future_glue.c Examining data/racket-7.8+dfsg1/src/racket/src/jit_ts_protos.h Examining data/racket-7.8+dfsg1/src/racket/src/jit_ts_runtime_glue.c Examining data/racket-7.8+dfsg1/src/racket/src/jitalloc.c Examining data/racket-7.8+dfsg1/src/racket/src/jitarith.c Examining data/racket-7.8+dfsg1/src/racket/src/jitcall.c Examining data/racket-7.8+dfsg1/src/racket/src/jitcommon.c Examining data/racket-7.8+dfsg1/src/racket/src/jitfpu.h Examining data/racket-7.8+dfsg1/src/racket/src/jitinline.c Examining data/racket-7.8+dfsg1/src/racket/src/jitprep.c Examining data/racket-7.8+dfsg1/src/racket/src/jitstack.c Examining data/racket-7.8+dfsg1/src/racket/src/jitstate.c Examining data/racket-7.8+dfsg1/src/racket/src/letrec_check.c Examining data/racket-7.8+dfsg1/src/racket/src/lightning/arm/asm-common.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/arm/asm.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/arm/core-common.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/arm/core.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/arm/fp-common.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/arm/fp-swf.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/arm/fp-vfp.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/arm/fp.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/arm/funcs-common.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/arm/funcs.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/i386/asm-common.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/i386/asm.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/i386/core-common.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/i386/core.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/i386/fp-common.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/i386/fp-extfpu.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/i386/fp-sse.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/i386/fp.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/i386/funcs-common.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/i386/funcs.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/lightning.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/ppc/asm-common.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/ppc/asm.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/ppc/core-common.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/ppc/core.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/ppc/fp-common.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/ppc/fp.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/ppc/funcs-common.h Examining data/racket-7.8+dfsg1/src/racket/src/lightning/ppc/funcs.h Examining data/racket-7.8+dfsg1/src/racket/src/linklet.c Examining data/racket-7.8+dfsg1/src/racket/src/list.c Examining data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c Examining data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.h Examining data/racket-7.8+dfsg1/src/racket/src/marshal.c Examining data/racket-7.8+dfsg1/src/racket/src/mzmarksrc.c Examining data/racket-7.8+dfsg1/src/racket/src/mzrt.c Examining data/racket-7.8+dfsg1/src/racket/src/mzrt.h Examining data/racket-7.8+dfsg1/src/racket/src/mzsj86.c Examining data/racket-7.8+dfsg1/src/racket/src/mzstkchk.h Examining data/racket-7.8+dfsg1/src/racket/src/network.c Examining data/racket-7.8+dfsg1/src/racket/src/numarith.c Examining data/racket-7.8+dfsg1/src/racket/src/number.c Examining data/racket-7.8+dfsg1/src/racket/src/numcomp.c Examining data/racket-7.8+dfsg1/src/racket/src/nummacs.h Examining data/racket-7.8+dfsg1/src/racket/src/numstr.c Examining data/racket-7.8+dfsg1/src/racket/src/optimize.c Examining data/racket-7.8+dfsg1/src/racket/src/place.c Examining data/racket-7.8+dfsg1/src/racket/src/port.c Examining data/racket-7.8+dfsg1/src/racket/src/portfun.c Examining data/racket-7.8+dfsg1/src/racket/src/print.c Examining data/racket-7.8+dfsg1/src/racket/src/rational.c Examining data/racket-7.8+dfsg1/src/racket/src/read.c Examining data/racket-7.8+dfsg1/src/racket/src/regexp.c Examining data/racket-7.8+dfsg1/src/racket/src/resolve.c Examining data/racket-7.8+dfsg1/src/racket/src/salloc.c Examining data/racket-7.8+dfsg1/src/racket/src/schcpt.h Examining data/racket-7.8+dfsg1/src/racket/src/schemef.h Examining data/racket-7.8+dfsg1/src/racket/src/schemex.h Examining data/racket-7.8+dfsg1/src/racket/src/schemexm.h Examining data/racket-7.8+dfsg1/src/racket/src/schexn.h Examining data/racket-7.8+dfsg1/src/racket/src/schgc.h Examining data/racket-7.8+dfsg1/src/racket/src/schgencat.h Examining data/racket-7.8+dfsg1/src/racket/src/schmach.h Examining data/racket-7.8+dfsg1/src/racket/src/schminc.h Examining data/racket-7.8+dfsg1/src/racket/src/schpriv.h Examining data/racket-7.8+dfsg1/src/racket/src/schrktio.h Examining data/racket-7.8+dfsg1/src/racket/src/schrunst.h Examining data/racket-7.8+dfsg1/src/racket/src/schrx.h Examining data/racket-7.8+dfsg1/src/racket/src/schvers.h Examining data/racket-7.8+dfsg1/src/racket/src/sema.c Examining data/racket-7.8+dfsg1/src/racket/src/setjmpup.c Examining data/racket-7.8+dfsg1/src/racket/src/sfs.c Examining data/racket-7.8+dfsg1/src/racket/src/sort.c Examining data/racket-7.8+dfsg1/src/racket/src/startup.c Examining data/racket-7.8+dfsg1/src/racket/src/string.c Examining data/racket-7.8+dfsg1/src/racket/src/struct.c Examining data/racket-7.8+dfsg1/src/racket/src/stypes.h Examining data/racket-7.8+dfsg1/src/racket/src/symbol.c Examining data/racket-7.8+dfsg1/src/racket/src/syntax.c Examining data/racket-7.8+dfsg1/src/racket/src/systype.c Examining data/racket-7.8+dfsg1/src/racket/src/thread.c Examining data/racket-7.8+dfsg1/src/racket/src/type.c Examining data/racket-7.8+dfsg1/src/racket/src/unwind/libunwind.c Examining data/racket-7.8+dfsg1/src/racket/src/unwind/libunwind.h Examining data/racket-7.8+dfsg1/src/racket/src/unwind/libunwind_i.h Examining data/racket-7.8+dfsg1/src/racket/src/unwind/os-linux.h Examining data/racket-7.8+dfsg1/src/racket/src/validate.c Examining data/racket-7.8+dfsg1/src/racket/src/vector.c Examining data/racket-7.8+dfsg1/src/racket/uconfig.h Examining data/racket-7.8+dfsg1/src/racket/utils/schiptr.h Examining data/racket-7.8+dfsg1/src/racket/utils/splay.c Examining data/racket-7.8+dfsg1/src/rktio/demo.c Examining data/racket-7.8+dfsg1/src/rktio/rktio.h Examining data/racket-7.8+dfsg1/src/rktio/rktio_console.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_convert.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_cpu.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_dll.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_envvars.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_error.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_fd.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_file.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_flock.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_fs.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_fs_change.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_hash.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_ltps.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_main.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_network.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_pipe.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_platform.h Examining data/racket-7.8+dfsg1/src/rktio/rktio_poll_set.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_private.h Examining data/racket-7.8+dfsg1/src/rktio/rktio_process.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_sha1.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_sha2.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_shellex.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_signal.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_sleep.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_syslog.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_time.c Examining data/racket-7.8+dfsg1/src/rktio/rktio_wide.c Examining data/racket-7.8+dfsg1/src/start/MemoryModule.c Examining data/racket-7.8+dfsg1/src/start/MemoryModule.h Examining data/racket-7.8+dfsg1/src/start/start.c Examining data/racket-7.8+dfsg1/src/start/ustart.c Examining data/racket-7.8+dfsg1/src/worksp/checkvs9.c Examining data/racket-7.8+dfsg1/src/worksp/cs/cs_config.h Examining data/racket-7.8+dfsg1/src/worksp/cstartup.c Examining data/racket-7.8+dfsg1/src/worksp/gc2/precomp.c Examining data/racket-7.8+dfsg1/src/worksp/gc2/wxprecomp.cxx Examining data/racket-7.8+dfsg1/src/worksp/genvsx.c Examining data/racket-7.8+dfsg1/src/worksp/libffi/ffi.h Examining data/racket-7.8+dfsg1/src/worksp/libffi/fficonfig.h Examining data/racket-7.8+dfsg1/src/worksp/librktio/rktio_config.h Examining data/racket-7.8+dfsg1/src/worksp/mzconfig.h Examining data/racket-7.8+dfsg1/src/worksp/rbuildmode.c Examining data/racket-7.8+dfsg1/src/worksp/starters/resource.h Examining data/racket-7.8+dfsg1/debian/racket-arch.c FINAL RESULTS: data/racket-7.8+dfsg1/src/ChezScheme/c/version.h:402:16: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. # define CHMOD chmod data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:32:13: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. # define chmod(path,mode) _chmod(path,mode) data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:277:7: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(item->fname,item->mode); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gun.c:527:11: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. (void)chmod(to, was.st_mode & 07777); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gun.c:530:11: [5] (race) chown: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchown( ) instead. (void)chown(to, was.st_uid, was.st_gid); data/racket-7.8+dfsg1/src/cs/c/main.c:157:11: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. len = readlink("/proc/self/exe", s, blen-1); data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:4401:16: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. ret_code = readlink("/proc/self/exe", exe_name, EXE_SZ); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:885:11: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. len = readlink(fullfilename, buffer, buf_len); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1272:11: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. r = chmod(filename, new_bits); data/racket-7.8+dfsg1/src/start/ustart.c:422:11: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. len = readlink(me, buf, bufsize); data/racket-7.8+dfsg1/src/ChezScheme/c/expeditor.c:732:5: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. system("exec /usr/X11/bin/resize >& /dev/null"); data/racket-7.8+dfsg1/src/ChezScheme/c/expeditor.c:1017:15: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. FILE *f = popen("/usr/bin/pbpaste", "r"); data/racket-7.8+dfsg1/src/ChezScheme/c/gcwrapper.c:38:5: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf(checkheap_noisy ? "NB: check_heap is enabled and noisy\n" : "NB: check_heap_is_enabled\n"); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:303:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, fmtbuf, "level", addrtitle, "bytes"); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:308:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, fmtbuf, 2, t2t, sizeof(t2table)); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:312:11: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, fmtbuf, 1, (ptrdiff_t)t1t, (ptrdiff_t)sizeof(t1table)); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:327:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, fmtbuf, "level", addrtitle, "bytes"); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:332:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, fmtbuf, 1, (ptrdiff_t)t1t, (ptrdiff_t)sizeof(t1table)); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:366:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, fmtbuf, addrtitle, bytestitle, headertitle, "segments used"); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:371:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, fmtbuf, (ptrdiff_t)chunk->addr, (ptrdiff_t)chunk->bytes, data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:462:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, fmtbuf, "total"); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:466:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, fmtbuf, "static"); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:470:9: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, fmtbuf, g); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:483:13: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, fmtbuf, (ptrdiff_t)(count[s][g])); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:493:15: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, fmtbuf, data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:499:15: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(out, fmtbuf, ""); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:541:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(genline, 100, fmtbuf, ""); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:577:11: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(spaceline, 100, fmtbuf, (ptrdiff_t)(chunk->base + i)); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:809:9: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl("/bin/sh", "/bin/sh", "-c", s, NULL); data/racket-7.8+dfsg1/src/ChezScheme/c/scheme.c:812:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bd[boot_count].path, path); data/racket-7.8+dfsg1/src/ChezScheme/c/scheme.c:1101:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, name); data/racket-7.8+dfsg1/src/ChezScheme/c/version.h:450:17: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. # define SYSTEM system data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:290:23: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (flags & O_RDWR) access |= GENERIC_READ|GENERIC_WRITE; data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:291:25: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (flags & O_RDONLY) access |= GENERIC_READ; data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:292:25: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (flags & O_WRONLY) access |= GENERIC_WRITE; data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:297:28: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. hfile = CreateFile(path, access, 0, (SECURITY_ATTRIBUTES *)0, data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:409:12: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. return system(command); data/racket-7.8+dfsg1/src/ChezScheme/examples/csocket.c:71:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(sun.sun_path, name); data/racket-7.8+dfsg1/src/ChezScheme/examples/csocket.c:93:12: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). (void) strcpy(sun.sun_path, name); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:413:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __FILE__ ": "); \ data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:414:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:109:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __FILE__ ": "); \ data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:110:21: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, __VA_ARGS__); \ data/racket-7.8+dfsg1/src/ChezScheme/mats/foreign1.c:58:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). return strcpy(dst, src); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/miniunz.c:154:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer,newdir); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:31:13: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. # define access(path,mode) _access(path,mode) data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:137:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer,arcname); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:142:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buffer+origlen,TGZsuffix[i]); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:143:12: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (access(buffer,F_OK) == 0) data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:158:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr,(TGZsuffix[i+1]) ? "%s%s, " : "or %s%s\n", data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:586:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dest, log->path); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:878:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(log->id, LOGID); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:888:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(log->path, path); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zran.c:75:8: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. struct access { data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zran.c:82:30: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. local void free_index(struct access *index) data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zran.c:92:14: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. local struct access *addpoint(struct access *index, int bits, data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zran.c:92:38: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. local struct access *addpoint(struct access *index, int bits, data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zran.c:99:38: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. index = malloc(sizeof(struct access)); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zran.c:144:52: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. local int build_index(FILE *in, off_t span, struct access **built) data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zran.c:149:12: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. struct access *index; /* access points being generated */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zran.c:249:36: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. local int extract(FILE *in, struct access *index, off_t offset, data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zran.c:359:12: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. struct access *index = NULL; data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzguts.h:86:18: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # if !defined(vsnprintf) && !defined(NO_vsnprintf) data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzguts.h:88:18: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define vsnprintf _vsnprintf data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzguts.h:110:11: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define snprintf _snprintf data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzguts.h:110:20: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define snprintf _snprintf data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzlib.c:216:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(state->path, path); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzlib.c:614:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(state->msg, state->path); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzlib.c:616:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(state->msg, msg); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzwrite.c:417:11: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. (void)vsprintf(next, format, va); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzwrite.c:421:11: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. len = vsprintf(next, format, va); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzwrite.c:425:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. (void)vsnprintf(next, state->size, format, va); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzwrite.c:428:11: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = vsnprintf(next, state->size, format, va); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzwrite.c:511:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(next, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, a12, data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzwrite.c:517:11: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. len = sprintf(next, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, a10, a11, data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzwrite.c:522:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(next, state->size, format, a1, a2, a3, a4, a5, a6, a7, a8, a9, data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzwrite.c:526:11: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. len = snprintf(next, state->size, format, a1, a2, a3, a4, a5, a6, a7, a8, data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/infcover.c:529:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(prefix, id); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/infcover.c:555:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(prefix, id); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:44:11: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define snprintf _snprintf data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:44:20: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define snprintf _snprintf data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:473:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(outfile, file); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:474:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(outfile, GZ_SUFFIX); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:513:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, file); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:526:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(infile, GZ_SUFFIX); data/racket-7.8+dfsg1/src/ChezScheme/zlib/zutil.h:242:39: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Trace(x) {if (z_verbose>=0) fprintf x ;} data/racket-7.8+dfsg1/src/ChezScheme/zlib/zutil.h:243:39: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Tracev(x) {if (z_verbose>0) fprintf x ;} data/racket-7.8+dfsg1/src/ChezScheme/zlib/zutil.h:244:40: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Tracevv(x) {if (z_verbose>1) fprintf x ;} data/racket-7.8+dfsg1/src/ChezScheme/zlib/zutil.h:245:48: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;} data/racket-7.8+dfsg1/src/ChezScheme/zlib/zutil.h:246:49: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;} data/racket-7.8+dfsg1/src/cs/c/main.c:340:11: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return (access(path, X_OK) == 0); data/racket-7.8+dfsg1/src/foreign/libffi/src/closures.c:346:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. || access (mnt.mnt_dir, W_OK)) data/racket-7.8+dfsg1/src/foreign/libffi/src/pa/ffi.c:52:57: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define debug(lvl, x...) do { if (lvl <= DEBUG_LEVEL) { printf(x); } } while (0) data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_double_va.c:20:20: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. *(ffi_arg*)resp = printf(format, doubleValue); data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_double_va.c:47:24: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. ffi_call(&cif, FFI_FN(printf), &res, args); data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_longdouble_va.c:20:20: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. *(ffi_arg*)resp = printf(format, ldValue); data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_longdouble_va.c:47:24: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. ffi_call(&cif, FFI_FN(printf), &res, args); data/racket-7.8+dfsg1/src/gracket/grmain.c:33:17: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define PRINTF printf data/racket-7.8+dfsg1/src/gracket/grmain.c:102:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buffer, msg, args); data/racket-7.8+dfsg1/src/racket/gc/cord/cordbscs.c:290:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, buf); data/racket-7.8+dfsg1/src/racket/gc/cord/cordbscs.c:440:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(result, buf); data/racket-7.8+dfsg1/src/racket/gc/cord/cordprnt.c:312:24: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. res = vsprintf(buf, conv_spec, vsprintf_args); data/racket-7.8+dfsg1/src/racket/gc/cord/de.c:64:24: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define de_error(s) { fprintf(stderr, s); getchar(); } data/racket-7.8+dfsg1/src/racket/gc/cord/de.c:69:25: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define de_error(s) { fprintf(stderr, s); sleep(2); } data/racket-7.8+dfsg1/src/racket/gc/dbg_mlc.c:647:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(copy, str); data/racket-7.8+dfsg1/src/racket/gc/if_mach.c:16:5: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(argv[3], argv+3); data/racket-7.8+dfsg1/src/racket/gc/if_not_there.c:31:5: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(argv[2], argv+2); data/racket-7.8+dfsg1/src/racket/gc/malloc.c:250:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(copy, s); data/racket-7.8+dfsg1/src/racket/gc/misc.c:859:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(logPath, LOG_FILE); data/racket-7.8+dfsg1/src/racket/gc/misc.c:971:10: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define vsnprintf _vsnprintf data/racket-7.8+dfsg1/src/racket/gc/misc.c:986:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. (void) vsnprintf(buf, BUFSZ, format, args); data/racket-7.8+dfsg1/src/racket/gc/misc.c:999:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. (void) vsnprintf(buf, BUFSZ, format, args); data/racket-7.8+dfsg1/src/racket/gc/misc.c:1012:12: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. (void) vsnprintf(buf, BUFSZ, format, args); data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:4413:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cmd_buf, "/usr/bin/addr2line -f -e %s 0x%lx", exe_name, data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:4421:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (preload_buf, old_preload); data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:4424:10: [4] (shell) popen: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. pipe = popen(cmd_buf, "r"); data/racket-7.8+dfsg1/src/racket/gc/tests/test.c:55:22: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define GC_printf printf data/racket-7.8+dfsg1/src/racket/gc2/msgprint.c:11:18: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define GCPRINT fprintf data/racket-7.8+dfsg1/src/racket/gc2/places_gc.c:70:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(gcdebugOUT(gc), fmt, ap); data/racket-7.8+dfsg1/src/racket/gc2/sighand.c:41:5: [4] (shell) execl: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execl("/usr/bin/bash", "rgdb", pidstr); data/racket-7.8+dfsg1/src/racket/gc2/vm.c:10:18: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define GCPRINT fprintf data/racket-7.8+dfsg1/src/racket/include/scheme.h:232:34: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #if defined(MZ_XFORM) && defined(strcpy) data/racket-7.8+dfsg1/src/racket/include/scheme.h:240:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(a, b); data/racket-7.8+dfsg1/src/racket/include/scheme.h:246:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). # undef strcpy data/racket-7.8+dfsg1/src/racket/include/scheme.h:247:10: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). # define strcpy _mzstrcpy data/racket-7.8+dfsg1/src/racket/main.c:154:17: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define PRINTF printf data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:833:18: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define FPRINTF fprintf data/racket-7.8+dfsg1/src/racket/src/compile.c:271:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, "%s%s%" PRIdPTR ":%" PRIdPTR, data/racket-7.8+dfsg1/src/racket/src/compile.c:274:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, "%s%s%" PRIdPTR, data/racket-7.8+dfsg1/src/racket/src/env.c:252:24: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define DONE_TIME(n) (printf(#n ": %" PRIdPTR "\n", (intptr_t)(scheme_get_process_milliseconds() - startt))) data/racket-7.8+dfsg1/src/racket/src/error.c:206:3: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, msg, args); data/racket-7.8+dfsg1/src/racket/src/error.c:446:15: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, "%" PRIxPTR, d); data/racket-7.8+dfsg1/src/racket/src/error.c:448:15: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, "%" PRIdPTR, d); data/racket-7.8+dfsg1/src/racket/src/error.c:499:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "; %s=%" PRIdPTR "", errkind_str, errid); data/racket-7.8+dfsg1/src/racket/src/error.c:613:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf((char *)t, "%s; %s=%d", es, errkind_str, en); data/racket-7.8+dfsg1/src/racket/src/error.c:1629:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(other, "; %s%s were:", s, isres); data/racket-7.8+dfsg1/src/racket/src/error.c:2083:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, data/racket-7.8+dfsg1/src/racket/src/error.c:3130:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "[repeats %d more time%s]", repeats, (repeats == 1) ? "" : "s"); data/racket-7.8+dfsg1/src/racket/src/fun.c:2221:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "%s(-> any)%s", pre, post); data/racket-7.8+dfsg1/src/racket/src/fun.c:2224:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "%s(any/c . -> . any)%s", pre, post); data/racket-7.8+dfsg1/src/racket/src/fun.c:2227:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "%s(any/c any/c . -> . any)%s", pre, post); data/racket-7.8+dfsg1/src/racket/src/fun.c:2230:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "%s(any/c any/c any/c . -> . any)%s", pre, post); data/racket-7.8+dfsg1/src/racket/src/fun.c:2233:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "%s(procedure-arity-includes/c %d)%s", data/racket-7.8+dfsg1/src/racket/src/fun.c:2318:12: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. c += sprintf(b XFORM_OK_PLUS c, "%" PRIdPTR, SCHEME_INT_VAL(SCHEME_CAR(p))); data/racket-7.8+dfsg1/src/racket/src/fun.c:3881:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nbuf, "%d%s argument", i, scheme_number_suffix(i)); data/racket-7.8+dfsg1/src/racket/src/fun.c:4041:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(nbuf, "%d%s result", i, scheme_number_suffix(i)); data/racket-7.8+dfsg1/src/racket/src/jit.h:1176:119: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define LOG_IT(args) if (jitter->retain_start) { if (getenv("JITLOG")) { START_XFORM_SKIP; emit_indentation(jitter); printf args; END_XFORM_SKIP; } } data/racket-7.8+dfsg1/src/racket/src/numstr.c:1956:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, buffer); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2021:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s + nlen + 1, ds); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2065:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "no %s representation", dest); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2084:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "no %s representation", dest); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2105:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "no %s representation", dest); data/racket-7.8+dfsg1/src/racket/src/print.c:1684:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, ":%" PRIxPTR, (intptr_t)o); data/racket-7.8+dfsg1/src/racket/src/print.c:3414:4: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(minibuf, data/racket-7.8+dfsg1/src/racket/src/salloc.c:2349:32: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define object_console_printf fprintf data/racket-7.8+dfsg1/src/racket/src/salloc.c:2399:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "[%d=%s%s%s%s%s%s]", data/racket-7.8+dfsg1/src/racket/src/salloc.c:2412:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "[%s%.100s]", data/racket-7.8+dfsg1/src/racket/src/salloc.c:2520:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(t2, "#<meta-continuation>[%d;%s]", mc->pseudo, t3); data/racket-7.8+dfsg1/src/racket/src/string.c:5483:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buff,"Windows %s %ld.%ld (Build %ld)%s%s", data/racket-7.8+dfsg1/src/racket/src/struct.c:313:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. Scheme_Object *a[2], *pred, *access; data/racket-7.8+dfsg1/src/racket/src/struct.c:320:69: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. write_property = make_struct_type_property_from_c(2, a, &pred, &access, data/racket-7.8+dfsg1/src/racket/src/struct.c:324:57: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. scheme_addto_prim_instance("custom-write-accessor", access, env); data/racket-7.8+dfsg1/src/racket/src/struct.c:329:34: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. Scheme_Object *a[2], *pred, *access; data/racket-7.8+dfsg1/src/racket/src/struct.c:336:79: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. print_attribute_property = make_struct_type_property_from_c(2, a, &pred, &access, data/racket-7.8+dfsg1/src/racket/src/struct.c:340:66: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. scheme_addto_prim_instance("custom-print-quotable-accessor", access, env); data/racket-7.8+dfsg1/src/racket/src/struct.c:1301:57: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return make_struct_type_property_from_c(2, a, &pred, &access, scheme_struct_property_type); data/racket-7.8+dfsg1/src/racket/src/thread.c:9407:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, data/racket-7.8+dfsg1/src/racket/src/thread.c:9503:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf, data/racket-7.8+dfsg1/src/racket/src/thread.c:9564:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, data/racket-7.8+dfsg1/src/racket/src/thread.c:9597:3: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(nums+i, "%" PRIdPTR, v); data/racket-7.8+dfsg1/src/racket/src/unwind/libunwind_i.h:204:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, format); \ data/racket-7.8+dfsg1/src/racket/src/unwind/libunwind_i.h:207:34: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Dprintf(format...) fprintf (stderr, format) data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1150:12: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. ok = access(filename, R_OK); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1159:7: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. ok = access(filename, W_OK); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1172:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. ok = access(filename, X_OK); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1935:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(home, home_str+2); data/racket-7.8+dfsg1/src/start/MemoryModule.c:143:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tmpmsg, "%s: %s", msg, tmp); data/racket-7.8+dfsg1/src/start/start.c:283:5: [4] (format) swprintf: Potential format string problem (CWE-134). Make format string constant. swprintf(errbuff,sizeof(errbuff),L"Can't find %s",go); data/racket-7.8+dfsg1/src/start/start.c:330:5: [4] (format) swprintf: Potential format string problem (CWE-134). Make format string constant. swprintf(errbuff,sizeof(errbuff),L"Command line of %d characters exceeds %d characters: %.1024s", data/racket-7.8+dfsg1/src/start/ustart.c:220:11: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return (access(path, X_OK) == 0); data/racket-7.8+dfsg1/src/start/ustart.c:570:7: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. v = execv(exe_path, new_argv); data/racket-7.8+dfsg1/src/ChezScheme/c/expeditor.c:741:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((s = getenv("LINES")) != NULL) { data/racket-7.8+dfsg1/src/ChezScheme/c/expeditor.c:750:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((s = getenv("COLUMNS")) != NULL) { data/racket-7.8+dfsg1/src/ChezScheme/c/expeditor.c:934:30: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. status = (display_name = getenv("DISPLAY")) data/racket-7.8+dfsg1/src/ChezScheme/c/io.c:69:18: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if ((dir = getenv("HOME")) == NULL) data/racket-7.8+dfsg1/src/ChezScheme/c/main.c:77:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. #define GETENV getenv data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:1413:13: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *s = getenv(name); data/racket-7.8+dfsg1/src/ChezScheme/c/scheme.c:1003:21: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. Sschemeheapdirs = getenv("SCHEMEHEAPDIRS"); data/racket-7.8+dfsg1/src/ChezScheme/c/thread.h:43:36: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. #define s_thread_mutex_init(mutex) InitializeCriticalSection(mutex) data/racket-7.8+dfsg1/src/ChezScheme/c/thread.h:44:37: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. #define s_thread_mutex_lock(mutex) (EnterCriticalSection(mutex), 0) data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:402:11: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. this->setstate(std::ios_base::failbit); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:413:11: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. this->setstate(std::ios_base::failbit); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:423:11: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. this->setstate(std::ios_base::failbit); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:457:11: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. this->setstate(std::ios_base::failbit); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:468:11: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. this->setstate(std::ios_base::failbit); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:478:11: [3] (random) setstate: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. this->setstate(std::ios_base::failbit); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/crypt.h:112:9: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)(time(NULL) ^ ZCR_SEED2)); data/racket-7.8+dfsg1/src/cs/c/main.c:356:30: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *path = copy_string(getenv("PATH")), *p, *m; data/racket-7.8+dfsg1/src/foreign/foreign.c:4479:10: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. hm = LoadLibrary("msvcrt.dll"); data/racket-7.8+dfsg1/src/foreign/libffi/src/closures.c:300:23: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const char *value = getenv (envvar); data/racket-7.8+dfsg1/src/racket/gc/alloc.c:655:6: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("GC_PRINT_ADDRESS_MAP") != 0) { data/racket-7.8+dfsg1/src/racket/gc/dbg_mlc.c:66:21: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. # define RANDOM() random() data/racket-7.8+dfsg1/src/racket/gc/dyn_load.c:1160:22: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. bind_fully_env = getenv("DYLD_BIND_AT_LAUNCH"); data/racket-7.8+dfsg1/src/racket/gc/include/private/gc_locks.h:58:5: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. { EnterCriticalSection(&GC_allocate_ml); \ data/racket-7.8+dfsg1/src/racket/gc/include/private/gc_locks.h:64:29: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. # define UNCOND_LOCK() EnterCriticalSection(&GC_allocate_ml); data/racket-7.8+dfsg1/src/racket/gc/include/private/gc_priv.h:367:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char * tmp = getenv(name); data/racket-7.8+dfsg1/src/racket/gc/include/private/gc_priv.h:374:29: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. # define GETENV(name) getenv(name) data/racket-7.8+dfsg1/src/racket/gc/misc.c:503:6: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection (&GC_allocate_ml); data/racket-7.8+dfsg1/src/racket/gc/misc.c:507:7: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(&GC_write_cs); data/racket-7.8+dfsg1/src/racket/gc/misc.c:849:28: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. if (GC_need_to_lock) EnterCriticalSection(&GC_write_cs); data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:4415:17: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. old_preload = getenv ("LD_PRELOAD"); data/racket-7.8+dfsg1/src/racket/gc/tests/test.c:657:5: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&incr_cs); data/racket-7.8+dfsg1/src/racket/gc/tests/test.c:728:13: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&incr_cs); data/racket-7.8+dfsg1/src/racket/gc/tests/test.c:1520:3: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(&incr_cs); data/racket-7.8+dfsg1/src/racket/gc/win32_threads.c:735:5: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&GC_write_cs); data/racket-7.8+dfsg1/src/racket/gc2/sighand.c:261:10: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. hm = LoadLibrary("kernel32.dll"); data/racket-7.8+dfsg1/src/racket/gc2/sighand.c:296:10: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. hm = LoadLibrary("kernel32.dll"); data/racket-7.8+dfsg1/src/racket/gc2/vm_win.c:44:8: [3] (misc) LoadLibrary: Ensure that the full path to the library is specified, or current directory may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to find library path, if you aren't already. hm = LoadLibrary("kernel32.dll"); data/racket-7.8+dfsg1/src/racket/src/gmp/gmp.h:261:27: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define mpn_random __MPN(random) data/racket-7.8+dfsg1/src/racket/src/jit.h:1176:55: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. # define LOG_IT(args) if (jitter->retain_start) { if (getenv("JITLOG")) { START_XFORM_SKIP; emit_indentation(jitter); printf args; END_XFORM_SKIP; } } data/racket-7.8+dfsg1/src/racket/src/jitprep.c:20:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("PLT_EAGER_JIT")) data/racket-7.8+dfsg1/src/racket/src/mzrt.c:668:3: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(&(*mutex)->critical_section); data/racket-7.8+dfsg1/src/racket/src/mzrt.c:673:3: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. EnterCriticalSection(&mutex->critical_section); data/racket-7.8+dfsg1/src/racket/src/read.c:262:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("PLT_DELAY_FROM_ZO")) data/racket-7.8+dfsg1/src/racket/src/read.c:264:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (getenv("PLT_VALIDATE_LOAD")) data/racket-7.8+dfsg1/src/rktio/rktio_convert.c:397:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. s = getenv("LC_ALL"); data/racket-7.8+dfsg1/src/rktio/rktio_convert.c:399:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. s = getenv("LC_CTYPE"); data/racket-7.8+dfsg1/src/rktio/rktio_convert.c:401:9: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. s = getenv("LANG"); data/racket-7.8+dfsg1/src/rktio/rktio_envvars.c:59:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. s = getenv(name); data/racket-7.8+dfsg1/src/start/ustart.c:379:30: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char *path = copy_string(getenv("PATH")), *p, *m; data/racket-7.8+dfsg1/src/start/ustart.c:488:16: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. dll_path = getenv(LD_LIB_PATH); data/racket-7.8+dfsg1/src/ChezScheme/c/compress-io.c:65:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char in_buffer[LZ4_OUTPUT_PORT_IN_BUFFER_SIZE]; data/racket-7.8+dfsg1/src/ChezScheme/c/compress-io.c:76:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char in_buffer[LZ4_INPUT_PORT_IN_BUFFER_SIZE]; data/racket-7.8+dfsg1/src/ChezScheme/c/compress-io.c:77:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out_buffer[LZ4_INPUT_PORT_OUT_BUFFER_SIZE]; data/racket-7.8+dfsg1/src/ChezScheme/c/compress-io.c:82:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[0]; data/racket-7.8+dfsg1/src/ChezScheme/c/compress-io.c:252:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[4]; data/racket-7.8+dfsg1/src/ChezScheme/c/compress-io.c:290:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = WIN32_IZE(open)(path, O_RDONLY | GLZ_O_BINARY); data/racket-7.8+dfsg1/src/ChezScheme/c/compress-io.c:445:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, lz4->out_buffer + lz4->out_pos, amt); data/racket-7.8+dfsg1/src/ChezScheme/c/compress-io.c:515:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lz4->in_buffer + lz4->in_pos, buffer, amt); data/racket-7.8+dfsg1/src/ChezScheme/c/compress-io.c:564:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[1024]; data/racket-7.8+dfsg1/src/ChezScheme/c/compress-io.c:597:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[1]; data/racket-7.8+dfsg1/src/ChezScheme/c/expeditor.c:80:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[10]; data/racket-7.8+dfsg1/src/ChezScheme/c/expeditor.c:658:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ptr msg; int fd = STDIN_FD; int n; char buf[1]; wchar_t wch; size_t sz; data/racket-7.8+dfsg1/src/ChezScheme/c/expeditor.c:1016:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PBPASTEBUFSIZE]; data/racket-7.8+dfsg1/src/ChezScheme/c/expeditor.c:1041:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. locale_t old; char buf[MB_LEN_MAX]; size_t n; data/racket-7.8+dfsg1/src/ChezScheme/c/fasl.c:433:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[20]; INT len; data/racket-7.8+dfsg1/src/ChezScheme/c/fasl.c:569:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, f->next, avail); data/racket-7.8+dfsg1/src/ChezScheme/c/fasl.c:578:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, f->next, n); data/racket-7.8+dfsg1/src/ChezScheme/c/foreign.c:82:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&BVIT(x, 0), s, n); data/racket-7.8+dfsg1/src/ChezScheme/c/gc.c:1446:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_sweep_stack, sweep_stack_start, sz); data/racket-7.8+dfsg1/src/ChezScheme/c/gc.c:2228:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_measure_stack, measure_stack_start, sz); data/racket-7.8+dfsg1/src/ChezScheme/c/gcwrapper.c:500:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *spacename[max_space+1] = { alloc_space_names }; data/racket-7.8+dfsg1/src/ChezScheme/c/io.c:58:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outpath, home, n1); data/racket-7.8+dfsg1/src/ChezScheme/c/io.c:59:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outpath + n1, ip, n2); data/racket-7.8+dfsg1/src/ChezScheme/c/io.c:76:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(userbuf, user_start, ip - user_start); data/racket-7.8+dfsg1/src/ChezScheme/c/io.c:85:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outpath, dir, n1); data/racket-7.8+dfsg1/src/ChezScheme/c/io.c:86:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outpath + n1, ip, n2); data/racket-7.8+dfsg1/src/ChezScheme/c/io.c:96:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outpath, inpath, n); data/racket-7.8+dfsg1/src/ChezScheme/c/io.c:226:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&BVIT(bv,0), s, n); data/racket-7.8+dfsg1/src/ChezScheme/c/io.c:256:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&BVIT(bv,0), s, n); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:282:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmtbuf[FMTBUFSIZE]; data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:340:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmtbuf[FMTBUFSIZE]; data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:386:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmtbuf[FMTBUFSIZE]; data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:387:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *spacename[space_total+1] = { alloc_space_names, "bogus", "total" }; data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:388:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char spacechar[space_total+1] = { alloc_space_chars, '?', 't' }; data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:402:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(outfn, "w"); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:527:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char spaceline[100], genline[100]; data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:1841:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstaddr, srcaddr, cnt); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:1851:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstaddr, srcaddr, cnt); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:2026:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t dllw[PATH_MAX]; data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:2164:19: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). if ((outwords = MultiByteToWideChar(cp, 0, &BVIT(inbv,0), (int)inbytes, NULL, 0)) == 0) data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:2169:7: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). if (MultiByteToWideChar(cp, 0, &BVIT(inbv,0), (int)inbytes, (wchar_t *)&BVIT(outbv, 0), outwords) == 0) data/racket-7.8+dfsg1/src/ChezScheme/c/print.c:254:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256], *s; data/racket-7.8+dfsg1/src/ChezScheme/c/scheme.c:447:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t buf[PATH_MAX]; data/racket-7.8+dfsg1/src/ChezScheme/c/scheme.c:491:15: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t exepath[PATH_MAX]; DWORD n; data/racket-7.8+dfsg1/src/ChezScheme/c/scheme.c:564:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/racket-7.8+dfsg1/src/ChezScheme/c/scheme.c:578:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathbuf[PATH_MAX], buf[PATH_MAX]; data/racket-7.8+dfsg1/src/ChezScheme/c/scheme.c:776:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *sep; char *wastebuf[8]; data/racket-7.8+dfsg1/src/ChezScheme/c/scheme.c:1096:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[PATH_MAX]; data/racket-7.8+dfsg1/src/ChezScheme/c/stats.c:96:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bin[16]; data/racket-7.8+dfsg1/src/ChezScheme/c/stats.c:377:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[26]; data/racket-7.8+dfsg1/src/ChezScheme/c/thread.c:68:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)tc, (void *)p_tc, size_tc); data/racket-7.8+dfsg1/src/ChezScheme/c/version.h:432:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). # define OPEN open data/racket-7.8+dfsg1/src/ChezScheme/c/vfasl.c:228:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&header, &BVIT(bv, offset), sizeof(vfasl_header)); data/racket-7.8+dfsg1/src/ChezScheme/c/vfasl.c:247:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, base_addr, header.data_size); data/racket-7.8+dfsg1/src/ChezScheme/c/vfasl.c:751:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&BVIT(bv, 0), &header, sizeof(vfasl_header)); data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:57:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char s[80]; data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:254:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexerrbuf[HEXERRBUFSIZ]; data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:340:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wpathname[PATH_MAX]; data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:341:7: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). if (MultiByteToWideChar(CP_UTF8,0,pathname,-1,wpathname,PATH_MAX) == 0) data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:348:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wpathname[PATH_MAX]; data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:349:7: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). if (MultiByteToWideChar(CP_UTF8,0,pathname,-1,wpathname,PATH_MAX) == 0) data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:356:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wpathname[PATH_MAX]; data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:357:7: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). if (MultiByteToWideChar(CP_UTF8,0,pathname,-1,wpathname,PATH_MAX) == 0) data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:364:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wpathname[PATH_MAX]; data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:365:7: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). if (MultiByteToWideChar(CP_UTF8,0,pathname,-1,wpathname,PATH_MAX) == 0) data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:372:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t woldpathname[PATH_MAX], wnewpathname[PATH_MAX]; data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:373:7: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). if (MultiByteToWideChar(CP_UTF8,0,oldpathname,-1,woldpathname,PATH_MAX) == 0 || data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:374:9: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_UTF8,0,newpathname,-1,wnewpathname,PATH_MAX) == 0) data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:381:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wpathname[PATH_MAX]; data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:382:7: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). if (MultiByteToWideChar(CP_UTF8,0,pathname,-1,wpathname,PATH_MAX) == 0) data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:399:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wpathname[PATH_MAX]; data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:400:7: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). if (MultiByteToWideChar(CP_UTF8,0,pathname,-1,wpathname,PATH_MAX) == 0) data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:407:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wcommand[PATH_MAX]; data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:408:7: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). if (MultiByteToWideChar(CP_UTF8,0,command,-1,wcommand,PATH_MAX) == 0) data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:415:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wpathname[PATH_MAX]; data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:416:7: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). if (MultiByteToWideChar(CP_UTF8,0,pathname,-1,wpathname,PATH_MAX) == 0) data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:433:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wbuffer[PATH_MAX]; data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:461:13: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). int len = MultiByteToWideChar(CP_UTF8, 0, arg, -1, NULL, 0); data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:464:12: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). if (0 == MultiByteToWideChar(CP_UTF8, 0, arg, -1, argw, len)) { data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:474:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t buffer[256]; data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:257:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(memPtr, &value, sizeof(value)); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:262:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(memPtr, &value, sizeof(value)); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:297:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. do { memcpy(d,s,8); d+=8; s+=8; } while (d<e); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:313:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstPtr+4, srcPtr, 4); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:317:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstPtr, srcPtr, 8); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:333:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. do { memcpy(d,s,16); memcpy(d+16,s+16,16); d+=32; s+=32; } while (d<e); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:333:26: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. do { memcpy(d,s,16); memcpy(d+16,s+16,16); d+=32; s+=32; } while (d<e); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:343:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v, srcPtr, 2); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:344:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v[2], srcPtr, 2); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:345:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v[4], &v[0], 4); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:348:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v, srcPtr, 4); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:349:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v[4], srcPtr, 4); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:362:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstPtr, v, 8); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:365:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstPtr, v, 8); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:1093:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, anchor, lastRun); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:1432:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(streamPtr, streamPtr->dictCtx, sizeof(LZ4_stream_t)); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:1631:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, ip, 16); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:1662:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, match, 8); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:1663:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op+8, match+8, 8); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:1664:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op+16, match+16, 2); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:1686:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, dictEnd - copySize, copySize); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:1693:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, lowPrefix, restSize); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:1735:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, ip, endOnInput ? 16 : 8); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:1750:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op + 0, match + 0, 8); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:1751:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op + 8, match + 8, 8); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:1752:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op +16, match +16, 2); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:1788:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, ip, length); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:1842:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, dictEnd - copySize, copySize); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:1849:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, lowPrefix, restSize); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:1867:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, match, mlen); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:1880:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op+4, match, 4); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:1883:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, match, 8); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4.c:1898:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, match, 8); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:494:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cdict->dictContent, dictStart, dictSize); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:735:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cSizePtr+4, src, srcSize); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:831:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cctxPtr->tmpIn + cctxPtr->tmpInSize, srcBuffer, srcSize); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:838:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cctxPtr->tmpIn + cctxPtr->tmpInSize, srcBuffer, sizeToCopy); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:891:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cctxPtr->tmpIn, srcPtr, sizeToCopy); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:1146:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->header, srcPtr, srcSize); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:1275:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpOutBuffer + preserveSize - copySize, oldDictEnd - copySize, copySize); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:1285:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpOutBuffer, dctx->dict + dctx->dictSize - preserveSize, preserveSize); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:1288:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpOutBuffer + dctx->dictSize, dstPtr, dstSize); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:1296:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpOutBuffer, dctx->dict + dctx->dictSize - preserveSize, preserveSize); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:1297:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpOutBuffer + preserveSize, dstPtr, dstSize); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:1367:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->header + dctx->tmpInSize, srcPtr, sizeToCopy); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:1422:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpIn + dctx->tmpInSize, srcPtr, sizeToCopy); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:1465:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstPtr, srcPtr, sizeToCopy); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:1505:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->header + dctx->tmpInSize, srcPtr, sizeToCopy); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:1537:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpIn + dctx->tmpInSize, srcPtr, sizeToCopy); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:1594:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpOutBuffer, dctx->dict + dctx->dictSize - 64 KB, 64 KB); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:1630:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstPtr, dctx->tmpOut + dctx->tmpOutStart, sizeToCopy); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:1671:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpIn + dctx->tmpInSize, srcPtr, sizeToCopy); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:1708:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->header + dctx->tmpInSize, srcPtr, sizeToCopy); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:1757:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpOutBuffer + preserveSize - copySize, oldDictEnd - copySize, copySize); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4frame.c:1766:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dctx->tmpOutBuffer, oldDictEnd - newDictSize, newDictSize); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4hc.c:681:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, anchor, lastRunSize); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4hc.c:801:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx, ctx->dictCtx, sizeof(LZ4HC_CCtx_internal)); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/lz4hc.c:1411:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op, anchor, lastRunSize); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/xxhash.c:112:76: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. static void* XXH_memcpy(void* dest, const void* src, size_t size) { return memcpy(dest,src,size); } data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/xxhash.c:434:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstState, srcState, sizeof(*dstState)); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/xxhash.c:446:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(statePtr, &state, sizeof(state) - sizeof(state.reserved)); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/xxhash.c:569:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &hash, sizeof(*dst)); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/xxhash.c:895:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstState, srcState, sizeof(*dstState)); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/xxhash.c:907:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(statePtr, &state, sizeof(state) - sizeof(state.reserved)); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/xxhash.c:1022:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, &hash, sizeof(*dst)); data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/xxhash.h:204:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef struct { unsigned char digest[4]; } XXH32_canonical_t; data/racket-7.8+dfsg1/src/ChezScheme/lz4/lib/xxhash.h:239:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef struct { unsigned char digest[8]; } XXH64_canonical_t; data/racket-7.8+dfsg1/src/ChezScheme/mats/foreign2.c:461:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8] = { 1, 2, 3, 4, 0, 0, 0, 0 }; data/racket-7.8+dfsg1/src/ChezScheme/mats/foreign3.c:34:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char c[10]="ABCDEFGH"; data/racket-7.8+dfsg1/src/ChezScheme/mats/foreign3.c:229:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/blast/blast.c:58:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[MAXWIN]; /* output buffer and sliding window */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/blast/blast.c:312:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char extra[16] = { /* extra bits for length codes */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/blast/blast.c:434:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char hold[CHUNK]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream/zfstream.cpp:18:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gzfilebuf *gzfilebuf::open( const char *name, data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream/zfstream.cpp:24:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char char_mode[10]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream/zfstream.cpp:66:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char char_mode[10]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream/zfstream.cpp:270:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void gzfilestream_common::open( const char *name, int io_mode ) { data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream/zfstream.cpp:272:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( !buffer.open( name, io_mode ) ) data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream/zfstream.cpp:300:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gzfilestream_common::open( name, io_mode ); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream/zfstream.cpp:320:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gzfilestream_common::open( name, io_mode ); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream/zfstream.h:15:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gzfilebuf *open( const char *name, int io_mode ); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream/zfstream.h:55:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open( const char *name, int io_mode ); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream2/zstream.h:55:40: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). izstream(FILE* fp) : m_fp(0) { open(fp); } data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream2/zstream.h:56:48: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). izstream(const char* name) : m_fp(0) { open(name); } data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream2/zstream.h:65:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(const char* name) { data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream2/zstream.h:70:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(FILE* fp) { data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream2/zstream.h:162:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(fp, level); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream2/zstream.h:166:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(name, level); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream2/zstream.h:177:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(const char* name, int level = Z_DEFAULT_COMPRESSION) { data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream2/zstream.h:178:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mode[4] = "wb\0"; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream2/zstream.h:186:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(FILE* fp, int level = Z_DEFAULT_COMPRESSION) { data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream2/zstream.h:188:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mode[4] = "wb\0"; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream2/zstream_test.cpp:7:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char h[256] = "Hello"; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream2/zstream_test.cpp:19:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out.open("temp.gz"); // try ascii output; zcat temp.gz to see the results data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/test.cc:15:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/test.cc:17:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf.open("test1.txt.gz"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/test.cc:26:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf.open("test1.txt.gz"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/test.cc:33:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf.open("test2.txt.gz"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/test.cc:42:7: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf.open("test2.txt.gz"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:51:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gzfilebuf::open(const char *name, data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:62:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char char_mode[6] = "\0\0\0\0\0"; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:90:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char char_mode[6] = "\0\0\0\0\0"; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:384:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). this->open(name, mode); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:398:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gzifstream::open(const char* name, data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:401:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!sb.open(name, mode | std::ios_base::in)) data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:439:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). this->open(name, mode); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:453:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gzofstream::open(const char* name, data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:456:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!sb.open(name, mode | std::ios_base::out)) data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.h:66:3: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(const char* name, data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.h:285:3: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(const char* name, data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.h:374:3: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open(const char* name, data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/crypt.h:100:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char header[RAND_HEAD_LEN-2]; /* random header */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/ioapi.c:19:36: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define FOPEN_FUNC(filename, mode) fopen(filename, mode) data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/ioapi.c:109:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen(filename, mode_fopen); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/ioapi.h:49:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define fopen64 fopen data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/ioapi.h:54:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define fopen64 fopen data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/ioapi.h:59:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define fopen64 fopen data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/iowin32.c:112:9: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_ACP,0,(const char*)filename,-1,filenameW,FILENAME_MAX + 0x200); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/iowin32.c:137:9: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_ACP,0,(const char*)filename,-1,filenameW,FILENAME_MAX + 0x200); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/iowin32.c:185:9: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_ACP,0,(const char*)filename,-1,filenameW,FILENAME_MAX + 0x200); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/miniunz.c:32:36: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define FOPEN_FUNC(filename, mode) fopen(filename, mode) data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/miniunz.c:209:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char number[21]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/miniunz.c:248:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename_inzip[256]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/miniunz.c:318:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename_inzip[256]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/miniunz.c:386:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char answer[128]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/miniunz.c:541:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename_try[MAXFILENAME+16] = ""; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/miniunz.c:621:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(filename_try,".zip"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/minizip.c:33:36: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define FOPEN_FUNC(filename, mode) fopen(filename, mode) data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/minizip.c:110:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAXFILENAME+1]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/minizip.c:255:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename_try[MAXFILENAME+16]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/minizip.c:334:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(filename_try,".zip"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/minizip.c:349:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char answer[128]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/mztools.c:38:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fpZip = fopen(file, "rb"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/mztools.c:39:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fpOut = fopen(fileOut, "wb"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/mztools.c:40:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fpOutCD = fopen(fileOutTmp, "wb"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/mztools.c:44:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[30]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/mztools.c:45:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/mztools.c:46:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char extra[1024]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/mztools.c:149:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[46]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/mztools.c:224:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[22]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/mztools.c:257:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fpOutCD = fopen(fileOutTmp, "rb"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/mztools.c:260:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[8192]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/unzip.c:1266:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szCurrentFileName[UNZ_MAXFILENAMEINZIP+1]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/unzip.c:1482:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source[12]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/zip.c:120:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[SIZEDATA_INDATABLOCK]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/zip.c:289:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[8]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/zip.c:1246:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bufHead[RAND_HEAD_LEN]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/zip.c:1980:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pTmp, p, dataSize + 4); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/zip.c:1994:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pData, pNewHeader, size); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/puff/pufftest.c:70:33: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = name == NULL ? stdin : fopen(name, "rb"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/puff/pufftest.c:105:34: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). skip = (unsigned)atoi(arg + 1); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/testzlib/testzlib.c:124:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stream=fopen(filename, "rb"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/testzlib/testzlib.c:175:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). BlockSizeCompress=atol(argv[2]); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/testzlib/testzlib.c:178:29: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). BlockSizeUncompress=atol(argv[3]); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/testzlib/testzlib.c:181:23: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). cprLevel=(int)atol(argv[4]); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:70:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; /* 0 */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:71:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mode[8]; /* 100 */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uid[8]; /* 108 */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:73:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gid[8]; /* 116 */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:74:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char size[12]; /* 124 */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:75:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mtime[12]; /* 136 */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:76:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chksum[8]; /* 148 */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:78:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char linkname[100]; /* 157 */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:79:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char magic[6]; /* 257 */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:80:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char version[2]; /* 263 */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:81:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char uname[32]; /* 265 */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:82:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gname[32]; /* 297 */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:83:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devmajor[8]; /* 329 */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:84:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char devminor[8]; /* 337 */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:85:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[155]; /* 345 */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:91:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[BLOCKSIZE]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:134:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[1024]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:194:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char result[32]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:197:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(result,"%4d/%02d/%02d %02d:%02d:%02d", data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:394:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[BLOCKSIZE]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:482:33: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outfile = fopen(fname,"wb"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:490:37: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outfile = fopen(fname,"wb"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/crc32.c:143:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen("crc32.h", "w"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/enough.c:476:16: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). syms = atoi(argv[1]); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/enough.c:478:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). root = atoi(argv[2]); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/enough.c:480:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). max = atoi(argv[3]); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/fitblk.c:76:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char raw[RAWLEN]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/fitblk.c:99:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char raw[RAWLEN]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gun.c:161:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char inbuf[SIZE]; /* input buffer */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gun.c:162:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char outbuf[SIZE]; /* output buffer */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gun.c:164:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char suffix[65536]; /* one-character LZW suffix */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gun.c:165:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char match[65280 + 2]; /* buffer for reversed match or gzip data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gun.c:559:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). infile = open(inname, O_RDONLY, 0); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gun.c:572:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outfile = open(outname, O_CREAT | O_TRUNC | O_WRONLY, 0666); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gun.c:689:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(outname, *argv, len); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzappend.c:140:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(list, list + 1, len - 1); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzappend.c:270:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gz.fd = open(name, O_RDWR, 0); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzappend.c:397:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(name, O_RDONLY, 0); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzjoin.c:108:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in->fd = open(name, O_RDONLY, 0); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:290:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char id[4]; /* contains LOGID to detect inadvertent overwrites */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:353:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(log->end, ".lock"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:354:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). while ((fd = open(log->path, O_CREAT | O_EXCL, 0644)) < 0) { data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:376:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(log->end, ".lock"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:388:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(log->end, ".lock"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:400:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(log->end, ".lock"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:413:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[HEAD + EXTRA]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:440:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ext[EXTRA]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:465:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[6]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:505:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[8]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:559:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(log->end, ".add"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:577:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(log->end, ".add"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:582:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(log->end, ".dict"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:587:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(log->end, ".temp"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:615:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[DICT]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:628:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(log->end, ".dict"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:629:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(log->path, O_RDONLY, 0); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:724:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(log->end, ".repairs"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:725:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). rec = fopen(log->path, "a"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:750:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(log->end, ".add"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:758:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open(log->path, O_RDONLY, 0)) < 0) { data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:828:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(log->end, ".gz"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:829:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). log->fd = open(log->path, O_RDWR | O_CREAT, 0644); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:843:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(log->end, ".dict"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:913:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char *data, buf[5]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:952:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(log->end, ".add"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:953:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(log->path, O_WRONLY | O_CREAT | O_TRUNC, 0644); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:962:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(log->end, ".temp"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:963:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(log->path, O_WRONLY | O_CREAT | O_TRUNC, 0644); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:1013:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(log->end, ".add"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:1014:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(log->path, O_WRONLY | O_CREAT | O_TRUNC, 0644); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:1056:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(log->id, "bad"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zpipe.c:41:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in[CHUNK]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zpipe.c:42:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[CHUNK]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zpipe.c:97:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in[CHUNK]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zpipe.c:98:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[CHUNK]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zran.c:71:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char window[WINSIZE]; /* preceding 32K of uncompressed data */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zran.c:127:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(next->window, window + WINSIZE - left, left); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zran.c:129:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(next->window + left, window, WINSIZE - left); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zran.c:151:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char input[CHUNK]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zran.c:152:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char window[WINSIZE]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zran.c:255:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char input[CHUNK]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zran.c:256:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char discard[WINSIZE]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zran.c:360:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[CHUNK]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zran.c:367:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(argv[1], "rb"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzguts.h:47:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). # define open _open data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzlib.c:36:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzlib.c:65:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "unknown win32 error (%ld)", error); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzlib.c:245:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). open((const char *)path, oflag, 0666)); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzlib.c:298:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(path, "<fd:%d>", fd); /* for debugging */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzlib.c:615:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(state->msg, ": "); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzread.c:161:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->x.next, strm->next_in, strm->avail_in); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzread.c:325:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, state->x.next, n); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzread.c:451:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[1]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzread.c:591:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, state->x.next, n); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzwrite.c:213:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->in + have, buf, copy); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzwrite.c:309:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[1]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzwrite.c:444:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->in, state->in + state->size, left); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzwrite.c:543:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(state->in, state->in + state->size, left); data/racket-7.8+dfsg1/src/ChezScheme/zlib/inflate.c:640:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hbuf[4]; /* buffer for gzip header crc calculation */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/inflate.c:1405:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; /* to restore bit buffer to byte string */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/example.c:98:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)uncompr, "garbage"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/example.c:149:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)uncompr, "garbage"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/example.c:245:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)uncompr, "garbage"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/example.c:341:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)uncompr, "garbage"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/example.c:420:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)uncompr, "garbage"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/example.c:501:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char*)uncompr, "garbage"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/infcover.c:392:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dict[257]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/infcover.c:474:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char win[32768]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/infcover.c:530:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(prefix, "-late"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/infcover.c:556:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(prefix, "-back"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:83:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[1024]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:112:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "unknown win32 error (%ld)", error); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:223:31: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fopen(path, gz->write ? "wb" : "rb"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:242:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[BUFLEN]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:267:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in[1]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:301:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out[BUFLEN]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:366:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. local char buf[BUFLEN]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:434:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. local char buf[BUFLEN]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:461:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. local char outfile[MAX_NAME_LEN]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:477:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(file, "rb"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:499:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. local char buf[MAX_NAME_LEN]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:534:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(outfile, "wb"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:563:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *bname, outmode[20]; data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:568:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(outmode, "wb6 "); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:633:33: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * in = fopen(*argv, "rb"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/trees.c:328:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *header = fopen("trees.h", "w"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/zutil.c:13:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. z_const char * const z_errmsg[10] = { data/racket-7.8+dfsg1/src/ChezScheme/zlib/zutil.h:49:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern z_const char * const z_errmsg[10]; /* indexed by 2-zlib_error */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/zutil.h:109:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512") data/racket-7.8+dfsg1/src/ChezScheme/zlib/zutil.h:202:30: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). # define F_OPEN(name, mode) fopen((name), (mode)) data/racket-7.8+dfsg1/src/ChezScheme/zlib/zutil.h:226:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define zmemcpy memcpy data/racket-7.8+dfsg1/src/cs/c/boot.c:36:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Sbytevector_data(bv), s, len); data/racket-7.8+dfsg1/src/cs/c/boot.c:120:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd1 = open(ba->boot1_path, O_RDONLY | BOOT_O_BINARY); data/racket-7.8+dfsg1/src/cs/c/boot.c:124:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd2 = open(ba->boot2_path, O_RDONLY | BOOT_O_BINARY); data/racket-7.8+dfsg1/src/cs/c/boot.c:132:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd3 = open(ba->boot3_path, O_RDONLY | BOOT_O_BINARY); data/racket-7.8+dfsg1/src/cs/c/boot.c:151:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char segment_offset_s[32], wm_is_gracket_s[32]; data/racket-7.8+dfsg1/src/cs/c/boot.c:161:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(wm_is_gracket_s, "%d", ba->wm_is_gracket_or_x11_arg_count); data/racket-7.8+dfsg1/src/cs/c/boot.c:165:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(segment_offset_s, "%ld", ba->segment_offset); data/racket-7.8+dfsg1/src/cs/c/boot.c:191:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd3 = open(ba->boot3_path, O_RDONLY | BOOT_O_BINARY); data/racket-7.8+dfsg1/src/cs/c/boot.c:270:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(Sbytevector_data(bstr), code, len); data/racket-7.8+dfsg1/src/cs/c/grmain.c:45:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(x11_args, "%p", v); data/racket-7.8+dfsg1/src/cs/c/main.c:41:55: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). static void scheme_set_dll_procs(scheme_dll_open_proc open, data/racket-7.8+dfsg1/src/cs/c/main.c:45:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). embedded_dll_open = open; data/racket-7.8+dfsg1/src/cs/c/main.c:65:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024], *s; data/racket-7.8+dfsg1/src/cs/c/main.c:126:7: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s2 + len - 6, "boot"); data/racket-7.8+dfsg1/src/cs/c/main.c:140:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, p1, l1); data/racket-7.8+dfsg1/src/cs/c/main.c:142:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + l1 + 1, p2, l2); data/racket-7.8+dfsg1/src/cs/c/main.c:153:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256], *s = buf; data/racket-7.8+dfsg1/src/cs/c/main.c:221:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(me, O_RDONLY, 0); data/racket-7.8+dfsg1/src/cs/c/main.c:306:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, s1, l1); data/racket-7.8+dfsg1/src/cs/c/main.c:311:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + l1, s2, l2); data/racket-7.8+dfsg1/src/cs/c/main.c:333:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, s1, l1 + 1); data/racket-7.8+dfsg1/src/foreign/foreign.c:1297:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(libffi_type, elements[i], sizeof(ffi_type)); data/racket-7.8+dfsg1/src/foreign/foreign.c:2512:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(W_OFFSET(dst, delta), W_OFFSET(p, poff), data/racket-7.8+dfsg1/src/foreign/foreign.c:2787:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(res, src, size); data/racket-7.8+dfsg1/src/foreign/foreign.c:3073:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. case 2: memcpy (W_OFFSET(dest, doff), W_OFFSET(src, soff), count); break; data/racket-7.8+dfsg1/src/foreign/foreign.c:3590:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. avalues[i] = (char *)avalues[i] + offsets[i]; data/racket-7.8+dfsg1/src/foreign/foreign.c:3595:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ivals[i].x_pointer = (char *)ivals[i].x_pointer + offsets[i]; data/racket-7.8+dfsg1/src/foreign/foreign.c:3727:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newp, p, CTYPE_PRIMTYPE(base)->size); data/racket-7.8+dfsg1/src/foreign/foreign.c:4142:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(resultp, data[2], (intptr_t)data[3]); data/racket-7.8+dfsg1/src/foreign/foreign.c:4373:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cr, constant_reply, constant_reply_size); data/racket-7.8+dfsg1/src/foreign/foreign.c:4997:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ffi_type_gcpointer, &ffi_type_pointer, sizeof(ffi_type_pointer)); data/racket-7.8+dfsg1/src/foreign/libffi/include/ffi_common.h:55:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/racket-7.8+dfsg1/src/foreign/libffi/include/ffi_common.h:55:27: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define memcpy(d, s, n) bcopy ((s), (d), (n)) data/racket-7.8+dfsg1/src/foreign/libffi/src/aarch64/ffi.c:566:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (allocate_to_stack (state, stack, ty->alignment, ty->size), data/racket-7.8+dfsg1/src/foreign/libffi/src/aarch64/ffi.c:717:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (allocate_to_x (context, &state), data/racket-7.8+dfsg1/src/foreign/libffi/src/aarch64/ffi.c:730:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (allocate_to_stack (&state, stack, ty->alignment, data/racket-7.8+dfsg1/src/foreign/libffi/src/aarch64/ffi.c:868:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (rvalue, get_x_addr (&context, 0), size); data/racket-7.8+dfsg1/src/foreign/libffi/src/aarch64/ffi.c:883:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (get_x_addr (&context, 8), &rvalue, sizeof (UINT64)); data/racket-7.8+dfsg1/src/foreign/libffi/src/aarch64/ffi.c:909:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (__tramp, trampoline, sizeof (trampoline)); \ data/racket-7.8+dfsg1/src/foreign/libffi/src/aarch64/ffi.c:910:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (__tramp + 12, &__fun, sizeof (__fun)); \ data/racket-7.8+dfsg1/src/foreign/libffi/src/aarch64/ffi.c:911:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (__tramp + 20, &__ctx, sizeof (__ctx)); \ data/racket-7.8+dfsg1/src/foreign/libffi/src/aarch64/ffi.c:912:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (__tramp + 28, &__flags, sizeof (__flags)); \ data/racket-7.8+dfsg1/src/foreign/libffi/src/aarch64/ffi.c:1022:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&p[j], data/racket-7.8+dfsg1/src/foreign/libffi/src/aarch64/ffi.c:1043:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&p[j], data/racket-7.8+dfsg1/src/foreign/libffi/src/aarch64/ffi.c:1051:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&avalue[i], data/racket-7.8+dfsg1/src/foreign/libffi/src/aarch64/ffi.c:1150:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (get_x_addr (context, 0), rvalue, size); data/racket-7.8+dfsg1/src/foreign/libffi/src/aarch64/ffi.c:1164:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&rvalue, get_x_addr (context, 8), sizeof (UINT64)); data/racket-7.8+dfsg1/src/foreign/libffi/src/alpha/ffi.c:158:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, *avalue, (*arg_types)->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/arc/ffi.c:102:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, *p_argv, (*p_arg)->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/arc/ffi.c:117:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/arc/ffi.c:122:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/arm/ffi.c:97:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, *p_argv, (*p_arg)->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/arm/ffi.c:117:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/arm/ffi.c:355:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (rvalue, &temp, cif->rtype->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/arm/ffi.c:361:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (rvalue, ecif.rvalue, cif->rtype->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/arm/ffi.c:759:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (__tramp, ffi_arm_trampoline, sizeof ffi_arm_trampoline); \ data/racket-7.8+dfsg1/src/foreign/libffi/src/arm/ffitarget.h:57:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char vfp_args[16] \ data/racket-7.8+dfsg1/src/foreign/libffi/src/avr32/ffi.c:153:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/bfin/ffi.c:179:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, *p_argv, (*p_arg)->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/bfin/ffi.c:188:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/closures.c:143:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen ("/proc/mounts", "r"); data/racket-7.8+dfsg1/src/foreign/libffi/src/closures.c:188:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen ("/proc/self/status", "r"); data/racket-7.8+dfsg1/src/foreign/libffi/src/closures.c:270:12: [2] (tmpfile) mkstemp: Potential for temporary file vulnerability in some circumstances. Some older Unix-like systems create temp files with permission to write by all by default, so be sure to set the umask to override this. Also, some older Unix systems might fail to use O_EXCL when opening the file, so make sure that O_EXCL is used by the library (CWE-377). int fd = mkstemp (name); data/racket-7.8+dfsg1/src/foreign/libffi/src/closures.c:289:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (tempname, dir, lendir); data/racket-7.8+dfsg1/src/foreign/libffi/src/closures.c:290:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (tempname + lendir, suffix, sizeof (suffix)); data/racket-7.8+dfsg1/src/foreign/libffi/src/closures.c:339:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAXPATHLEN * 3]; data/racket-7.8+dfsg1/src/foreign/libffi/src/cris/ffi.c:94:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/cris/ffi.c:99:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/cris/ffi.c:110:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((stack + uiLocOnStack), *p_argv, (*p_arg)->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/cris/ffi.c:146:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/cris/ffi.c:378:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (closure->tramp, ffi_cris_trampoline_template, data/racket-7.8+dfsg1/src/foreign/libffi/src/cris/ffi.c:380:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (closure->tramp + ffi_cris_trampoline_fn_offset, data/racket-7.8+dfsg1/src/foreign/libffi/src/cris/ffi.c:382:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (closure->tramp + ffi_cris_trampoline_closure_offset, data/racket-7.8+dfsg1/src/foreign/libffi/src/dlmalloc.c:1319:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (dev_zero_fd = open("/dev/zero", O_RDWR), \ data/racket-7.8+dfsg1/src/foreign/libffi/src/dlmalloc.c:2525:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[sizeof(size_t)]; data/racket-7.8+dfsg1/src/foreign/libffi/src/dlmalloc.c:2527:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open("/dev/urandom", O_RDONLY)) >= 0 && data/racket-7.8+dfsg1/src/foreign/libffi/src/dlmalloc.c:3894:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newmem, oldmem, (oc < bytes)? oc : bytes); data/racket-7.8+dfsg1/src/foreign/libffi/src/frv/ffi.c:103:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/ia64/ffi.c:330:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&tmp, avalue[i], sizeof (UINT32)); data/racket-7.8+dfsg1/src/foreign/libffi/src/ia64/ffi.c:338:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&stack->gp_regs[gpcount++], avalue[i], sizeof (UINT64)); data/racket-7.8+dfsg1/src/foreign/libffi/src/ia64/ffi.c:346:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&stack->gp_regs[gpcount], avalue[i], 16); data/racket-7.8+dfsg1/src/foreign/libffi/src/ia64/ffi.c:378:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&stack->gp_regs[gpcount], avalue[i], size); data/racket-7.8+dfsg1/src/foreign/libffi/src/ia64/ffi.c:568:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (addr + offset, (char *)stack->gp_regs + gp_offset, data/racket-7.8+dfsg1/src/foreign/libffi/src/java_raw_api.c:225:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((void*) raw->data, (void*)*args, (*tp)->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/m32r/ffi.c:95:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/m32r/ffi.c:97:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp + 4 - z, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/m32r/ffi.c:120:16: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/m32r/ffi.c:127:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/m32r/ffi.c:214:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ecif.rvalue, ecif.rvalue + 8-size, size); data/racket-7.8+dfsg1/src/foreign/libffi/src/m32r/ffi.c:222:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ecif.rvalue, ecif.rvalue + 8-size, size); data/racket-7.8+dfsg1/src/foreign/libffi/src/m68k/ffi.c:89:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp + 2, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/m68k/ffi.c:91:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/m68k/ffi.c:93:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp + sizeof (int) - z, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/m68k/ffi.c:104:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/m88k/ffi.c:171:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/metag/ffi.c:82:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, *p_argv, (*p_arg)->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/metag/ffi.c:90:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/metag/ffi.c:205:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (rvalue, &temp, cif->rtype->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/metag/ffi.c:228:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (__tramp, ffi_metag_trampoline, sizeof(ffi_metag_trampoline)); data/racket-7.8+dfsg1/src/foreign/libffi/src/microblaze/ffi.c:62:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr, &(ecif->rvalue), WORD_SIZE); data/racket-7.8+dfsg1/src/foreign/libffi/src/microblaze/ffi.c:122:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (addr + (WORD_SIZE - size), value, size); data/racket-7.8+dfsg1/src/foreign/libffi/src/microblaze/ffi.c:133:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addr, value, aligned_size); data/racket-7.8+dfsg1/src/foreign/libffi/src/microblaze/ffi.c:201:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stackclone, register_args, registers_used); data/racket-7.8+dfsg1/src/foreign/libffi/src/microblaze/ffi.c:206:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(stackclone + ARGS_REGISTER_SIZE, stack_args, stack_used); data/racket-7.8+dfsg1/src/foreign/libffi/src/microblaze/ffi.c:244:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ptr, ptr + (WORD_SIZE - arg_types[i]->size), arg_types[i]->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/mips/ffi.c:190:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, *p_argv, (*p_arg)->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/mips/ffi.c:197:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/mips/ffi.c:207:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/mips/ffi.c:212:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, *p_argv, portion); data/racket-7.8+dfsg1/src/foreign/libffi/src/mips/ffi.c:215:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, (void*)((unsigned long)(*p_argv) + portion), data/racket-7.8+dfsg1/src/foreign/libffi/src/mips/ffi.c:647:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ecif.rvalue, rvalue_copy + copy_offset, cif->rtype->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/mips/ffi.c:893:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tp, argp + arg_offset, elt_type->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/moxie/ffi.c:96:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/nios2/ffi.c:130:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, avalue, atype->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/nios2/ffi.c:140:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, avalue, size); data/racket-7.8+dfsg1/src/foreign/libffi/src/nios2/ffi.c:193:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (rvalue, (void *)&result, cif->rtype->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/pa/ffi.c:239:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest_cpy, (char *)*p_argv, len); data/racket-7.8+dfsg1/src/foreign/libffi/src/pa/ffi.c:245:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest_cpy, (char *)*p_argv, len); data/racket-7.8+dfsg1/src/foreign/libffi/src/pa/ffi.c:580:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void*)tmp, &ret[0], cif->rtype->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/pa/ffi.c:601:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *)ret2 + off, ret, 8 - off); data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi.c:114:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (rvalue, (char *) smst_buffer + 4 - rsize, rsize); data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi.c:121:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (rvalue, (char *) smst_buffer + 8 - rsize, rsize); data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi.c:124:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (rvalue, smst_buffer, rsize); data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi_darwin.c:273:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *) dest_cpy, (char *) *p_argv, size_al); data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi_darwin.c:282:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) dest_cpy, (char *) *p_argv, size_al); data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi_darwin.c:498:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *) dest_cpy, src, size); data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi_darwin.c:503:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *) dest_cpy, src, size); data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi_darwin.c:509:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((char *) dest_cpy, src, size); data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi_darwin.c:1211:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. pgr = (unsigned long *)ALIGN((char *)pgr, arg_types[i]->alignment); data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi_darwin.c:1336:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&temp_ld.lb[0], pfr, sizeof(ldbits)); data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi_darwin.c:1337:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&temp_ld.lb[1], pgr + 2, sizeof(ldbits)); data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi_linux64.c:594:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (next_arg.c, *p_argv.c, first); data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi_linux64.c:595:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (rest.c, *p_argv.c + first, (*ptr)->size - first); data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi_linux64.c:608:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (where, *p_argv.c, (*ptr)->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi_linux64.c:699:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (tramp, (char *) ffi_closure_LINUX64, 16); data/racket-7.8+dfsg1/src/foreign/libffi/src/powerpc/ffi_sysv.c:575:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (copy_space.c, *p_argv.c, (*ptr)->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/raw_api.c:175:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((void*) raw->data, (void*)*args, (*tp)->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/s390/ffi.c:226:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p_struct, (char *)arg, (*ptr)->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/sh/ffi.c:203:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/sh/ffi.c:218:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/sh/ffi.c:294:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/sh/ffi.c:313:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/sh/ffi.c:448:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (rvalue, &trvalue, cif->rtype->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/sh64/ffi.c:106:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/sh64/ffi.c:147:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/sh64/ffi.c:290:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (rvalue, &trvalue, cif->rtype->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/sparc/ffi.c:113:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/sparc/ffi.c:218:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/sparc/ffi.c:229:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/sparc/ffi.c:240:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/tile/ffi.c:130:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, in, type->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/tile/ffi.c:192:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, arg_in, type->size); data/racket-7.8+dfsg1/src/foreign/libffi/src/vax/ffi.c:97:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/vax/ffi.c:107:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/x86/ffi.c:112:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/x86/ffi.c:155:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argp, *p_argv, z); data/racket-7.8+dfsg1/src/foreign/libffi/src/x86/ffi.c:196:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (h, p_stack_data[0], zz); data/racket-7.8+dfsg1/src/foreign/libffi/src/x86/ffi.c:198:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (size_t) ((char *) p_stack_data[0] - (char*)argp2)); data/racket-7.8+dfsg1/src/foreign/libffi/src/x86/ffi.c:199:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp2, h, zz); data/racket-7.8+dfsg1/src/foreign/libffi/src/x86/ffi.c:215:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (h, p_stack_data[1], zz); data/racket-7.8+dfsg1/src/foreign/libffi/src/x86/ffi.c:217:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp2, h, zz); data/racket-7.8+dfsg1/src/foreign/libffi/src/x86/ffi.c:770:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (stack, ecif->avalue, ecif->cif->bytes); data/racket-7.8+dfsg1/src/foreign/libffi/src/x86/ffi64.c:475:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (argp, avalue[i], size); data/racket-7.8+dfsg1/src/foreign/libffi/src/x86/ffi64.c:481:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *a = (char *) avalue[i]; data/racket-7.8+dfsg1/src/foreign/libffi/src/x86/ffi64.c:507:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (®_args->gpr[gprcount], a, size < 8 ? size : 8); data/racket-7.8+dfsg1/src/foreign/libffi/src/x86/ffi64.c:662:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (a, ®_args->sse[ssecount++], 8); data/racket-7.8+dfsg1/src/foreign/libffi/src/x86/ffi64.c:664:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (a, ®_args->gpr[gprcount++], 8); data/racket-7.8+dfsg1/src/foreign/libffi/src/xtensa/ffi.c:178:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char*) addr, *p_argv.c, size); data/racket-7.8+dfsg1/src/foreign/libffi/src/xtensa/ffi.c:222:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rvalue, alloc, rsize); data/racket-7.8+dfsg1/src/foreign/libffi/src/xtensa/ffi.c:236:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(closure->tramp, ffi_trampoline, FFI_TRAMPOLINE_SIZE); data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_multi_schar.c:27:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. a1 = *(signed char *)avals[0]; data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_multi_schar.c:28:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. a2 = *(signed char *)avals[1]; data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_multi_sshortchar.c:29:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. a1 = *(signed char *)avals[0]; data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_multi_sshortchar.c:31:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. a3 = *(signed char *)avals[2]; data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_multi_uchar.c:28:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. a1 = *(unsigned char *)avals[0]; data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_multi_uchar.c:29:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. a2 = *(unsigned char *)avals[1]; data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_multi_uchar.c:30:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. a3 = *(unsigned char *)avals[2]; data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_multi_uchar.c:31:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. a4 = *(unsigned char *)avals[3]; data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_multi_uchar.c:43:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. printf("%d %d %d %d\n", *(unsigned char *)avals[0], data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_multi_uchar.c:44:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. *(unsigned char *)avals[1], *(unsigned char *)avals[2], data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_multi_uchar.c:44:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. *(unsigned char *)avals[1], *(unsigned char *)avals[2], data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_multi_uchar.c:45:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. *(unsigned char *)avals[3]); data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_multi_ushortchar.c:29:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. a1 = *(unsigned char *)avals[0]; data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_multi_ushortchar.c:31:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. a3 = *(unsigned char *)avals[2]; data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_schar.c:15:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. *(ffi_arg*)resp = *(signed char *)args[0]; data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_schar.c:16:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. printf("%d: %d\n",*(signed char *)args[0], data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_uchar.c:13:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. *(ffi_arg*)resp = *(unsigned char *)args[0]; data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/cls_uchar.c:14:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. printf("%d: %d\n",*(unsigned char *)args[0], data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/float1.c:14:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[sizeof (double)]; data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/float4.c:16:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[sizeof (double)]; data/racket-7.8+dfsg1/src/mzcom/com_glue.c:407:3: [2] (buffer) CopyMemory: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. CopyMemory(vTableGuid, &DIID_IMzObjEvents, sizeof(GUID)); data/racket-7.8+dfsg1/src/mzcom/mzobj.cxx:123:3: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). MultiByteToWideChar(CP_ACP,(DWORD)0,s,len,wideString,len + 1); data/racket-7.8+dfsg1/src/mzcom/mzobj.cxx:137:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exeBuff[260]; data/racket-7.8+dfsg1/src/racket/gc/cord/cordbscs.c:69:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[1]; data/racket-7.8+dfsg1/src/racket/gc/cord/cordbscs.c:162:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, x, lenx); data/racket-7.8+dfsg1/src/racket/gc/cord/cordbscs.c:163:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + lenx, y, leny); data/racket-7.8+dfsg1/src/racket/gc/cord/cordbscs.c:191:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_right, right, right_len); data/racket-7.8+dfsg1/src/racket/gc/cord/cordbscs.c:192:14: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_right + right_len, y, leny); data/racket-7.8+dfsg1/src/racket/gc/cord/cordbscs.c:279:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SHORT_LIMIT+1]; data/racket-7.8+dfsg1/src/racket/gc/cord/cordbscs.c:424:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[SUBSTR_LIMIT+1]; data/racket-7.8+dfsg1/src/racket/gc/cord/cordprnt.c:167:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char conv_spec[CONV_SPEC_LEN + 1]; data/racket-7.8+dfsg1/src/racket/gc/cord/cordtest.c:148:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(FNAME1, "w")) == 0) ABORT("open failed"); data/racket-7.8+dfsg1/src/racket/gc/cord/cordtest.c:151:30: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). w = CORD_from_file(f1a = fopen(FNAME1, "rb")); data/racket-7.8+dfsg1/src/racket/gc/cord/cordtest.c:156:35: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). z = CORD_from_file_lazy(f1b = fopen(FNAME1, "rb")); data/racket-7.8+dfsg1/src/racket/gc/cord/cordtest.c:165:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(FNAME2, "w")) == 0) ABORT("2nd open failed"); data/racket-7.8+dfsg1/src/racket/gc/cord/cordtest.c:172:29: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). w = CORD_from_file(f2 = fopen(FNAME2, "rb")); data/racket-7.8+dfsg1/src/racket/gc/cord/cordtest.c:201:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result2[200]; data/racket-7.8+dfsg1/src/racket/gc/cord/cordtest.c:220:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. (void) sprintf(result2, "->%-120.78s!\n", CORD_to_char_star(x)); data/racket-7.8+dfsg1/src/racket/gc/cord/cordxtra.c:243:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, s, len+1); data/racket-7.8+dfsg1/src/racket/gc/cord/cordxtra.c:417:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, x[0].ec_buf, len); data/racket-7.8+dfsg1/src/racket/gc/cord/cordxtra.c:486:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[LINE_SZ]; data/racket-7.8+dfsg1/src/racket/gc/cord/cordxtra.c:575:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1]; data/racket-7.8+dfsg1/src/racket/gc/cord/de.c:504:25: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((out = fopen(CORD_to_const_char_star(name), "wb")) == NULL data/racket-7.8+dfsg1/src/racket/gc/cord/de.c:544:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(arg_file_name, "rb")) == NULL) { data/racket-7.8+dfsg1/src/racket/gc/cord/de_win.c:73:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[50]; data/racket-7.8+dfsg1/src/racket/gc/cord/de_win.c:75:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "RegisterClass: error code: 0x%X", GetLastError()); data/racket-7.8+dfsg1/src/racket/gc/cord/de_win.c:108:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[50]; data/racket-7.8+dfsg1/src/racket/gc/cord/de_win.c:110:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "CreateWindow: error code: 0x%X", GetLastError()); data/racket-7.8+dfsg1/src/racket/gc/dbg_mlc.c:338:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[GC_TYPE_DESCR_LEN + 1]; data/racket-7.8+dfsg1/src/racket/gc/dyn_load.c:348:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. GC_add_roots_inner((char *)start, data/racket-7.8+dfsg1/src/racket/gc/dyn_load.c:592:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[30]; data/racket-7.8+dfsg1/src/racket/gc/dyn_load.c:608:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "/proc/%d", getpid()); data/racket-7.8+dfsg1/src/racket/gc/dyn_load.c:611:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(buf, O_RDONLY); data/racket-7.8+dfsg1/src/racket/gc/gcc_support.c:74:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char padding [sizeof( double ) - sizeof( int )]; data/racket-7.8+dfsg1/src/racket/gc/if_not_there.c:18:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((f = fopen(argv[1], "rb")) != 0 data/racket-7.8+dfsg1/src/racket/gc/if_not_there.c:19:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). || (f = fopen(argv[1], "r")) != 0) { data/racket-7.8+dfsg1/src/racket/gc/include/ec.h:40:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ec_buf[CORD_BUFSZ+1]; data/racket-7.8+dfsg1/src/racket/gc/include/private/cord_pos.h:51:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char function_buf[FUNCTION_BUF_SZ]; /* Space for next few chars */ data/racket-7.8+dfsg1/src/racket/gc/include/private/gc_priv.h:305:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define BCOPY(x,y,n) memcpy(y, x, (size_t)(n)) data/racket-7.8+dfsg1/src/racket/gc/include/private/gc_priv.h:308:25: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define BCOPY(x,y,n) bcopy((void *)(x),(void *)(y),(size_t)(n)) data/racket-7.8+dfsg1/src/racket/gc/include/private/gc_priv.h:764:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _hb_marks[MARK_BITS_SZ]; data/racket-7.8+dfsg1/src/racket/gc/include/private/gc_priv.h:791:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hb_body[HBLKSIZE]; data/racket-7.8+dfsg1/src/racket/gc/include/private/gc_priv.h:973:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _valid_offsets[VALID_OFFSET_SZ]; data/racket-7.8+dfsg1/src/racket/gc/include/private/gc_priv.h:976:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _modws_valid_offsets[sizeof(word)]; data/racket-7.8+dfsg1/src/racket/gc/include/private/gc_priv.h:1968:47: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. # define GC_STATIC_ASSERT(expr) do { if (0) { char j[(expr)? 1 : -1]; j[0]='\0'; j[0]=j[0]; } } while(0) data/racket-7.8+dfsg1/src/racket/gc/misc.c:520:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int log_d = open(file_name, O_CREAT|O_WRONLY|O_APPEND, 0666); data/racket-7.8+dfsg1/src/racket/gc/misc.c:539:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). GC_backtraces = atol(backtraces_string); data/racket-7.8+dfsg1/src/racket/gc/misc.c:580:27: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long time_limit = atol(time_limit_string); data/racket-7.8+dfsg1/src/racket/gc/misc.c:592:25: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). long interval = atol(interval_string); data/racket-7.8+dfsg1/src/racket/gc/misc.c:688:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). initial_heap_sz = atoi(sz_str); data/racket-7.8+dfsg1/src/racket/gc/misc.c:699:29: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). word max_heap_sz = (word)atol(sz_str); data/racket-7.8+dfsg1/src/racket/gc/misc.c:855:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char logPath[_MAX_PATH + 5]; data/racket-7.8+dfsg1/src/racket/gc/misc.c:862:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(logPath, ".log"); data/racket-7.8+dfsg1/src/racket/gc/misc.c:981:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSZ+1]; data/racket-7.8+dfsg1/src/racket/gc/misc.c:995:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSZ+1]; data/racket-7.8+dfsg1/src/racket/gc/misc.c:1008:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSZ+1]; data/racket-7.8+dfsg1/src/racket/gc/msvc_dbg.c:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filePath[_MAX_PATH]; data/racket-7.8+dfsg1/src/racket/gc/msvc_dbg.c:73:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char curDir[_MAX_PATH]; data/racket-7.8+dfsg1/src/racket/gc/msvc_dbg.c:74:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exePath[_MAX_PATH]; data/racket-7.8+dfsg1/src/racket/gc/msvc_dbg.c:82:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(exePath, "\\.."); data/racket-7.8+dfsg1/src/racket/gc/msvc_dbg.c:204:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char symNameBuffer[sizeof(IMAGEHLP_SYMBOL) + MAX_SYM_NAME]; data/racket-7.8+dfsg1/src/racket/gc/msvc_dbg.c:213:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char undName[1024]; data/racket-7.8+dfsg1/src/racket/gc/msvc_dbg.c:285:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[128]; data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:174:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[GET_FILE_LEN_BUF_SZ]; data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:186:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int f = open("/proc/self/maps", O_RDONLY); data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:202:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char init_buf[1]; data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:251:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = open("/proc/self/maps", O_RDONLY); data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:478:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char memory[ECOS_GC_MEMORY_SIZE]; data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:625:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char magic_number[2]; data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:1132:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stat_buf[STAT_BUF_SIZE]; data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:1164:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = open("/proc/self/stat", O_RDONLY); data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:1414:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). myexefile = fopen(path, "rb"); data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:1933:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). zero_fd = open("/dev/zero", O_RDONLY); data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:3415:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[30]; data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:3428:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "/proc/%d", getpid()); data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:3429:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(buf, O_RDONLY); data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:3758:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[256]; data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:3763:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[1024]; data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:4377:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[40]; data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:4379:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "##PC##= 0x%lx", info[i].ci_pc); data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:4385:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char exe_name[EXE_SZ]; data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:4387:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cmd_buf[CMD_SZ]; data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:4389:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char result_buf[RESULT_SZ]; data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:4393:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char preload_buf[PRELOAD_SZ]; data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:4456:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(result_buf + result_len, " [0x%lx]", data/racket-7.8+dfsg1/src/racket/gc/pthread_support.c:181:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char namebuf[LIBPTHREAD_NAME_LEN]; data/racket-7.8+dfsg1/src/racket/gc/pthread_support.c:192:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(namebuf, libpthread_name, len); data/racket-7.8+dfsg1/src/racket/gc/pthread_support.c:563:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char stat_buf[STAT_BUF_SIZE]; data/racket-7.8+dfsg1/src/racket/gc/pthread_support.c:571:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = open("/proc/stat", O_RDONLY); data/racket-7.8+dfsg1/src/racket/gc/pthread_support.c:579:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int cpu_no = atoi(stat_buf + i + 4); data/racket-7.8+dfsg1/src/racket/gc/pthread_support.c:759:41: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (nprocs_string != NULL) GC_nprocs = atoi(nprocs_string); data/racket-7.8+dfsg1/src/racket/gc/pthread_support.c:801:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). GC_markers = atoi(markers_string); data/racket-7.8+dfsg1/src/racket/gc/solaris_threads.c:203:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mem, GC_lwp_cache, max_lwps * sizeof(struct lwp_cache_entry)); data/racket-7.8+dfsg1/src/racket/gc/solaris_threads.c:231:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[30]; data/racket-7.8+dfsg1/src/racket/gc/solaris_threads.c:238:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "/proc/%d", getpid()); data/racket-7.8+dfsg1/src/racket/gc/solaris_threads.c:797:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). GC_zfd = open("/dev/zero", O_RDONLY); data/racket-7.8+dfsg1/src/racket/gc/tests/smash_test.c:11:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char * A[COUNT]; data/racket-7.8+dfsg1/src/racket/gc/tests/test_cpp.cc:222:33: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if (argc != 2 || (0 >= (n = atoi( argv[ 1 ] )))) { data/racket-7.8+dfsg1/src/racket/gc2/mem_account.c:142:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, owner_table, old_size*sizeof(OTEntry*)); data/racket-7.8+dfsg1/src/racket/gc2/msgprint.c:73:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[NP_BUFSIZE]; data/racket-7.8+dfsg1/src/racket/gc2/newgc.c:743:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newgc->mark_table, inheritgc->mark_table, newgc->number_of_tags * sizeof(Mark2_Proc)); data/racket-7.8+dfsg1/src/racket/gc2/newgc.c:744:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newgc->fixup_table, inheritgc->fixup_table, newgc->number_of_tags * sizeof(Fixup2_Proc)); data/racket-7.8+dfsg1/src/racket/gc2/newgc.c:964:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mark_table, gc->mark_table, gc->number_of_tags * sizeof(Mark2_Proc)); data/racket-7.8+dfsg1/src/racket/gc2/newgc.c:965:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fixup_table, gc->fixup_table, gc->number_of_tags * sizeof(Fixup2_Proc)); data/racket-7.8+dfsg1/src/racket/gc2/newgc.c:1210:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *zero_sized[4]; /* all 0-sized allocs get this */ data/racket-7.8+dfsg1/src/racket/gc2/newgc.c:1826:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&w, &info, sizeof(objhead)); data/racket-7.8+dfsg1/src/racket/gc2/newgc.c:3721:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newplace, ohead, PAIR_SIZE_IN_BYTES); data/racket-7.8+dfsg1/src/racket/gc2/newgc.c:3723:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newplace, ohead, size); data/racket-7.8+dfsg1/src/racket/gc2/newgc.c:4314:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(newplace, start, gcWORDS_TO_BYTES(info->size)); data/racket-7.8+dfsg1/src/racket/gc2/newgc.c:6065:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *type_name[PAGE_TYPES] = { data/racket-7.8+dfsg1/src/racket/gc2/newgc.c:6279:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *tn, buf[256]; data/racket-7.8+dfsg1/src/racket/gc2/newgc.c:6285:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "unknown,%d", i); data/racket-7.8+dfsg1/src/racket/gc2/places_gc.c:60:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[50]; data/racket-7.8+dfsg1/src/racket/gc2/places_gc.c:61:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "GCDEBUGOUT_%i", gc->place_id); data/racket-7.8+dfsg1/src/racket/gc2/places_gc.c:62:23: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gc->GCVERBOSEFH = fopen(buf, "w"); data/racket-7.8+dfsg1/src/racket/gc2/places_gc.c:273:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_signal_fds, MASTERGCINFO->signal_fds, sizeof(void*) * MASTERGCINFO->size); data/racket-7.8+dfsg1/src/racket/gc2/roots.c:21:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)new_roots, (void *)roots->roots, sizeof(uintptr_t) * roots->count); data/racket-7.8+dfsg1/src/racket/gc2/sighand.c:38:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _pidstr[20]; data/racket-7.8+dfsg1/src/racket/gc2/sighand.c:55:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inbuffer[10]; data/racket-7.8+dfsg1/src/racket/gc2/vm_mmap.c:36:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/zero", O_RDWR); data/racket-7.8+dfsg1/src/racket/gc2/vm_osx.c:163:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[512]; data/racket-7.8+dfsg1/src/racket/include/scheme.h:74:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bytes[BYTES_RESERVED_FOR_LONG_DOUBLE]; data/racket-7.8+dfsg1/src/racket/include/scheme.h:402:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[mzFLEX_ARRAY4_DECL]; data/racket-7.8+dfsg1/src/racket/include/scheme.h:1491:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ungotten[24]; data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:510:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char free[1]; data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:579:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[1]; data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:950:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/zero", O_RDWR); data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:1356:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, v, oldsize); data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:1365:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, v, oldsize); data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:1376:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, v, oldsize); data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:1385:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, v, oldsize); data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:1418:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char free[1]; data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:1563:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(managed->buckets[j]), &(managed->buckets[j + 1]), sizeof(ManagedBucket)); data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:1655:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)naya, (void *)roots, data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:2827:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, p, oldsize); data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:3130:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[256]; data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:3131:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(b, "GC_free failed! %"PRIxPTR"\n", (intptr_t)p); data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:3147:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[256]; data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:3148:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(b, "Block element already free! %"PRIxPTR"\n", (intptr_t)p); data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:3153:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[256]; data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:3154:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(b, "GC_free on ptr from wrong block! %"PRIxPTR"\n", (intptr_t)p); data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:3205:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[256]; data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:3206:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(b, "GC_free on ptr from wrong block! %"PRIxPTR"\n", (intptr_t)p); data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:3219:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[256]; data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:3220:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(b, "GC_free on block interior! %"PRIxPTR" != %"PRIxPTR"\n", data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:5131:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[NP_BUFSIZE]; data/racket-7.8+dfsg1/src/racket/src/bignum.c:91:131: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define FINISH_RESULT(digarray, len) { bigdig *save = digarray; digarray = (bigdig *)scheme_malloc_atomic(len * sizeof(bigdig)); memcpy(digarray, save, len * sizeof(bigdig)); RELEASE(save); } data/racket-7.8+dfsg1/src/racket/src/bignum.c:121:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if (p) memcpy(r, p, len); data/racket-7.8+dfsg1/src/racket/src/bignum.c:504:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(o_digs, SCHEME_BIGDIG(a), sizeof(bigdig) * c); data/racket-7.8+dfsg1/src/racket/src/bignum.c:644:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digs, SCHEME_BIGDIG(n), len * sizeof(bigdig)); data/racket-7.8+dfsg1/src/racket/src/bignum.c:1234:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, save, slen); data/racket-7.8+dfsg1/src/racket/src/bignum.c:1797:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(n_digs, SCHEME_BIGDIG(n), sizeof(bigdig) * n_size); data/racket-7.8+dfsg1/src/racket/src/bignum.c:1798:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d_digs, SCHEME_BIGDIG(d), sizeof(bigdig) * d_size); data/racket-7.8+dfsg1/src/racket/src/bool.c:530:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eql2, eql, sizeof(Equal_Info)); data/racket-7.8+dfsg1/src/racket/src/bool.c:538:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eql, eql2, sizeof(Equal_Info)); data/racket-7.8+dfsg1/src/racket/src/bool.c:767:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eql2, eql, sizeof(Equal_Info)); data/racket-7.8+dfsg1/src/racket/src/bool.c:777:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(eql, eql2, sizeof(Equal_Info)); data/racket-7.8+dfsg1/src/racket/src/compenv.c:268:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/racket-7.8+dfsg1/src/racket/src/compenv.c:269:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "struct%d", shape); data/racket-7.8+dfsg1/src/racket/src/compenv.c:275:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/racket-7.8+dfsg1/src/racket/src/compenv.c:276:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "prop%d", shape); data/racket-7.8+dfsg1/src/racket/src/compenv.c:312:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(env2, env, sizeof(Scheme_Comp_Env)); data/racket-7.8+dfsg1/src/racket/src/compenv.c:334:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(env2, env, sizeof(Scheme_Comp_Env)); data/racket-7.8+dfsg1/src/racket/src/compenv.c:348:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(env2, env, sizeof(Scheme_Comp_Env)); data/racket-7.8+dfsg1/src/racket/src/compile.c:233:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[50], src[20]; data/racket-7.8+dfsg1/src/racket/src/compile.c:252:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(src, SCHEME_BYTE_STR_VAL(bstr), SCHEME_BYTE_STRLEN_VAL(bstr) + 1); data/racket-7.8+dfsg1/src/racket/src/compile.c:254:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(src, SCHEME_BYTE_STR_VAL(bstr) + SCHEME_BYTE_STRLEN_VAL(bstr) - 19, 20); data/racket-7.8+dfsg1/src/racket/src/compile.c:1540:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char *)app XFORM_OK_PLUS devals)[i] = etype; data/racket-7.8+dfsg1/src/racket/src/compile.c:2221:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/racket-7.8+dfsg1/src/racket/src/compile.c:2225:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, ".%d", search_start); data/racket-7.8+dfsg1/src/racket/src/dynext.c:52:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char errbuf[20]; data/racket-7.8+dfsg1/src/racket/src/dynext.c:53:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errbuf, "%d", errno); data/racket-7.8+dfsg1/src/racket/src/dynext.c:145:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vcopy, vers, len + 1); data/racket-7.8+dfsg1/src/racket/src/dynext.c:203:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + 2, filename, l + 1); data/racket-7.8+dfsg1/src/racket/src/dynext.c:441:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, t, len); data/racket-7.8+dfsg1/src/racket/src/dynext.c:442:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + len, SCHEME_SYM_VAL(n), slen); data/racket-7.8+dfsg1/src/racket/src/error.c:295:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/racket-7.8+dfsg1/src/racket/src/error.c:413:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", d); data/racket-7.8+dfsg1/src/racket/src/error.c:429:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%o", d); data/racket-7.8+dfsg1/src/racket/src/error.c:457:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%f", f); data/racket-7.8+dfsg1/src/racket/src/error.c:467:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%" PRIdPTR ":", d); data/racket-7.8+dfsg1/src/racket/src/error.c:503:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)t, es, elen); data/racket-7.8+dfsg1/src/racket/src/error.c:504:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)t+elen, buf, tlen+1); data/racket-7.8+dfsg1/src/racket/src/error.c:578:8: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t mbuf[256]; data/racket-7.8+dfsg1/src/racket/src/error.c:707:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. t = (char *)ptrs[pp++]; data/racket-7.8+dfsg1/src/racket/src/error.c:958:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((void *)&savebuf, &scheme_error_buf, sizeof(mz_jmp_buf)); data/racket-7.8+dfsg1/src/racket/src/error.c:1209:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, s, len); data/racket-7.8+dfsg1/src/racket/src/error.c:1406:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s + pos, "\n arguments...:\n "); data/racket-7.8+dfsg1/src/racket/src/error.c:1409:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s + pos, "\n "); data/racket-7.8+dfsg1/src/racket/src/error.c:1414:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + pos, o, l); data/racket-7.8+dfsg1/src/racket/src/error.c:1636:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(other + pos, " ", 1); data/racket-7.8+dfsg1/src/racket/src/error.c:1637:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(other + pos + 1, o, l); data/racket-7.8+dfsg1/src/racket/src/error.c:1645:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(other, "; given %d arguments total", argc); data/racket-7.8+dfsg1/src/racket/src/error.c:1681:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(other + pos, "\n", 1); data/racket-7.8+dfsg1/src/racket/src/error.c:1683:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(other + pos, indent, plen); data/racket-7.8+dfsg1/src/racket/src/error.c:1687:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(other + pos, o, l); data/racket-7.8+dfsg1/src/racket/src/error.c:1695:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(other, "... [%d total] ...", argc); data/racket-7.8+dfsg1/src/racket/src/error.c:2011:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *strs[MAX_MISMATCH_EXTRAS], *str, *sep; data/racket-7.8+dfsg1/src/racket/src/error.c:2013:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *v_strs[MAX_MISMATCH_EXTRAS], *v_str; data/racket-7.8+dfsg1/src/racket/src/error.c:2055:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, name, nlen); data/racket-7.8+dfsg1/src/racket/src/error.c:2057:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + len, sep, seplen); data/racket-7.8+dfsg1/src/racket/src/error.c:2059:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + len, msg, mlen); data/racket-7.8+dfsg1/src/racket/src/error.c:2062:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + len, "\n ", 3); data/racket-7.8+dfsg1/src/racket/src/error.c:2065:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + len, strs[i], nlen); data/racket-7.8+dfsg1/src/racket/src/error.c:2067:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + len, ": ", 2); data/racket-7.8+dfsg1/src/racket/src/error.c:2069:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + len, v_strs[i], v_str_lens[i]); data/racket-7.8+dfsg1/src/racket/src/error.c:2081:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/racket-7.8+dfsg1/src/racket/src/error.c:2134:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(srcstr, SCHEME_BYTE_STR_VAL(src) + (srclen - MZERR_MAX_SRC_LEN), data/racket-7.8+dfsg1/src/racket/src/error.c:2618:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, accum, total); data/racket-7.8+dfsg1/src/racket/src/error.c:2621:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(accum + total, s, onelen); data/racket-7.8+dfsg1/src/racket/src/error.c:2668:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r, SCHEME_SYM_VAL(argv[0]), l2); data/racket-7.8+dfsg1/src/racket/src/error.c:2669:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r + l2, ": ", 2); data/racket-7.8+dfsg1/src/racket/src/error.c:2670:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r + l2 + 2, s, l + 1); data/racket-7.8+dfsg1/src/racket/src/error.c:2870:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(st + total, "\n ", 3); data/racket-7.8+dfsg1/src/racket/src/error.c:2873:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(st + total, ss[i], slen); data/racket-7.8+dfsg1/src/racket/src/error.c:2876:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(st + total, ": ", 2); data/racket-7.8+dfsg1/src/racket/src/error.c:2962:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(args, argv + 2, sizeof(Scheme_Object*) * (argc - 2)); data/racket-7.8+dfsg1/src/racket/src/error.c:3129:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/racket-7.8+dfsg1/src/racket/src/error.c:3734:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, SCHEME_SYM_VAL(name), slen); data/racket-7.8+dfsg1/src/racket/src/error.c:3735:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp + slen, ": ", 2); data/racket-7.8+dfsg1/src/racket/src/error.c:3736:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp + slen + 2, buffer, len + 1); data/racket-7.8+dfsg1/src/racket/src/error.c:3930:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(together, log_domain, len1); data/racket-7.8+dfsg1/src/racket/src/error.c:3931:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(together + len1, ": ", 2); data/racket-7.8+dfsg1/src/racket/src/error.c:3932:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(together + len1 + 2, message, len2); data/racket-7.8+dfsg1/src/racket/src/error.c:4446:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, "uncaught exception: ", 20); data/racket-7.8+dfsg1/src/racket/src/error.c:4447:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + 20, v, len + 1); data/racket-7.8+dfsg1/src/racket/src/eval.c:321:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(meta_prompt, p->meta_prompt, sizeof(Scheme_Prompt)); data/racket-7.8+dfsg1/src/racket/src/eval.c:363:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen("/proc/self/maps", "r"); data/racket-7.8+dfsg1/src/racket/src/eval.c:704:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, mc, sizeof(Scheme_Meta_Continuation)); data/racket-7.8+dfsg1/src/racket/src/eval.c:706:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, mc->cont_mark_stack_copied, naya->cont_mark_total * sizeof(Scheme_Cont_Mark)); data/racket-7.8+dfsg1/src/racket/src/eval.c:730:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(segs, p->cont_mark_stack_segments, c * sizeof(Scheme_Cont_Mark *)); data/racket-7.8+dfsg1/src/racket/src/eval.c:987:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(MZ_RUNSTACK, argv, argc * sizeof(Scheme_Object*)); data/racket-7.8+dfsg1/src/racket/src/eval.c:2034:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (char *)SCHEME_VEC_ELS(vinfo)[1], data/racket-7.8+dfsg1/src/racket/src/eval.c:2748:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. # define GET_FIRST_EVAL ((char *)app)[d_evals] data/racket-7.8+dfsg1/src/racket/src/eval.c:2806:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. # define GET_NEXT_EVAL ((char *)app)[d_evals + evalpos++] data/racket-7.8+dfsg1/src/racket/src/file.c:503:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2, "\\\\?\\REL\\\\", 9); data/racket-7.8+dfsg1/src/racket/src/file.c:504:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2 + 9, chars + d, len); data/racket-7.8+dfsg1/src/racket/src/file.c:517:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nm XFORM_OK_PLUS 2, chars XFORM_OK_PLUS d, len); data/racket-7.8+dfsg1/src/racket/src/file.c:917:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, s, slen+1); data/racket-7.8+dfsg1/src/racket/src/file.c:956:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(gc_wp, wp, (len + 1) * sizeof(wchar_t)); data/racket-7.8+dfsg1/src/racket/src/file.c:1306:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, "\\\\?\\REL\\", 8); data/racket-7.8+dfsg1/src/racket/src/file.c:1307:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str + 8, cleaned, clen); data/racket-7.8+dfsg1/src/racket/src/file.c:1319:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, "\\\\?\\RED\\", 8); data/racket-7.8+dfsg1/src/racket/src/file.c:1320:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str + 8, cleaned, clen); data/racket-7.8+dfsg1/src/racket/src/file.c:1329:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, "\\\\?\\UNC", plen); data/racket-7.8+dfsg1/src/racket/src/file.c:1330:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str + plen, cleaned + xdel, clen - xdel); data/racket-7.8+dfsg1/src/racket/src/file.c:1351:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya + dstart, wds, dend); data/racket-7.8+dfsg1/src/racket/src/file.c:1403:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t, s, len - skip_end); data/racket-7.8+dfsg1/src/racket/src/file.c:1405:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t + len - skip_end, t + orig_len - skip_end, skip_end); data/racket-7.8+dfsg1/src/racket/src/file.c:1511:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, filename, delta); data/racket-7.8+dfsg1/src/racket/src/file.c:1650:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, filename, drive_end); data/racket-7.8+dfsg1/src/racket/src/file.c:2014:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2, s XFORM_OK_PLUS offset, len); data/racket-7.8+dfsg1/src/racket/src/file.c:2042:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, si, len + 1); data/racket-7.8+dfsg1/src/racket/src/file.c:2077:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[PN_BUF_LEN], *str, *next; data/racket-7.8+dfsg1/src/racket/src/file.c:2177:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, str, pos); data/racket-7.8+dfsg1/src/racket/src/file.c:2281:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str + pos, next + 8, dots_end - 8); data/racket-7.8+dfsg1/src/racket/src/file.c:2298:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, "\\\\?\\REL\\\\", 9); data/racket-7.8+dfsg1/src/racket/src/file.c:2304:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, SCHEME_PATH_VAL(simp), pos); data/racket-7.8+dfsg1/src/racket/src/file.c:2501:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str + pos, next + next_off, len); data/racket-7.8+dfsg1/src/racket/src/file.c:2538:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, str, pos); data/racket-7.8+dfsg1/src/racket/src/file.c:2675:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2, "\\\\?\\REL\\\\", 9); data/racket-7.8+dfsg1/src/racket/src/file.c:2676:19: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2 + 9, s + p + 1, len - p - 1); data/racket-7.8+dfsg1/src/racket/src/file.c:2719:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, s, len + 2); data/racket-7.8+dfsg1/src/racket/src/file.c:3108:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, wrt, wlen); data/racket-7.8+dfsg1/src/racket/src/file.c:3117:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya + wlen, filename, ilen); data/racket-7.8+dfsg1/src/racket/src/file.c:3675:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, s, len); data/racket-7.8+dfsg1/src/racket/src/file.c:3696:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, s, drop_extra_slash); data/racket-7.8+dfsg1/src/racket/src/file.c:3697:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya + drop_extra_slash, s + drop_extra_slash + 1, len - drop_extra_slash - 1); data/racket-7.8+dfsg1/src/racket/src/file.c:3704:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, s, len); data/racket-7.8+dfsg1/src/racket/src/file.c:3757:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, s, add_sep); data/racket-7.8+dfsg1/src/racket/src/file.c:3760:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya + add_sep + 2, s + add_sep, len + 1 - add_sep); data/racket-7.8+dfsg1/src/racket/src/file.c:3767:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, s, add_sep); data/racket-7.8+dfsg1/src/racket/src/file.c:3769:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya + add_sep + 1, s + add_sep, len + 1 - add_sep); data/racket-7.8+dfsg1/src/racket/src/file.c:4344:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, fn, len); data/racket-7.8+dfsg1/src/racket/src/file.c:5095:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r2, r, sizeof(wchar_t) * len); data/racket-7.8+dfsg1/src/racket/src/fun.c:804:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((Scheme_Primitive_Closure *)prim)->val, data/racket-7.8+dfsg1/src/racket/src/fun.c:1060:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p2, p, sizeof(Scheme_Prompt)); data/racket-7.8+dfsg1/src/racket/src/fun.c:1419:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(runstack, rands, argc * sizeof(Scheme_Object *)); data/racket-7.8+dfsg1/src/racket/src/fun.c:2210:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[60]; data/racket-7.8+dfsg1/src/racket/src/fun.c:2313:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, b, c); data/racket-7.8+dfsg1/src/racket/src/fun.c:2532:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, "struct ", 7); data/racket-7.8+dfsg1/src/racket/src/fun.c:2536:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + offset, scheme_symbol_val(sym), *len); data/racket-7.8+dfsg1/src/racket/src/fun.c:2591:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r, "procedure ", 10); data/racket-7.8+dfsg1/src/racket/src/fun.c:2592:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r + 10, s, *len + 1); data/racket-7.8+dfsg1/src/racket/src/fun.c:3387:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, nc->code, sizeof(Scheme_Native_Lambda)); data/racket-7.8+dfsg1/src/racket/src/fun.c:3560:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argv2, argv, sizeof(Scheme_Object *) * argc); data/racket-7.8+dfsg1/src/racket/src/fun.c:3616:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nth[32]; data/racket-7.8+dfsg1/src/racket/src/fun.c:3659:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nth, "%dst", i); data/racket-7.8+dfsg1/src/racket/src/fun.c:3662:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nth, "%dnd", i); data/racket-7.8+dfsg1/src/racket/src/fun.c:3665:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nth, "%drd", i); data/racket-7.8+dfsg1/src/racket/src/fun.c:3668:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(nth, "%dth", i); data/racket-7.8+dfsg1/src/racket/src/fun.c:3794:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argv2, argv, sizeof(Scheme_Object*) * argc); data/racket-7.8+dfsg1/src/racket/src/fun.c:3880:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[32]; data/racket-7.8+dfsg1/src/racket/src/fun.c:4040:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nbuf[32]; data/racket-7.8+dfsg1/src/racket/src/fun.c:4661:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(saved->runstack_start, runstack, size * sizeof(Scheme_Object *)); data/racket-7.8+dfsg1/src/racket/src/fun.c:4702:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(isaved->runstack_start, data/racket-7.8+dfsg1/src/racket/src/fun.c:4750:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cont_mark_stack_copied + cmcount, cm, sizeof(Scheme_Cont_Mark)); data/racket-7.8+dfsg1/src/racket/src/fun.c:4769:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(MZ_RUNSTACK, isaved->runstack_start, size * sizeof(Scheme_Object *)); data/racket-7.8+dfsg1/src/racket/src/fun.c:4779:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(csaved->runstack_start XFORM_OK_PLUS csaved->runstack_offset, data/racket-7.8+dfsg1/src/racket/src/fun.c:4866:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cm, cm_src + cmoffset, sizeof(Scheme_Cont_Mark)); data/racket-7.8+dfsg1/src/racket/src/fun.c:4910:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, overflow, sizeof(Scheme_Overflow)); data/racket-7.8+dfsg1/src/racket/src/fun.c:4944:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, dw, sizeof(Scheme_Dynamic_Wind)); data/racket-7.8+dfsg1/src/racket/src/fun.c:4985:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, saved, sizeof(Scheme_Saved_Stack)); data/racket-7.8+dfsg1/src/racket/src/fun.c:5026:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, copied, sizeof(Scheme_Saved_Stack)); data/racket-7.8+dfsg1/src/racket/src/fun.c:5043:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, naya->runstack_start, size * sizeof(Scheme_Object *)); data/racket-7.8+dfsg1/src/racket/src/fun.c:5084:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, mc, sizeof(Scheme_Meta_Continuation)); data/racket-7.8+dfsg1/src/racket/src/fun.c:5097:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, mc->cont_mark_stack_copied + delta, naya->cont_mark_total * sizeof(Scheme_Cont_Mark)); data/racket-7.8+dfsg1/src/racket/src/fun.c:5121:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cnaya, naya->cont, sizeof(Scheme_Cont)); data/racket-7.8+dfsg1/src/racket/src/fun.c:5158:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(onaya, naya->overflow, sizeof(Scheme_Overflow)); data/racket-7.8+dfsg1/src/racket/src/fun.c:5172:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, mc->cont_mark_stack_copied, naya->cont_mark_total * sizeof(Scheme_Cont_Mark)); data/racket-7.8+dfsg1/src/racket/src/fun.c:5211:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cnaya, resume_mc->cont, sizeof(Scheme_Cont)); data/racket-7.8+dfsg1/src/racket/src/fun.c:5284:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, resume_mc->cont_mark_stack_copied, base * sizeof(Scheme_Cont_Mark)); data/racket-7.8+dfsg1/src/racket/src/fun.c:5754:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(MZ_RUNSTACK XFORM_OK_PLUS done, data/racket-7.8+dfsg1/src/racket/src/fun.c:6213:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(acting_barrier_prompt, barrier_prompt, sizeof(Scheme_Prompt)); data/racket-7.8+dfsg1/src/racket/src/fun.c:7358:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argv2 XFORM_OK_PLUS 1, argv, sizeof(Scheme_Object *) * argc); data/racket-7.8+dfsg1/src/racket/src/fun.c:7677:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, mc->cont_mark_stack_copied, mc->cont_mark_total * sizeof(Scheme_Cont_Mark)); data/racket-7.8+dfsg1/src/racket/src/fun.c:9027:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lwc, p_lwc, sizeof(Scheme_Current_LWC)); data/racket-7.8+dfsg1/src/racket/src/fun.c:9046:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(runstack_slice, lw->saved_lwc->runstack_end, len * sizeof(Scheme_Object *)); data/racket-7.8+dfsg1/src/racket/src/fun.c:9078:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cont_mark_stack_slice + j, seg + pos, sizeof(Scheme_Cont_Mark)); data/racket-7.8+dfsg1/src/racket/src/fun.c:9207:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rs, lw->runstack_slice, len * sizeof(Scheme_Object*)); data/racket-7.8+dfsg1/src/racket/src/fun.c:9671:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, rest->cont_mark_stack_copied, rest->cont_mark_total * sizeof(Scheme_Cont_Mark)); data/racket-7.8+dfsg1/src/racket/src/gmp/gmp-impl.h:829:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const unsigned char modlimb_invert_table[128]; data/racket-7.8+dfsg1/src/racket/src/gmp/gmp.c:1806:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[BUF_ALLOC]; data/racket-7.8+dfsg1/src/racket/src/gmp/gmp.c:2868:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char approx_tab[192] = data/racket-7.8+dfsg1/src/racket/src/gmp/gmp.c:5097:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char modlimb_invert_table[128] = { data/racket-7.8+dfsg1/src/racket/src/hash.c:653:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(table, ht, sizeof(Scheme_Hash_Table)); data/racket-7.8+dfsg1/src/racket/src/hash.c:658:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ba, table->vals, sizeof(Scheme_Object *) * table->size); data/racket-7.8+dfsg1/src/racket/src/hash.c:661:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ba, table->keys, sizeof(Scheme_Object *) * table->size); data/racket-7.8+dfsg1/src/racket/src/hash.c:943:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. get_bucket(table, (char *)HT_EXTRACT_WEAK(old[i]->key), 1, old[i], key_wraps); data/racket-7.8+dfsg1/src/racket/src/hash.c:1170:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ba, bt->buckets, asize); data/racket-7.8+dfsg1/src/racket/src/hash.c:1311:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hi2, hi, sizeof(Hash_Info)); data/racket-7.8+dfsg1/src/racket/src/hash.c:1320:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hi, hi2, sizeof(Hash_Info)); data/racket-7.8+dfsg1/src/racket/src/hash.c:1337:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&v, &d, sizeof(umzlonglong)); data/racket-7.8+dfsg1/src/racket/src/hash.c:1364:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[LONG_DOUBLE_BYTE_LEN]; data/racket-7.8+dfsg1/src/racket/src/hash.c:1373:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, &d, LONG_DOUBLE_BYTE_LEN); data/racket-7.8+dfsg1/src/racket/src/hash.c:1677:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hi2, hi, sizeof(Hash_Info)); data/racket-7.8+dfsg1/src/racket/src/hash.c:2007:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hi2, hi, sizeof(Hash_Info)); data/racket-7.8+dfsg1/src/racket/src/hash.c:2015:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hi, hi2, sizeof(Hash_Info)); data/racket-7.8+dfsg1/src/racket/src/hash.c:2179:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hi2, hi, sizeof(Hash_Info)); data/racket-7.8+dfsg1/src/racket/src/hash.c:2502:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->els+dest_start, src->els+src_start, len*sizeof(Scheme_Object*)); data/racket-7.8+dfsg1/src/racket/src/hash.c:2504:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->els+dest_popcount+dest_start, src->els+src_popcount+src_start, len*sizeof(Scheme_Object*)); data/racket-7.8+dfsg1/src/racket/src/hash.c:2506:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->els+2*dest_popcount+dest_start, src->els+2*src_popcount+src_start, len*sizeof(Scheme_Object*)); data/racket-7.8+dfsg1/src/racket/src/hash.c:2554:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_ht, ht, HASH_TREE_RECORD_SIZE(kind, popcount)); data/racket-7.8+dfsg1/src/racket/src/hash.c:2675:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_ht, ht, HASH_TREE_RECORD_SIZE(SCHEME_HASHTR_KIND(ht), 0)); data/racket-7.8+dfsg1/src/racket/src/hash.c:2702:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_ht, ht, HASH_TREE_RECORD_SIZE(SCHEME_HASHTR_KIND(ht), 0)); data/racket-7.8+dfsg1/src/racket/src/jit.c:177:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, lwc->stack_end, size); data/racket-7.8+dfsg1/src/racket/src/jit.c:195:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_stack_start, args->copy_to_install, args->copy_size); data/racket-7.8+dfsg1/src/racket/src/jit.c:1040:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrs, for_branch->addrs, sizeof(Branch_Info_Addr) * for_branch->addrs_size); data/racket-7.8+dfsg1/src/racket/src/jit.c:1324:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&init_word, &example_so, sizeof(intptr_t)); data/racket-7.8+dfsg1/src/racket/src/jit.c:1431:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lam, o, sizeof(Scheme_Lambda)); data/racket-7.8+dfsg1/src/racket/src/jit.c:1751:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&for_branch_copy, for_branch, sizeof(Branch_Info)); data/racket-7.8+dfsg1/src/racket/src/jit.c:1760:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(for_branch, &for_branch_copy, sizeof(Branch_Info)); data/racket-7.8+dfsg1/src/racket/src/jit.c:2018:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy_mappings, jitter->mappings, jitter->mappings_size * sizeof(int)); data/racket-7.8+dfsg1/src/racket/src/jit.c:2024:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(for_branch_copy, for_branch, sizeof(Branch_Info)); data/racket-7.8+dfsg1/src/racket/src/jit.c:2026:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(addrs, for_branch->addrs, sizeof(Branch_Info_Addr) * for_branch->addrs_count); data/racket-7.8+dfsg1/src/racket/src/jit.c:2033:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(for_values_copy, for_values, sizeof(Expected_Values_Info)); data/racket-7.8+dfsg1/src/racket/src/jit.c:2052:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(for_branch, for_branch_copy, sizeof(Branch_Info)); data/racket-7.8+dfsg1/src/racket/src/jit.c:2057:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(for_values, for_values_copy, sizeof(Expected_Values_Info)); data/racket-7.8+dfsg1/src/racket/src/jitalloc.c:82:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&foo, sp, sizeof(intptr_t)); data/racket-7.8+dfsg1/src/racket/src/jitcall.c:224:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, argv, argc * sizeof(Scheme_Object*)); data/racket-7.8+dfsg1/src/racket/src/jitprep.c:49:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(app2, app, size); data/racket-7.8+dfsg1/src/racket/src/jitprep.c:76:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(app, o, sizeof(Scheme_App2_Rec)); data/racket-7.8+dfsg1/src/racket/src/jitprep.c:100:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(app, o, sizeof(Scheme_App3_Rec)); data/racket-7.8+dfsg1/src/racket/src/jitprep.c:130:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(seq2, seq, size); data/racket-7.8+dfsg1/src/racket/src/jitprep.c:159:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b, o, sizeof(Scheme_Branch_Rec)); data/racket-7.8+dfsg1/src/racket/src/jitprep.c:180:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lv, o, sizeof(Scheme_Let_Value)); data/racket-7.8+dfsg1/src/racket/src/jitprep.c:200:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lo, o, sizeof(Scheme_Let_One)); data/racket-7.8+dfsg1/src/racket/src/jitprep.c:218:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lv, o, sizeof(Scheme_Let_Void)); data/racket-7.8+dfsg1/src/racket/src/jitprep.c:233:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lr2, lr, sizeof(Scheme_Letrec)); data/racket-7.8+dfsg1/src/racket/src/jitprep.c:264:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wcm, o, sizeof(Scheme_With_Continuation_Mark)); data/racket-7.8+dfsg1/src/racket/src/jitprep.c:338:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, sb, sizeof(Scheme_Set_Bang)); data/racket-7.8+dfsg1/src/racket/src/jitprep.c:382:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wcm, o, sizeof(Scheme_With_Continuation_Mark)); data/racket-7.8+dfsg1/src/racket/src/jitprep.c:406:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(seqout, seqin, size); data/racket-7.8+dfsg1/src/racket/src/jitprep.c:465:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, val, sizeof(Scheme_Lambda)); data/racket-7.8+dfsg1/src/racket/src/jitprep.c:554:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data2, code, sizeof(Scheme_Lambda)); data/racket-7.8+dfsg1/src/racket/src/jitprep.c:686:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_linklet, linklet, sizeof(Scheme_Linklet)); data/racket-7.8+dfsg1/src/racket/src/jitstate.c:112:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&jitter->retain_double_start[jitter->retained_double], &ld, sizeof(long_double)); data/racket-7.8+dfsg1/src/racket/src/jitstate.c:463:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jitter_copy, jitter, sizeof(mz_jit_state)); data/racket-7.8+dfsg1/src/racket/src/jitstate.c:473:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jitter, jitter_copy, sizeof(mz_jit_state)); data/racket-7.8+dfsg1/src/racket/src/jitstate.c:486:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, jitter->mappings, jitter->mappings_size * sizeof(int)); data/racket-7.8+dfsg1/src/racket/src/lightning/arm/funcs.h:92:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/racket-7.8+dfsg1/src/racket/src/lightning/arm/funcs.h:94:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen("/proc/cpuinfo", "r")) == NULL) data/racket-7.8+dfsg1/src/racket/src/lightning/ppc/fp.h:63:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_jit.x.uc_pc, &_v, sizeof (double)); \ data/racket-7.8+dfsg1/src/racket/src/lightning/ppc/fp.h:74:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_jit.x.uc_pc, &_v, sizeof (float)); \ data/racket-7.8+dfsg1/src/racket/src/lightning/ppc/funcs.h:65:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[8192]; data/racket-7.8+dfsg1/src/racket/src/linklet.c:1129:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/racket-7.8+dfsg1/src/racket/src/linklet.c:1133:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, ".%d", search_start); data/racket-7.8+dfsg1/src/racket/src/linklet.c:1860:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name_tab[16], tab[10], gc_tab[10], pre_indent[8], post_indent[8]; data/racket-7.8+dfsg1/src/racket/src/list.c:2540:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. scheme_add_to_table(t, (char *)argv[1], (void *)argv[2], 0); data/racket-7.8+dfsg1/src/racket/src/list.c:2632:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. v = (Scheme_Object *)scheme_lookup_in_table(t, (char *)argv[1]); data/racket-7.8+dfsg1/src/racket/src/list.c:2688:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. v = (Scheme_Object *)scheme_lookup_key_in_table(t, (char *)argv[1]); data/racket-7.8+dfsg1/src/racket/src/list.c:2720:69: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. b = scheme_bucket_or_null_from_table((Scheme_Bucket_Table *)v, (char *)argv[1], 0); data/racket-7.8+dfsg1/src/racket/src/list.c:3336:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(px, chaperone, sizeof(Scheme_Chaperone)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:618:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d, &scheme_infinity_val, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:625:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d, &scheme_minus_infinity_val, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:632:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d, &scheme_floating_point_nzero, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:639:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d, &SCHEME_DBL_VAL(scheme_nan_object), sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:647:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d, &one, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:654:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d1, &ld1, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:655:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d2, &ld2, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:662:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d, &d1, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:669:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d1, &ld1, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:671:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d, &d1, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:678:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d1, &ld1, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:681:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d, &d1, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:687:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d, &ld, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:693:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d, &ld, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:699:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d, &ld, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:705:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d, &ld, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:725:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ld, &d, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:733:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d, &ld, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:734:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%.*Lg", digits, d); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:933:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bytes[SIZEOF_LONGDOUBLE]; data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:949:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(_ld, &d, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:955:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d, &ld, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:956:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%.*Lg", digits, d); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.h:30:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bytes[SIZEOF_LONGDOUBLE]; data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.h:208:47: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. # define long_double_sprint(buffer,digits,d) sprintf(buffer, "%.*Lg", digits, d) data/racket-7.8+dfsg1/src/racket/src/marshal.c:123:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, mt->cdata_map, pos * sizeof(Scheme_Object *)); data/racket-7.8+dfsg1/src/racket/src/network.c:365:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + offset, data->b.buffer + data->b.bufpos, n); data/racket-7.8+dfsg1/src/racket/src/network.c:426:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + offset, data->b.buffer, n); data/racket-7.8+dfsg1/src/racket/src/network.c:600:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data->b.out_buffer + data->b.out_bufmax, s + offset, len); data/racket-7.8+dfsg1/src/racket/src/network.c:2251:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prev_buf[64]; data/racket-7.8+dfsg1/src/racket/src/numstr.c:248:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2 + 2, s, len+1); data/racket-7.8+dfsg1/src/racket/src/numstr.c:275:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. for (i = 0; s[i] && (s[i] == ((unsigned char *)t)[i]); i++) { data/racket-7.8+dfsg1/src/racket/src/numstr.c:654:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2 + 4, str + delta + 6, (len - delta - 5) * sizeof(mzchar)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:660:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2, str + delta, (len - delta - 7) * sizeof(mzchar)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:745:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2, str + delta + 7, (len - delta - 6) * sizeof(mzchar)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:755:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2, str + delta, (len - delta - 7) * sizeof(mzchar)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:896:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(first, str + delta, (has_sign - delta) * sizeof(mzchar)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:903:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(second, str + has_sign, (has_i - has_sign) * sizeof(mzchar)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:981:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(first, str + delta, (has_at - delta) * sizeof(mzchar)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:989:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((mzchar *)second, str + has_at + 1, slen * sizeof(mzchar)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:1242:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ffl_buf[MAX_FAST_FLOATREAD_LEN + 1]; data/racket-7.8+dfsg1/src/racket/src/numstr.c:1354:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(substr, str + has_expt + 1, slen * sizeof(mzchar)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:1380:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, str + delta, (has_expt - delta) * sizeof(mzchar)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:1581:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(first, str + delta, (has_slash - delta) * sizeof(mzchar)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:1603:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(substr, str + has_slash + 1, slen * sizeof(mzchar)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:1873:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%.*g", digits, d); data/racket-7.8+dfsg1/src/racket/src/numstr.c:1948:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[100]; data/racket-7.8+dfsg1/src/racket/src/numstr.c:1965:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2, s, l); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2019:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, ns, nlen); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2036:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, rs, rlen); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2041:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + rlen + offset, is, ilen); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2064:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/racket-7.8+dfsg1/src/racket/src/numstr.c:2083:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/racket-7.8+dfsg1/src/racket/src/numstr.c:2104:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[36]; /* What is the length? */ data/racket-7.8+dfsg1/src/racket/src/numstr.c:2128:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&val, str, sizeof(char)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2132:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&val, str, sizeof(unsigned char)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2141:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&val, str, sizeof(short)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2145:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&val, str, sizeof(unsigned short)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2154:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&val, str, sizeof(int)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2158:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&val, str, sizeof(unsigned int)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2168:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&val, str, sizeof(intptr_t)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2173:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&val, str, sizeof(uintptr_t)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2184:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lv, str, sizeof(mzlonglong)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2188:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&lv, str, sizeof(umzlonglong)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2218:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&val, str + sizeof(unsigned int), sizeof(unsigned int)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2229:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&val, str, sizeof(unsigned int)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2301:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char *)buf)[slen - i - 1] = str[i + offset]; data/racket-7.8+dfsg1/src/racket/src/numstr.c:2305:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf, str + offset, slen); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2450:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, &value, sizeof(char)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2453:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, &value, sizeof(unsigned char)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2461:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, &value, sizeof(short)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2464:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, &value, sizeof(unsigned short)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2471:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, &value, sizeof(int)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2474:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, &value, sizeof(unsigned int)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2482:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, &llval, sizeof(mzlonglong)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2524:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. str[i + offset] = ((char *)buf)[size - i - 1]; data/racket-7.8+dfsg1/src/racket/src/numstr.c:2529:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. str[i + offset] = ((char *)buf)[i]; data/racket-7.8+dfsg1/src/racket/src/numstr.c:2539:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *str, buf[8]; data/racket-7.8+dfsg1/src/racket/src/numstr.c:2576:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, str + offset, slen); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2584:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&f, buf, sizeof(float)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2595:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d, str, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2657:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(SCHEME_BYTE_STR_VAL(s) + offset, &f, sizeof(float)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2659:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(SCHEME_BYTE_STR_VAL(s) + offset, &d, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2664:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8], *str; data/racket-7.8+dfsg1/src/racket/src/numstr.c:2683:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *str, buf[sizeof(long_double)]; data/racket-7.8+dfsg1/src/racket/src/numstr.c:2721:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, str + offset, slen); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2725:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&d, str, LONG_DOUBLE_BYTE_LEN); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2782:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(SCHEME_BYTE_STR_VAL(s) + offset, &d, LONG_DOUBLE_BYTE_LEN); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2786:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[LONG_DOUBLE_BYTE_LEN], *str; data/racket-7.8+dfsg1/src/racket/src/numstr.c:3056:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&scheme_double_too_positive_for_fixnum, double_too_positive_for_fixnum_bytes, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:3057:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&scheme_double_too_negative_for_fixnum, double_too_negative_for_fixnum_bytes, sizeof(double)); data/racket-7.8+dfsg1/src/racket/src/numstr.c:3059:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&scheme_extfl_too_positive_for_fixnum, extfl_too_positive_for_fixnum_bytes, 10); data/racket-7.8+dfsg1/src/racket/src/numstr.c:3060:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&scheme_extfl_too_negative_for_fixnum, extfl_too_negative_for_fixnum_bytes, 10); data/racket-7.8+dfsg1/src/racket/src/optimize.c:321:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(all, prefix, plen); data/racket-7.8+dfsg1/src/racket/src/optimize.c:322:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(all + plen, ctx, clen); data/racket-7.8+dfsg1/src/racket/src/optimize.c:323:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(all + plen + clen, mprefix, mplen); data/racket-7.8+dfsg1/src/racket/src/optimize.c:324:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(all + plen + clen + mplen, mctx, mclen); data/racket-7.8+dfsg1/src/racket/src/optimize.c:1192:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s, quick[8]; data/racket-7.8+dfsg1/src/racket/src/optimize.c:6425:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, sb, sizeof(Scheme_Set_Bang)); data/racket-7.8+dfsg1/src/racket/src/optimize.c:6657:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(seq2, seq, sz); data/racket-7.8+dfsg1/src/racket/src/optimize.c:8696:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(var2, var, sizeof(Scheme_IR_Local)); data/racket-7.8+dfsg1/src/racket/src/optimize.c:8735:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lam2, lam, sizeof(Scheme_Lambda)); data/racket-7.8+dfsg1/src/racket/src/optimize.c:8738:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cl, lam->ir_info, sizeof(Scheme_IR_Lambda_Info)); data/racket-7.8+dfsg1/src/racket/src/optimize.c:8755:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(arg_types, cl->arg_types, sz * sizeof(Scheme_Object*)); data/racket-7.8+dfsg1/src/racket/src/optimize.c:8756:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(arg_type_contributors, cl->arg_type_contributors, sz * sizeof(short)); data/racket-7.8+dfsg1/src/racket/src/place.c:1010:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *str, buf[64]; data/racket-7.8+dfsg1/src/racket/src/place.c:1017:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, SCHEME_SYM_VAL(so), len); data/racket-7.8+dfsg1/src/racket/src/place.c:1050:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *str, buf[64]; data/racket-7.8+dfsg1/src/racket/src/place.c:1057:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, SCHEME_SYM_VAL(so), len); data/racket-7.8+dfsg1/src/racket/src/place.c:2065:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cimm_array, immutable_array, local_slots); data/racket-7.8+dfsg1/src/racket/src/place.c:2975:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_msgs, ch->msgs + ch->out, sizeof(Scheme_Object *) * (ch->in - ch->out)); data/racket-7.8+dfsg1/src/racket/src/place.c:2976:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_msg_memory, ch->msg_memory + ch->out, sizeof(void*) * (ch->in - ch->out)); data/racket-7.8+dfsg1/src/racket/src/place.c:2977:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_chains, ch->msg_chains + ch->out, sizeof(void*) * (ch->in - ch->out)); data/racket-7.8+dfsg1/src/racket/src/place.c:2981:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_msgs, ch->msgs + ch->out, sizeof(Scheme_Object *) * s1); data/racket-7.8+dfsg1/src/racket/src/place.c:2982:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_msgs + s1, ch->msgs, sizeof(Scheme_Object *) * ch->in); data/racket-7.8+dfsg1/src/racket/src/place.c:2984:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_msg_memory, ch->msg_memory + ch->out, sizeof(void*) * s1); data/racket-7.8+dfsg1/src/racket/src/place.c:2985:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_msg_memory + s1, ch->msg_memory, sizeof(void*) * ch->in); data/racket-7.8+dfsg1/src/racket/src/place.c:2987:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_chains, ch->msg_chains + ch->out, sizeof(Scheme_Object *) * s1); data/racket-7.8+dfsg1/src/racket/src/place.c:2988:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_chains + s1, ch->msg_chains, sizeof(Scheme_Object *) * ch->in); data/racket-7.8+dfsg1/src/racket/src/port.c:1598:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *buf, _buf[16]; data/racket-7.8+dfsg1/src/racket/src/port.c:2220:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[MAX_UTF8_CHAR_BYTES]; data/racket-7.8+dfsg1/src/racket/src/port.c:2269:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1]; data/racket-7.8+dfsg1/src/racket/src/port.c:2277:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. return ((unsigned char *)s)[0]; data/racket-7.8+dfsg1/src/racket/src/port.c:2320:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1]; data/racket-7.8+dfsg1/src/racket/src/port.c:2332:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. return ((unsigned char *)s)[0]; data/racket-7.8+dfsg1/src/racket/src/port.c:2350:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[MAX_UTF8_CHAR_BYTES]; data/racket-7.8+dfsg1/src/racket/src/port.c:2561:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char e[MAX_UTF8_CHAR_BYTES]; data/racket-7.8+dfsg1/src/racket/src/port.c:3186:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *bstr, buf[64]; data/racket-7.8+dfsg1/src/racket/src/port.c:3198:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *bstr, buf[64]; data/racket-7.8+dfsg1/src/racket/src/port.c:3682:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/racket-7.8+dfsg1/src/racket/src/port.c:3784:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mode[4]; data/racket-7.8+dfsg1/src/racket/src/port.c:4155:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(is->string, old, is->u.hot); data/racket-7.8+dfsg1/src/racket/src/port.c:4887:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + offset, fip->buffer, bc); data/racket-7.8+dfsg1/src/racket/src/port.c:4926:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + offset, fip->buffer + fip->buffpos, bc); data/racket-7.8+dfsg1/src/racket/src/port.c:5369:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fop->buffer + fop->bufcount, str + d, len); data/racket-7.8+dfsg1/src/racket/src/port.c:5379:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fop->buffer, str + d, len); data/racket-7.8+dfsg1/src/racket/src/port.c:5419:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(fop->buffer + fop->bufcount, str + d, len); data/racket-7.8+dfsg1/src/racket/src/portfun.c:572:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + offset, is->string + delta, l); data/racket-7.8+dfsg1/src/racket/src/portfun.c:633:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(is->string, str, len); data/racket-7.8+dfsg1/src/racket/src/portfun.c:700:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(is->string, old, is->index); data/racket-7.8+dfsg1/src/racket/src/portfun.c:704:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(is->string + is->index, str + d, len); data/racket-7.8+dfsg1/src/racket/src/portfun.c:771:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ca, v XFORM_OK_PLUS startpos, len); data/racket-7.8+dfsg1/src/racket/src/portfun.c:777:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(v, is->string XFORM_OK_PLUS startpos, len); data/racket-7.8+dfsg1/src/racket/src/portfun.c:1060:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + offset, SCHEME_BYTE_STR_VAL(bstr), r); data/racket-7.8+dfsg1/src/racket/src/portfun.c:1174:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1]; data/racket-7.8+dfsg1/src/racket/src/portfun.c:1782:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + offset, pipe->buf + bs, n); data/racket-7.8+dfsg1/src/racket/src/portfun.c:1814:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + offset + c, pipe->buf + bs, n); data/racket-7.8+dfsg1/src/racket/src/portfun.c:1995:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pipe->buf, old + pipe->bufstart, pipe->bufend - pipe->bufstart); data/racket-7.8+dfsg1/src/racket/src/portfun.c:2001:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pipe->buf, old + pipe->bufstart, slen); data/racket-7.8+dfsg1/src/racket/src/portfun.c:2002:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pipe->buf + slen, old, pipe->bufend); data/racket-7.8+dfsg1/src/racket/src/portfun.c:2026:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pipe->buf + firstpos, str + d, firstn); data/racket-7.8+dfsg1/src/racket/src/portfun.c:2028:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pipe->buf, str + d + firstn, secondn); data/racket-7.8+dfsg1/src/racket/src/portfun.c:3122:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *buf, *oldbuf, onstack[32]; data/racket-7.8+dfsg1/src/racket/src/portfun.c:3167:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[1]; data/racket-7.8+dfsg1/src/racket/src/portfun.c:3178:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ch = ((unsigned char *)s)[0]; data/racket-7.8+dfsg1/src/racket/src/portfun.c:3215:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, oldbuf, oldsize); data/racket-7.8+dfsg1/src/racket/src/portfun.c:3232:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. us[j] = ((unsigned char *)buf)[j]; data/racket-7.8+dfsg1/src/racket/src/portfun.c:4067:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[1]; data/racket-7.8+dfsg1/src/racket/src/portfun.c:4099:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1]; data/racket-7.8+dfsg1/src/racket/src/portfun.c:4113:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[MAX_UTF8_CHAR_BYTES]; data/racket-7.8+dfsg1/src/racket/src/portfun.c:4144:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1]; data/racket-7.8+dfsg1/src/racket/src/portfun.c:4533:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char r[RKTIO_SHA256_DIGEST_SIZE]; /* bigger than RKTIO_SHA{1,224}_DIGEST_SIZE */ data/racket-7.8+dfsg1/src/racket/src/portfun.c:4553:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/racket-7.8+dfsg1/src/racket/src/print.c:25:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. SHARED_OK static char compacts[_CPT_COUNT_]; data/racket-7.8+dfsg1/src/racket/src/print.c:235:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pp2, pp, sizeof(PrintParams)); data/racket-7.8+dfsg1/src/racket/src/print.c:1218:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pp->print_buffer, oldstr, pp->print_position); data/racket-7.8+dfsg1/src/racket/src/print.c:1222:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pp->print_buffer + pp->print_position, str + offset, len); data/racket-7.8+dfsg1/src/racket/src/print.c:1272:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[4]; data/racket-7.8+dfsg1/src/racket/src/print.c:1284:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[2]; data/racket-7.8+dfsg1/src/racket/src/print.c:1294:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[1]; data/racket-7.8+dfsg1/src/racket/src/print.c:1303:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[2]; data/racket-7.8+dfsg1/src/racket/src/print.c:1683:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[40]; data/racket-7.8+dfsg1/src/racket/src/print.c:1763:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pp, pp2, sizeof(PrintParams)); data/racket-7.8+dfsg1/src/racket/src/print.c:1813:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(quick_buffer, "#%" PRIdPTR "=", (val - 3) >> 1); data/racket-7.8+dfsg1/src/racket/src/print.c:1817:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(quick_buffer, "#%" PRIdPTR "#", ((-val) - 3) >> 1); data/racket-7.8+dfsg1/src/racket/src/print.c:1854:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[1]; data/racket-7.8+dfsg1/src/racket/src/print.c:1974:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[1]; data/racket-7.8+dfsg1/src/racket/src/print.c:1987:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(quick_buffer, "%" PRIdPTR "", SCHEME_INT_VAL(obj)); data/racket-7.8+dfsg1/src/racket/src/print.c:2684:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(quick_buffer, data/racket-7.8+dfsg1/src/racket/src/print.c:2688:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(quick_buffer, ":%" PRIdPTR "", data/racket-7.8+dfsg1/src/racket/src/print.c:2765:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[1]; data/racket-7.8+dfsg1/src/racket/src/print.c:2789:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[1]; data/racket-7.8+dfsg1/src/racket/src/print.c:2804:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[1]; data/racket-7.8+dfsg1/src/racket/src/print.c:2817:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[1]; data/racket-7.8+dfsg1/src/racket/src/print.c:3088:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[1]; data/racket-7.8+dfsg1/src/racket/src/print.c:3280:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[8]; data/racket-7.8+dfsg1/src/racket/src/print.c:3282:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%d", SCHEME_TYPE(obj)); data/racket-7.8+dfsg1/src/racket/src/print.c:3305:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char minibuf[12], *esc; data/racket-7.8+dfsg1/src/racket/src/print.c:3312:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. v = ((unsigned char *)str)[i]; data/racket-7.8+dfsg1/src/racket/src/print.c:3358:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(minibuf, "\\U%.8X", ustr[ui+delta]); data/racket-7.8+dfsg1/src/racket/src/print.c:3360:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(minibuf, "\\u%.4X", ustr[ui+delta]); data/racket-7.8+dfsg1/src/racket/src/print.c:3381:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char minibuf[8], *esc; data/racket-7.8+dfsg1/src/racket/src/print.c:3389:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. switch (((unsigned char *)str)[i]) { data/racket-7.8+dfsg1/src/racket/src/print.c:3401:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. v = ((unsigned char *)str)[i]; data/racket-7.8+dfsg1/src/racket/src/print.c:3416:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *)str)[i]); data/racket-7.8+dfsg1/src/racket/src/print.c:3525:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s[1]; data/racket-7.8+dfsg1/src/racket/src/print.c:3665:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. #define F_D sprintf(buffer, "#%d(", size) data/racket-7.8+dfsg1/src/racket/src/print.c:3674:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. #define DEFINEEXTRA int used_buffer = 0; char buffer[100]; data/racket-7.8+dfsg1/src/racket/src/print.c:3685:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. #define F_D sprintf(buffer, "#fl%d(", size) data/racket-7.8+dfsg1/src/racket/src/print.c:3705:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. #define F_D sprintf(buffer, "#fx%d(", size) data/racket-7.8+dfsg1/src/racket/src/print.c:3717:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char minibuf[10+MAX_UTF8_CHAR_BYTES], *str; data/racket-7.8+dfsg1/src/racket/src/print.c:3761:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(minibuf, "#\\U%.8X", ch); data/racket-7.8+dfsg1/src/racket/src/print.c:3763:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(minibuf, "#\\u%.4X", ch); data/racket-7.8+dfsg1/src/racket/src/print.c:3808:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, printers, sizeof(Scheme_Type_Printer) * printers_count); data/racket-7.8+dfsg1/src/racket/src/print.c:4099:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(orig_pp, pp, sizeof(PrintParams)); data/racket-7.8+dfsg1/src/racket/src/read.c:44:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. SHARED_OK static unsigned char delim[128]; data/racket-7.8+dfsg1/src/racket/src/read.c:45:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. SHARED_OK static unsigned char cpt_branch[256]; data/racket-7.8+dfsg1/src/racket/src/read.c:451:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(params2, params, sizeof(ReadParams)); data/racket-7.8+dfsg1/src/racket/src/read.c:814:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str_part, str, scanpos * sizeof(mzchar)); data/racket-7.8+dfsg1/src/racket/src/read.c:1510:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char initial[9]; data/racket-7.8+dfsg1/src/racket/src/read.c:1648:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, oldbuf, oldsize * sizeof(mzchar)); data/racket-7.8+dfsg1/src/racket/src/read.c:1662:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *)s)[j] = buf[j]; data/racket-7.8+dfsg1/src/racket/src/read.c:1794:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, oldbuf, oldsize * sizeof(mzchar)); data/racket-7.8+dfsg1/src/racket/src/read.c:1906:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str_part, str XFORM_OK_PLUS 1, (scanpos - 1) * sizeof(mzchar)); data/racket-7.8+dfsg1/src/racket/src/read.c:1935:82: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. for (i = 0; s[i] && (scheme_tolower(s[i]) == scheme_tolower((mzchar)((unsigned char *)t)[i])); i++) { data/racket-7.8+dfsg1/src/racket/src/read.c:2024:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, oldbuf, oldsize * sizeof(mzchar)); data/racket-7.8+dfsg1/src/racket/src/read.c:2388:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, port->start + port->pos, l); data/racket-7.8+dfsg1/src/racket/src/read.c:2469:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[ESC_BLK_BUF_SIZE]; data/racket-7.8+dfsg1/src/racket/src/read.c:2562:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *s, buffer[BLK_BUF_SIZE]; data/racket-7.8+dfsg1/src/racket/src/read.c:3740:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cache, rp->start, shared_size); data/racket-7.8+dfsg1/src/racket/src/regexp.c:371:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(map, s XFORM_OK_PLUS pos, 32); data/racket-7.8+dfsg1/src/racket/src/regexp.c:1682:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10]; data/racket-7.8+dfsg1/src/racket/src/regexp.c:2457:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, rw->rewind_stack, rw->rewind_stack_size * sizeof(rxpos)); data/racket-7.8+dfsg1/src/racket/src/regexp.c:2642:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1]; data/racket-7.8+dfsg1/src/racket/src/regexp.c:2974:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, ls->s, ls->blen); data/racket-7.8+dfsg1/src/racket/src/regexp.c:3023:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, rw->instr, rw->input_end); data/racket-7.8+dfsg1/src/racket/src/regexp.c:3201:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rw2, rw, sizeof(Regwork)); data/racket-7.8+dfsg1/src/racket/src/regexp.c:3211:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rw, rw2, sizeof(Regwork)); data/racket-7.8+dfsg1/src/racket/src/regexp.c:3785:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[MAX_UTF8_CHAR_BYTES]; data/racket-7.8+dfsg1/src/racket/src/regexp.c:4240:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, old, destlen); data/racket-7.8+dfsg1/src/racket/src/regexp.c:4251:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, old, destlen); data/racket-7.8+dfsg1/src/racket/src/regexp.c:4254:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest + destlen, insrc + startp[no], len); data/racket-7.8+dfsg1/src/racket/src/regexp.c:4256:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest + destlen, prefix + prefix_offset + (startp[no] - minpos), len); data/racket-7.8+dfsg1/src/racket/src/regexp.c:4314:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nr, r, j); data/racket-7.8+dfsg1/src/racket/src/regexp.c:4452:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r + j, any_str, any_len); data/racket-7.8+dfsg1/src/racket/src/regexp.c:4473:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char lo[6], hi[6]; data/racket-7.8+dfsg1/src/racket/src/regexp.c:5019:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char s2[MAX_UTF8_CHAR_BYTES]; data/racket-7.8+dfsg1/src/racket/src/regexp.c:5160:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cp, s, slen + 1); data/racket-7.8+dfsg1/src/racket/src/regexp.c:5533:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(SCHEME_BYTE_STR_VAL(last_bytes_str) XFORM_OK_PLUS tooffset, data/racket-7.8+dfsg1/src/racket/src/regexp.c:5540:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(SCHEME_BYTE_STR_VAL(last_bytes_str) XFORM_OK_PLUS tooffset, data/racket-7.8+dfsg1/src/racket/src/regexp.c:5562:59: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. uspd = scheme_utf8_decode((const unsigned char *)full_s, offset, startp[i], data/racket-7.8+dfsg1/src/racket/src/regexp.c:5576:59: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. uepd = scheme_utf8_decode((const unsigned char *)full_s, startp[i], endp[i], data/racket-7.8+dfsg1/src/racket/src/regexp.c:5735:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(m, n, l); data/racket-7.8+dfsg1/src/racket/src/regexp.c:5736:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(m XFORM_OK_PLUS l, " (calling given filter procedure)"); data/racket-7.8+dfsg1/src/racket/src/regexp.c:5856:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(prefix, source, amt); data/racket-7.8+dfsg1/src/racket/src/regexp.c:5954:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, source + srcoffset, startpd - srcoffset); data/racket-7.8+dfsg1/src/racket/src/regexp.c:5955:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + (startpd - srcoffset), insert, len); data/racket-7.8+dfsg1/src/racket/src/regexp.c:5956:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + (startpd - srcoffset) + len, source + endpd, (end - endpd) + 1); data/racket-7.8+dfsg1/src/racket/src/regexp.c:5979:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, prefix, prefix_len); data/racket-7.8+dfsg1/src/racket/src/regexp.c:5980:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya + prefix_len, source + srcoffset, startpd - srcoffset); data/racket-7.8+dfsg1/src/racket/src/regexp.c:5981:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya + prefix_len + (startpd - srcoffset), insert, len); data/racket-7.8+dfsg1/src/racket/src/regexp.c:5983:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya + prefix_len + (endpd - srcoffset) + len, source + startpd, more); data/racket-7.8+dfsg1/src/racket/src/regexp.c:6005:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, prefix, prefix_len); data/racket-7.8+dfsg1/src/racket/src/regexp.c:6006:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + prefix_len, source + srcoffset, slen); data/racket-7.8+dfsg1/src/racket/src/resolve.c:250:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((char *)app XFORM_OK_PLUS devals)[i] = et; data/racket-7.8+dfsg1/src/racket/src/resolve.c:2264:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/racket-7.8+dfsg1/src/racket/src/resolve.c:2268:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "?lifted.%d", search_start); data/racket-7.8+dfsg1/src/racket/src/resolve.c:2546:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((int *)tl_map + 1, data/racket-7.8+dfsg1/src/racket/src/resolve.c:2927:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vars, ui->vars, sizeof(Scheme_IR_Local *) * pos); data/racket-7.8+dfsg1/src/racket/src/resolve.c:4209:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_linklet, linklet, sizeof(Scheme_Linklet)); data/racket-7.8+dfsg1/src/racket/src/salloc.c:272:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vers[128]; data/racket-7.8+dfsg1/src/racket/src/salloc.c:577:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, str, len); data/racket-7.8+dfsg1/src/racket/src/salloc.c:590:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, str, len); data/racket-7.8+dfsg1/src/racket/src/salloc.c:603:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, str, len); data/racket-7.8+dfsg1/src/racket/src/salloc.c:1038:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/zero", O_RDWR); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2262:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(b2, traced_buffer, sizeof(void*)*traced_buffer_size); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2284:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char struct_name_to_match[64]; data/racket-7.8+dfsg1/src/racket/src/salloc.c:2372:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/racket-7.8+dfsg1/src/racket/src/salloc.c:2373:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *type, *sep, diffstr[30], hashstr[30]; data/racket-7.8+dfsg1/src/racket/src/salloc.c:2383:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(hashstr, "{%" PRIdPTR "}", scheme_hash_key(v)); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2404:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t2, type, len); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2405:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t2 + len, buffer, len2 + 1); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2424:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t2, type, len); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2425:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t2 + len, buffer, len2 + 1); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2432:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "[%d]", data/racket-7.8+dfsg1/src/racket/src/salloc.c:2437:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t2, type, len); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2438:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t2 + len, buffer, len2 + 1); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2453:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t2, type, len); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2455:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t2 + len + 1, "#f", len2); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2457:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t2 + len + 1, SCHEME_SYM_VAL(bsym), len2); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2479:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "[%c:%d:%d]", htype, count, size); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2483:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t2, type, len); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2484:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t2 + len, buffer, len2 + 1); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2495:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t3, type, len); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2499:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t3 + len + 3, t2, len2); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2534:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t3, type, len); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2536:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t3 + len + 1, t2, len2); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2546:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(diffstr, "%lx", diff); data/racket-7.8+dfsg1/src/racket/src/salloc.c:3182:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (!scheme_lookup_in_table(ht, (const char *)o[i])) { data/racket-7.8+dfsg1/src/racket/src/schexn.h:100:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *MZEXN_FIELDS[2] = { "message", "continuation-marks" }; data/racket-7.8+dfsg1/src/racket/src/schexn.h:101:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *MZEXN_FAIL_CONTRACT_VARIABLE_FIELDS[1] = { "id" }; data/racket-7.8+dfsg1/src/racket/src/schexn.h:102:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *MZEXN_FAIL_READ_FIELDS[1] = { "srclocs" }; data/racket-7.8+dfsg1/src/racket/src/schexn.h:103:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *MZEXN_FAIL_FILESYSTEM_ERRNO_FIELDS[1] = { "errno" }; data/racket-7.8+dfsg1/src/racket/src/schexn.h:104:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *MZEXN_FAIL_NETWORK_ERRNO_FIELDS[1] = { "errno" }; data/racket-7.8+dfsg1/src/racket/src/schexn.h:105:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *MZEXN_BREAK_FIELDS[1] = { "continuation" }; data/racket-7.8+dfsg1/src/racket/src/schrx.h:25:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char program[1]; /* Unwarranted chumminess with compiler. */ data/racket-7.8+dfsg1/src/racket/src/schrx.h:134:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. # define OPLEN(o, regstr) ((int)(((unsigned char *)regstr)[o] << 8) | (((unsigned char *)regstr)[o+1])) data/racket-7.8+dfsg1/src/racket/src/schrx.h:134:83: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. # define OPLEN(o, regstr) ((int)(((unsigned char *)regstr)[o] << 8) | (((unsigned char *)regstr)[o+1])) data/racket-7.8+dfsg1/src/racket/src/schrx.h:135:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. # define OPRNGS(o, regstr) ((int)(((unsigned char *)regstr)[o])) data/racket-7.8+dfsg1/src/racket/src/schrx.h:170:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. #define NEXT(p, regstr) (((((unsigned char *)regstr)[(p)+1]&255)<<8) + (((unsigned char *)regstr)[(p)+2]&255)) data/racket-7.8+dfsg1/src/racket/src/schrx.h:170:84: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. #define NEXT(p, regstr) (((((unsigned char *)regstr)[(p)+1]&255)<<8) + (((unsigned char *)regstr)[(p)+2]&255)) data/racket-7.8+dfsg1/src/racket/src/setjmpup.c:298:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(get_copy(b->stack_copy), data/racket-7.8+dfsg1/src/racket/src/setjmpup.c:332:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cto, cfrom, size); data/racket-7.8+dfsg1/src/racket/src/setjmpup.c:580:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, jmp, sizeof(Scheme_Overflow_Jmp)); data/racket-7.8+dfsg1/src/racket/src/setjmpup.c:592:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(get_copy(copy), data/racket-7.8+dfsg1/src/racket/src/sort.c:60:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. return (((unsigned char *)SCHEME_SYM_VAL(a))[i] - ((unsigned char *)SCHEME_SYM_VAL(b))[i]); data/racket-7.8+dfsg1/src/racket/src/sort.c:60:68: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. return (((unsigned char *)SCHEME_SYM_VAL(a))[i] - ((unsigned char *)SCHEME_SYM_VAL(b))[i]); data/racket-7.8+dfsg1/src/racket/src/string.c:1291:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. s = (unsigned char *)SCHEME_BYTE_STR_VAL(argv[0]); data/racket-7.8+dfsg1/src/racket/src/string.c:1716:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[64]; data/racket-7.8+dfsg1/src/racket/src/string.c:1717:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "tag `~%c' not allowed", format[i]); data/racket-7.8+dfsg1/src/racket/src/string.c:2398:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[1024]; data/racket-7.8+dfsg1/src/racket/src/string.c:2792:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, out + od, *oolen); data/racket-7.8+dfsg1/src/racket/src/string.c:2928:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bc[1]; data/racket-7.8+dfsg1/src/racket/src/string.c:3006:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out XFORM_OK_PLUS od, s, len+1); data/racket-7.8+dfsg1/src/racket/src/string.c:3010:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2, s, len+1); data/racket-7.8+dfsg1/src/racket/src/string.c:3022:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *c1, *c2, buf1[MZ_SC_BUF_SIZE], buf2[MZ_SC_BUF_SIZE]; data/racket-7.8+dfsg1/src/racket/src/string.c:3023:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char case_buf1[MZ_SC_BUF_SIZE], case_buf2[MZ_SC_BUF_SIZE]; data/racket-7.8+dfsg1/src/racket/src/string.c:3240:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *c, buf[MZ_SC_BUF_SIZE], case_buf[MZ_SC_BUF_SIZE]; data/racket-7.8+dfsg1/src/racket/src/string.c:3306:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2, s, sizeof(rktio_char16_t) * (ol+1)); data/racket-7.8+dfsg1/src/racket/src/string.c:3428:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *n, buf[32]; data/racket-7.8+dfsg1/src/racket/src/string.c:3794:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2, s, len * sizeof(mzchar)); data/racket-7.8+dfsg1/src/racket/src/string.c:3861:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, s2, (j + 1) * sizeof(mzchar)); data/racket-7.8+dfsg1/src/racket/src/string.c:4508:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(c2, instr XFORM_OK_PLUS istart, ifinish - istart); data/racket-7.8+dfsg1/src/racket/src/string.c:4967:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((char *)us) + j, s + oki, delta + 1); data/racket-7.8+dfsg1/src/racket/src/string.c:4974:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *)us)[j] = 0xEF; data/racket-7.8+dfsg1/src/racket/src/string.c:4975:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *)us)[j+1] = 0xBF; data/racket-7.8+dfsg1/src/racket/src/string.c:4976:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *)us)[j+2] = 0xBD; data/racket-7.8+dfsg1/src/racket/src/string.c:4982:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *)us)[j] = v; data/racket-7.8+dfsg1/src/racket/src/string.c:5028:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *)us)[j] = permissive; data/racket-7.8+dfsg1/src/racket/src/string.c:5568:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buff, "<unknown machine>"); data/racket-7.8+dfsg1/src/racket/src/string.c:5575:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. while (c && portable_isspace(((unsigned char *)buff)[c - 1])) { data/racket-7.8+dfsg1/src/racket/src/string.c:5586:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buff, "<unknown machine>"); data/racket-7.8+dfsg1/src/racket/src/struct.c:229:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. READ_ONLY static const char *arity_fields[1] = { "value" }; data/racket-7.8+dfsg1/src/racket/src/struct.c:230:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. READ_ONLY static const char *date_fields[10] = { "second", "minute", "hour", data/racket-7.8+dfsg1/src/racket/src/struct.c:233:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. READ_ONLY static const char *date_star_fields[2] = { "nanosecond", "time-zone-name" }; data/racket-7.8+dfsg1/src/racket/src/struct.c:234:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. READ_ONLY static const char *location_fields[10] = { "source", "line", "column", "position", "span" }; data/racket-7.8+dfsg1/src/racket/src/struct.c:1251:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, SCHEME_SYM_VAL(argv[0]), len); data/racket-7.8+dfsg1/src/racket/src/struct.c:1260:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, SCHEME_SYM_VAL(argv[0]), len); data/racket-7.8+dfsg1/src/racket/src/struct.c:1261:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name + len, "-accessor", 10); data/racket-7.8+dfsg1/src/racket/src/struct.c:1444:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. return (char *)SCHEME_PRIM_CLOSURE_ELS(prim)[2]; data/racket-7.8+dfsg1/src/racket/src/struct.c:2289:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(guard_argv, args, sizeof(Scheme_Object *) * argc); data/racket-7.8+dfsg1/src/racket/src/struct.c:2324:15: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(guard_argv, scheme_multiple_array, gcount * sizeof(Scheme_Object *)); data/racket-7.8+dfsg1/src/racket/src/struct.c:2467:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(inst, s, sz); data/racket-7.8+dfsg1/src/racket/src/struct.c:3127:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s, "struct:"); data/racket-7.8+dfsg1/src/racket/src/struct.c:3128:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + 7, tn + 1, l); data/racket-7.8+dfsg1/src/racket/src/struct.c:3559:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char digitbuf[20]; data/racket-7.8+dfsg1/src/racket/src/struct.c:3591:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(digitbuf, "field%d", (int)SCHEME_INT_VAL(argv[1])); data/racket-7.8+dfsg1/src/racket/src/struct.c:3693:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(guard_argv, argv, sizeof(Scheme_Object *) * argc); data/racket-7.8+dfsg1/src/racket/src/struct.c:4200:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ? (char *)names[pos] data/racket-7.8+dfsg1/src/racket/src/struct.c:4211:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ? (char *)names[pos] data/racket-7.8+dfsg1/src/racket/src/struct.c:4232:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ? (char *)names[pos] data/racket-7.8+dfsg1/src/racket/src/struct.c:4244:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ? (char *)names[pos] data/racket-7.8+dfsg1/src/racket/src/struct.c:4259:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ? (char *)names[pos] data/racket-7.8+dfsg1/src/racket/src/struct.c:4270:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ? (char *) names[pos] data/racket-7.8+dfsg1/src/racket/src/struct.c:4538:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *name, buffer[256]; data/racket-7.8+dfsg1/src/racket/src/struct.c:4561:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, pre, lp); data/racket-7.8+dfsg1/src/racket/src/struct.c:4564:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name + total, (ltn < 0) ? SCHEME_SYM_VAL((Scheme_Object *)tn) : tn, xltn); data/racket-7.8+dfsg1/src/racket/src/struct.c:4566:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name + total, post1, lp1); data/racket-7.8+dfsg1/src/racket/src/struct.c:4569:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name + total, (lfn < 0) ? SCHEME_SYM_VAL((Scheme_Object *)fn) : fn, xlfn); data/racket-7.8+dfsg1/src/racket/src/struct.c:4571:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name + total, post2, lp2); data/racket-7.8+dfsg1/src/racket/src/struct.c:4966:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pa, struct_type->props, sizeof(Scheme_Object *) * i); data/racket-7.8+dfsg1/src/racket/src/struct.c:5511:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a2, immutable_array, sz); data/racket-7.8+dfsg1/src/racket/src/struct.c:5862:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(args, argv, sizeof(Scheme_Object *) * 10); data/racket-7.8+dfsg1/src/racket/src/struct.c:5881:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(args, argv, sizeof(Scheme_Object *) * 12); data/racket-7.8+dfsg1/src/racket/src/struct.c:6131:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/racket-7.8+dfsg1/src/racket/src/struct.c:6132:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "(or/c (procedure-arity-includes/c %d) #f)", arity); data/racket-7.8+dfsg1/src/racket/src/struct.c:6418:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(SCHEME_VEC_ELS(props), SCHEME_VEC_ELS(old_props), sizeof(Scheme_Object *)*SCHEME_VEC_SIZE(old_props)); data/racket-7.8+dfsg1/src/racket/src/symbol.c:397:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sym->s, name, len); data/racket-7.8+dfsg1/src/racket/src/symbol.c:420:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64], *bs; data/racket-7.8+dfsg1/src/racket/src/symbol.c:519:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64], *bs; data/racket-7.8+dfsg1/src/racket/src/symbol.c:537:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64], *bs; data/racket-7.8+dfsg1/src/racket/src/symbol.c:558:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char on_stack[MAX_SYMBOL_SIZE]; data/racket-7.8+dfsg1/src/racket/src/symbol.c:567:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int c = ((unsigned char *)name)[i]; data/racket-7.8+dfsg1/src/racket/src/symbol.c:588:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/racket-7.8+dfsg1/src/racket/src/symbol.c:601:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, SCHEME_SYM_VAL(sym), len + 1); data/racket-7.8+dfsg1/src/racket/src/symbol.c:619:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int ch = ((unsigned char *)s)[0]; data/racket-7.8+dfsg1/src/racket/src/symbol.c:634:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int ch = ((unsigned char *)s)[i]; data/racket-7.8+dfsg1/src/racket/src/symbol.c:692:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + 1, s, len); data/racket-7.8+dfsg1/src/racket/src/symbol.c:706:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + 1, s, len); data/racket-7.8+dfsg1/src/racket/src/symbol.c:753:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, SCHEME_SYM_VAL(sym), SCHEME_SYM_LEN(sym) + 1); data/racket-7.8+dfsg1/src/racket/src/symbol.c:806:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64], *bs; data/racket-7.8+dfsg1/src/racket/src/symbol.c:963:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. return scheme_make_sized_offset_utf8_string((char *)(argv[0]), data/racket-7.8+dfsg1/src/racket/src/symbol.c:978:47: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. str = scheme_make_sized_offset_utf8_string((char *)(argv[0]), data/racket-7.8+dfsg1/src/racket/src/symbol.c:989:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[100], *str; data/racket-7.8+dfsg1/src/racket/src/symbol.c:1001:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/racket-7.8+dfsg1/src/racket/src/symbol.c:1008:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%.80s%d", str, gensym_counter++); data/racket-7.8+dfsg1/src/racket/src/symbol.c:1011:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "g%d", gensym_counter++); data/racket-7.8+dfsg1/src/racket/src/symbol.c:1029:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, SCHEME_SYM_VAL(s1), SCHEME_SYM_LEN(s1)); data/racket-7.8+dfsg1/src/racket/src/symbol.c:1030:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + SCHEME_SYM_LEN(s1), SCHEME_SYM_VAL(s2), SCHEME_SYM_LEN(s2) + 1); data/racket-7.8+dfsg1/src/racket/src/thread.c:1863:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cbs, cust_boxes, cust_box_count * sizeof(Scheme_Custodian_Box *)); data/racket-7.8+dfsg1/src/racket/src/thread.c:1934:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cbs, cust_boxes, cust_box_count * sizeof(Scheme_Custodian_Box *)); data/racket-7.8+dfsg1/src/racket/src/thread.c:2850:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key2, key, len + 1); data/racket-7.8+dfsg1/src/racket/src/thread.c:6339:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nevts, (*evt_array), (*evt_size) * sizeof(Evt*)); data/racket-7.8+dfsg1/src/racket/src/thread.c:6467:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r, a, i * sizeof(void*)); data/racket-7.8+dfsg1/src/racket/src/thread.c:6469:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r + i, b, bl * sizeof(void*)); data/racket-7.8+dfsg1/src/racket/src/thread.c:6476:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r + (i + bl), a + (i + 1), (al - i - 1) * sizeof(void*)); data/racket-7.8+dfsg1/src/racket/src/thread.c:6591:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, syncing->reposts, i); data/racket-7.8+dfsg1/src/racket/src/thread.c:6592:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + i + wts->argc, syncing->reposts + i + 1, evt_set->argc - i - 1); data/racket-7.8+dfsg1/src/racket/src/thread.c:6604:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, syncing->accepts, i * sizeof(Scheme_Accept_Sync)); data/racket-7.8+dfsg1/src/racket/src/thread.c:6605:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + i + wts->argc, syncing->accepts + i + 1, (evt_set->argc - i - 1) * sizeof(Scheme_Accept_Sync)); data/racket-7.8+dfsg1/src/racket/src/thread.c:7782:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(npz, pz, sizeof(Scheme_Parameterization)); data/racket-7.8+dfsg1/src/racket/src/thread.c:7832:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(argv2, argv, argc * sizeof(Scheme_Object *)); data/racket-7.8+dfsg1/src/racket/src/thread.c:9401:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128], nums[128]; data/racket-7.8+dfsg1/src/racket/src/thread.c:9471:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256], nums[128]; data/racket-7.8+dfsg1/src/racket/src/thread.c:9546:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256], nums[128], *num, *numc, *numt, *num2, *numa; data/racket-7.8+dfsg1/src/racket/src/type.c:337:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, type_names, maxtype * sizeof(char *)); data/racket-7.8+dfsg1/src/racket/src/type.c:344:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, scheme_type_equals, maxtype * sizeof(Scheme_Equal_Proc)); data/racket-7.8+dfsg1/src/racket/src/type.c:350:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, scheme_type_hash1s, maxtype * sizeof(Scheme_Primary_Hash_Proc)); data/racket-7.8+dfsg1/src/racket/src/type.c:356:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, scheme_type_hash2s, maxtype * sizeof(Scheme_Secondary_Hash_Proc)); data/racket-7.8+dfsg1/src/racket/src/type.c:370:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tn, name, len); data/racket-7.8+dfsg1/src/racket/src/type.c:761:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str, shape_str, len * sizeof(intptr_t)); data/racket-7.8+dfsg1/src/racket/src/type.c:771:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, shape_strs, sizeof(intptr_t *) * shape_str_array_size); data/racket-7.8+dfsg1/src/racket/src/unwind/libunwind.c:997:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pi->unwind_info, &dci, sizeof (dci)); data/racket-7.8+dfsg1/src/racket/src/unwind/libunwind.c:1233:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&sr->rs_current.reg, &rs_stack->reg, sizeof (rs_stack->reg)); data/racket-7.8+dfsg1/src/racket/src/unwind/libunwind.c:1839:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rs, rs1, offsetof(struct dwarf_reg_state, ip)); data/racket-7.8+dfsg1/src/racket/src/unwind/libunwind.c:1977:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen (file, "r"); data/racket-7.8+dfsg1/src/racket/src/unwind/libunwind.c:2079:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (name, mi.path, len + 1); data/racket-7.8+dfsg1/src/racket/src/unwind/libunwind.c:2102:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[PATH_MAX]; data/racket-7.8+dfsg1/src/racket/src/unwind/libunwind.c:2562:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(n, cb_data->starts, sizeof(unw_word_t) * cb_data->size); data/racket-7.8+dfsg1/src/racket/src/unwind/libunwind.c:2568:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(n, cb_data->ends, sizeof(unw_word_t) * cb_data->size); data/racket-7.8+dfsg1/src/racket/src/unwind/libunwind.c:2626:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&safe_addrs, &cb_data, sizeof(cb_data)); data/racket-7.8+dfsg1/src/racket/src/unwind/libunwind.c:3337:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char safe_space[8]; data/racket-7.8+dfsg1/src/racket/src/unwind/os-linux.h:68:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[sizeof ("/proc/0123456789/maps")], *cp; data/racket-7.8+dfsg1/src/racket/src/unwind/os-linux.h:70:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (path, "/proc/", 6); data/racket-7.8+dfsg1/src/racket/src/unwind/os-linux.h:73:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cp, "/maps", 6); data/racket-7.8+dfsg1/src/racket/src/unwind/os-linux.h:75:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). mi->fd = open (path, O_RDONLY); data/racket-7.8+dfsg1/src/racket/src/unwind/os-linux.h:206:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char perm[16], dash = 0, colon = 0, *cp; data/racket-7.8+dfsg1/src/racket/src/validate.c:79:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, vc->stack, vc->stacksize * sizeof(int)); data/racket-7.8+dfsg1/src/racket/src/validate.c:95:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, vc->ncstack, vc->ncstacksize * sizeof(int)); data/racket-7.8+dfsg1/src/racket/src/validate.c:756:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, a, (a[0] + 1) * sizeof(mzshort)); data/racket-7.8+dfsg1/src/rktio/demo.c:172:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/racket-7.8+dfsg1/src/rktio/demo.c:210:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/racket-7.8+dfsg1/src/rktio/demo.c:339:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/racket-7.8+dfsg1/src/rktio/demo.c:604:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[32], converted[32]; data/racket-7.8+dfsg1/src/rktio/demo.c:945:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[1] = { "/bin/cat" }; data/racket-7.8+dfsg1/src/rktio/demo.c:948:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[3] = { "c:\\windows\\system32\\bash.exe", "-c", "cat" }; data/racket-7.8+dfsg1/src/rktio/demo.c:1026:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1]; data/racket-7.8+dfsg1/src/rktio/demo.c:1042:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[2] = { "/usr/bin/printenv", "RKTIO_EXAMPLE" }; data/racket-7.8+dfsg1/src/rktio/demo.c:1047:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[2] = { "c:\\windows\\system32\\cmd.exe", "/c echo %RKTIO_EXAMPLE%" }; data/racket-7.8+dfsg1/src/rktio/demo.c:1075:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[32]; data/racket-7.8+dfsg1/src/rktio/rktio.h:1207:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[64]; data/racket-7.8+dfsg1/src/rktio/rktio.h:1226:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[64]; data/racket-7.8+dfsg1/src/rktio/rktio_convert.c:171:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, dlldir, len1 * sizeof(wchar_t)); data/racket-7.8+dfsg1/src/rktio/rktio_convert.c:175:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p + len1, s, (len2 + 1) * sizeof(wchar_t)); data/racket-7.8+dfsg1/src/rktio/rktio_convert.c:298:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(enc, "CP", j); data/racket-7.8+dfsg1/src/rktio/rktio_convert.c:384:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, lang, llen * sizeof(wchar_t)); data/racket-7.8+dfsg1/src/rktio/rktio_convert.c:385:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + 1 + llen, country, clen * sizeof(wchar_t)); data/racket-7.8+dfsg1/src/rktio/rktio_convert.c:536:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out, in, iilen); data/racket-7.8+dfsg1/src/rktio/rktio_convert.c:553:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t *wc, *ws, wcbuf[RKTIO_WC_BUF_SIZE], cwc; data/racket-7.8+dfsg1/src/rktio/rktio_convert.c:658:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result, s1, l1 * sizeof(rktio_char16_t)); data/racket-7.8+dfsg1/src/rktio/rktio_envvars.c:102:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp + 1, val, len + 1); data/racket-7.8+dfsg1/src/rktio/rktio_envvars.c:288:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_names, envvars->names, sizeof(char*) * envvars->count); data/racket-7.8+dfsg1/src/rktio/rktio_envvars.c:289:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_vals, envvars->vals, sizeof(char*) * envvars->count); data/racket-7.8+dfsg1/src/rktio/rktio_envvars.c:381:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, envvars->names[i], slen); data/racket-7.8+dfsg1/src/rktio/rktio_envvars.c:385:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, envvars->vals[i], slen); data/racket-7.8+dfsg1/src/rktio/rktio_envvars.c:417:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r + len, s, slen * sizeof(wchar_t)); data/racket-7.8+dfsg1/src/rktio/rktio_envvars.c:423:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r + len, s, slen * sizeof(wchar_t)); data/racket-7.8+dfsg1/src/rktio/rktio_error.c:147:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t mbuf[256]; data/racket-7.8+dfsg1/src/rktio/rktio_fd.c:30:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1]; data/racket-7.8+dfsg1/src/rktio/rktio_fd.c:50:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char leftover[6]; data/racket-7.8+dfsg1/src/rktio/rktio_fd.c:547:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[1]; data/racket-7.8+dfsg1/src/rktio/rktio_fd.c:1016:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer, rfd->buffer + rfd->th->offset, bc); data/racket-7.8+dfsg1/src/rktio/rktio_fd.c:1201:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t w_buffer[CONSOLE_BUFFER_IN_SIZE]; data/racket-7.8+dfsg1/src/rktio/rktio_fd.c:1471:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rfd->leftover + keep_leftover, buffer + max_winwrote - can_leftover, can_leftover); data/racket-7.8+dfsg1/src/rktio/rktio_fd.c:1686:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(oth->buffer + oth->buflen, buffer, winwrote); data/racket-7.8+dfsg1/src/rktio/rktio_fd.c:1777:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int v = ((unsigned char *)leftover)[0]; data/racket-7.8+dfsg1/src/rktio/rktio_fd.c:1789:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int v = ((unsigned char *)buffer)[i]; data/racket-7.8+dfsg1/src/rktio/rktio_fd.c:1841:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(src_buffer, leftover, leftover_len); data/racket-7.8+dfsg1/src/rktio/rktio_fd.c:1842:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(src_buffer + leftover_len, buffer, i); data/racket-7.8+dfsg1/src/rktio/rktio_fd.c:1850:13: [2] (buffer) MultiByteToWideChar: Requires maximum length in CHARACTERS, not bytes (CWE-120). count = MultiByteToWideChar(CP_UTF8, 0, src_buffer, i, dest_buffer, count); data/racket-7.8+dfsg1/src/rktio/rktio_file.c:38:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_RDONLY | RKTIO_NONBLOCKING | RKTIO_BINARY); data/racket-7.8+dfsg1/src/rktio/rktio_file.c:133:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, flags | RKTIO_NONBLOCKING | RKTIO_BINARY, 0666); data/racket-7.8+dfsg1/src/rktio/rktio_file.c:145:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, flags | RKTIO_NONBLOCKING | RKTIO_BINARY, 0666); data/racket-7.8+dfsg1/src/rktio/rktio_file.c:503:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(data->filename, data->flags, 0666); data/racket-7.8+dfsg1/src/rktio/rktio_file.c:602:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data->handles, old, data->num_handles * sizeof(rktio_signal_handle_t*)); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:265:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lk, (char *)rp->u.SymbolicLinkReparseBuffer.PathBuffer + off, len); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:267:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lk, (char *)rp->u.MountPointReparseBuffer.PathBuffer + off, len); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:331:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy, dirname, len+1); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:487:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(filename, O_RDONLY); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1399:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pattern + d, filename + nd, len - nd); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1403:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pattern + len, "*.*", 4); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1428:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dl->info, &info, sizeof(info)); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1650:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1719:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char drives[DRIVE_BUF_SIZE], *s; data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1743:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ss, new_ss, ss_count * sizeof(char*)); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1781:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user[256], *home = NULL, *naya; data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1835:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, home, len); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1837:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya + len + 1, filename + f + 1, flen); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1858:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, a, alen); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1861:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s+alen+sep_len, b, blen); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:2059:2: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t name[1024]; data/racket-7.8+dfsg1/src/rktio/rktio_fs_change.c:96:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(path, RKTIO_BINARY, 0666); data/racket-7.8+dfsg1/src/rktio/rktio_fs_change.c:460:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_wds, s->wds, s->size * sizeof(rin_wd_t)); data/racket-7.8+dfsg1/src/rktio/rktio_network.c:72:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sin_zero[8]; data/racket-7.8+dfsg1/src/rktio/rktio_network.c:255:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sa->sin_addr, h->h_addr_list[0], h->h_length); data/racket-7.8+dfsg1/src/rktio/rktio_network.c:706:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32], *service; data/racket-7.8+dfsg1/src/rktio/rktio_network.c:711:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", portno); data/racket-7.8+dfsg1/src/rktio/rktio_network.c:1506:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char here[RKTIO_SOCK_NAME_MAX_LEN]; data/racket-7.8+dfsg1/src/rktio/rktio_network.c:1635:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tcp_accept_addr[RKTIO_SOCK_NAME_MAX_LEN]; data/racket-7.8+dfsg1/src/rktio/rktio_network.c:1670:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[NI_MAXHOST], serv[NI_MAXSERV]; data/racket-7.8+dfsg1/src/rktio/rktio_network.c:1675:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[128], serv[32]; data/racket-7.8+dfsg1/src/rktio/rktio_network.c:1679:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(host, "%d.%d.%d.%d", b[0], b[1], b[2], b[3]); data/racket-7.8+dfsg1/src/rktio/rktio_network.c:1684:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(serv, "%d", id); data/racket-7.8+dfsg1/src/rktio/rktio_network.c:1702:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[RKTIO_SOCK_NAME_MAX_LEN]; data/racket-7.8+dfsg1/src/rktio/rktio_network.c:1716:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[RKTIO_SOCK_NAME_MAX_LEN]; data/racket-7.8+dfsg1/src/rktio/rktio_network.c:1730:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[RKTIO_SOCK_NAME_MAX_LEN]; data/racket-7.8+dfsg1/src/rktio/rktio_network.c:1859:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src_addr[RKTIO_SOCK_NAME_MAX_LEN]; data/racket-7.8+dfsg1/src/rktio/rktio_network.c:1867:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1]; data/racket-7.8+dfsg1/src/rktio/rktio_network.c:2034:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host_buf[RKTIO_SOCK_HOST_NAME_MAX_LEN]; data/racket-7.8+dfsg1/src/rktio/rktio_network.c:2036:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(host_buf, "%d.%d.%d.%d", b[0], b[1], b[2], b[3]); data/racket-7.8+dfsg1/src/rktio/rktio_poll_set.c:151:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pfd, data->pfd, sizeof(struct pollfd) * count); data/racket-7.8+dfsg1/src/rktio/rktio_poll_set.c:245:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data->pfd, pfds, j * sizeof(struct pollfd)); data/racket-7.8+dfsg1/src/rktio/rktio_poll_set.c:402:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p2, p, old_size); data/racket-7.8+dfsg1/src/rktio/rktio_poll_set.c:403:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)p2 + (new_size + extra), (char *)p + (old_size + extra), old_size); data/racket-7.8+dfsg1/src/rktio/rktio_poll_set.c:404:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)p2 + 2*(new_size + extra), (char *)p + 2*(old_size + extra), old_size); data/racket-7.8+dfsg1/src/rktio/rktio_poll_set.c:407:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *)p2 + new_size, (char *)p + old_size, extra); data/racket-7.8+dfsg1/src/rktio/rktio_poll_set.c:446:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. return (rktio_poll_set_t *)((char *)(((void **)fd)[GROWABLE_CONTENT_INDEX]) data/racket-7.8+dfsg1/src/rktio/rktio_poll_set.c:621:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, fd->sockets, fd->alloc * sizeof(SOCKET)); data/racket-7.8+dfsg1/src/rktio/rktio_poll_set.c:686:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hs, efd->handles, sizeof(HANDLE)*i); data/racket-7.8+dfsg1/src/rktio/rktio_poll_set.c:687:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rps, efd->repost_sema, sizeof(int)*i); data/racket-7.8+dfsg1/src/rktio/rktio_poll_set.c:1181:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[10]; data/racket-7.8+dfsg1/src/rktio/rktio_process.c:502:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, signal_fds, sizeof(Group_Signal_FD) * count); data/racket-7.8+dfsg1/src/rktio/rktio_process.c:1073:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. cmdline = (char *)argv[1]; data/racket-7.8+dfsg1/src/rktio/rktio_process.c:1084:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cmdline + len, argv[i], l); data/racket-7.8+dfsg1/src/rktio/rktio_process.c:1315:52: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. command, argc, (const char * const *)argv, data/racket-7.8+dfsg1/src/rktio/rktio_process.c:1327:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. free((char *)argv[i]); data/racket-7.8+dfsg1/src/rktio/rktio_process.c:1370:11: [2] (race) vfork: On some old systems, vfork() permits race conditions, and it's very difficult to use correctly (CWE-362). Use fork() instead. pid = vfork(); data/racket-7.8+dfsg1/src/rktio/rktio_sha1.c:147:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(block, buffer, 64); data/racket-7.8+dfsg1/src/rktio/rktio_sha1.c:217:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[j], data, (i = 64 - j)); data/racket-7.8+dfsg1/src/rktio/rktio_sha1.c:225:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&context->buffer[j], &data[i], len - i); data/racket-7.8+dfsg1/src/rktio/rktio_sha1.c:272:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char digest[RKTIO_SHA1_DIGEST_SIZE], buffer[16384]; data/racket-7.8+dfsg1/src/rktio/rktio_sha1.c:284:22: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(file = fopen(argv[1], "rb"))) { data/racket-7.8+dfsg1/src/rktio/rktio_sha1.c:330:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(c, "%02X", digest[i * 4 + j]); data/racket-7.8+dfsg1/src/rktio/rktio_sha1.c:345:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output[80]; data/racket-7.8+dfsg1/src/rktio/rktio_sha2.c:156:60: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char data[64] ) data/racket-7.8+dfsg1/src/rktio/rktio_sha2.c:238:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void *) (ctx->buffer + left), input, fill ); data/racket-7.8+dfsg1/src/rktio/rktio_sha2.c:258:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( (void *) (ctx->buffer + left), input, ilen ); data/racket-7.8+dfsg1/src/rktio/rktio_sha2.c:263:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char sha256_padding[64] = data/racket-7.8+dfsg1/src/rktio/rktio_sha2.c:275:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char output[32] ) data/racket-7.8+dfsg1/src/rktio/rktio_sha2.c:280:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char msglen[8]; data/racket-7.8+dfsg1/src/rktio/rktio_sha2.c:316:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char sha256_test_buf[3][57] = data/racket-7.8+dfsg1/src/rktio/rktio_sha2.c:328:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char sha256_test_sum[6][32] = data/racket-7.8+dfsg1/src/rktio/rktio_sha2.c:370:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sha256sum[32]; data/racket-7.8+dfsg1/src/rktio/rktio_syslog.c:77:11: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const wchar_t *a[1]; data/racket-7.8+dfsg1/src/rktio/rktio_syslog.c:117:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya, name, slen); data/racket-7.8+dfsg1/src/rktio/rktio_syslog.c:118:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya + slen, ": ", 2); data/racket-7.8+dfsg1/src/rktio/rktio_syslog.c:119:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(naya + slen + 2, msg, len); data/racket-7.8+dfsg1/src/rktio/rktio_wide.c:345:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2, s, len); data/racket-7.8+dfsg1/src/start/MemoryModule.c:227:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, data + section->PointerToRawData, section->SizeOfRawData); data/racket-7.8+dfsg1/src/start/MemoryModule.c:590:55: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. old_header = (PIMAGE_NT_HEADERS)&((const unsigned char *)(data))[dos_header->e_lfanew]; data/racket-7.8+dfsg1/src/start/MemoryModule.c:715:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(headers, dos_header, old_header->OptionalHeader.SizeOfHeaders); data/racket-7.8+dfsg1/src/start/MemoryModule.c:716:60: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. result->headers = (PIMAGE_NT_HEADERS)&((const unsigned char *)(headers))[dos_header->e_lfanew]; data/racket-7.8+dfsg1/src/start/MemoryModule.c:986:9: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t _searchKeySpace[MAX_LOCAL_KEY_LENGTH+1]; data/racket-7.8+dfsg1/src/start/start.c:188:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(r + len, argv[i], l * sizeof(wchar_t)); data/racket-7.8+dfsg1/src/start/start.c:208:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(d, s, (l + 1) * sizeof(wchar_t)); data/racket-7.8+dfsg1/src/start/start.c:224:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t go[MAXCOMMANDLEN * 2]; data/racket-7.8+dfsg1/src/start/start.c:269:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2, path, mlen * sizeof(wchar_t)); data/racket-7.8+dfsg1/src/start/start.c:270:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s2 + mlen, exedir, (plen + 1) * sizeof(wchar_t)); data/racket-7.8+dfsg1/src/start/start.c:282:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t errbuff[MAXCOMMANDLEN * 2]; data/racket-7.8+dfsg1/src/start/start.c:286:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuff[MAXCOMMANDLEN * 2]; data/racket-7.8+dfsg1/src/start/start.c:287:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errbuff,"Can't find %S\n",go); data/racket-7.8+dfsg1/src/start/start.c:303:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, m_lpCmdLine, (wc_strlen(m_lpCmdLine) + 1) * sizeof(wchar_t)); data/racket-7.8+dfsg1/src/start/start.c:329:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t errbuff[MAXCOMMANDLEN * 2]; data/racket-7.8+dfsg1/src/start/start.c:334:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errbuff[MAXCOMMANDLEN * 2]; data/racket-7.8+dfsg1/src/start/start.c:335:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errbuff,"Command line of %d characters exceeds %d characters: %.1024S\n", data/racket-7.8+dfsg1/src/start/ustart.c:170:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, s1, l1); data/racket-7.8+dfsg1/src/start/ustart.c:171:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + l1, s2, l2); data/racket-7.8+dfsg1/src/start/ustart.c:188:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, s1, l1 + 1); data/racket-7.8+dfsg1/src/start/ustart.c:202:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s, s1, l1); data/racket-7.8+dfsg1/src/start/ustart.c:207:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(s + l1, s2, l2); data/racket-7.8+dfsg1/src/start/ustart.c:272:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char e_ident[16]; data/racket-7.8+dfsg1/src/start/ustart.c:309:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(me, O_RDONLY, 0); data/racket-7.8+dfsg1/src/start/ustart.c:461:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(me, O_RDONLY, 0); data/racket-7.8+dfsg1/src/worksp/cstartup.c:22:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). in = fopen(argv[1], "r"); data/racket-7.8+dfsg1/src/worksp/cstartup.c:23:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen(argv[2], "w"); data/racket-7.8+dfsg1/src/worksp/genvsx.c:43:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(fn, "r"); data/racket-7.8+dfsg1/src/worksp/genvsx.c:44:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). new_f = fopen(new_fn, "w"); data/racket-7.8+dfsg1/src/worksp/libffi/ffi.h:215:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[FFI_SIZEOF_ARG]; data/racket-7.8+dfsg1/src/worksp/libffi/ffi.h:226:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char data[FFI_SIZEOF_JAVA_RAW]; data/racket-7.8+dfsg1/src/worksp/libffi/ffi.h:268:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tramp[FFI_TRAMPOLINE_SIZE]; data/racket-7.8+dfsg1/src/worksp/libffi/ffi.h:299:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tramp[FFI_TRAMPOLINE_SIZE]; data/racket-7.8+dfsg1/src/worksp/libffi/ffi.h:320:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tramp[FFI_TRAMPOLINE_SIZE]; data/racket-7.8+dfsg1/src/ChezScheme/c/alloc.c:786:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (n < 0) n = strlen(s); data/racket-7.8+dfsg1/src/ChezScheme/c/alloc.c:824:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (n < 0) n = strlen(s); data/racket-7.8+dfsg1/src/ChezScheme/c/compress-io.c:260:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = WIN32_IZE(read)(fd, (char*)buffer + pos, 4 - pos); data/racket-7.8+dfsg1/src/ChezScheme/c/compress-io.c:369:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). in_avail = WIN32_IZE(read)(lz4->fd, lz4->in_buffer, LZ4_INPUT_PORT_IN_BUFFER_SIZE); data/racket-7.8+dfsg1/src/ChezScheme/c/foreign.c:80:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iptr n = strlen(s) + 1; data/racket-7.8+dfsg1/src/ChezScheme/c/foreign.c:90:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). h = n = strlen(s); data/racket-7.8+dfsg1/src/ChezScheme/c/gc.c:542:67: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). (void)printf("mcg = %x; go? ", mcg); (void)fflush(stdout); (void)getc(stdin); data/racket-7.8+dfsg1/src/ChezScheme/c/intern.c:152:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iptr n = strlen((const char *)s); data/racket-7.8+dfsg1/src/ChezScheme/c/io.c:52:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n1 = strlen(home); data/racket-7.8+dfsg1/src/ChezScheme/c/io.c:53:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n2 = strlen(ip) + 1; data/racket-7.8+dfsg1/src/ChezScheme/c/io.c:82:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n1 = strlen(dir); data/racket-7.8+dfsg1/src/ChezScheme/c/io.c:83:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n2 = strlen(ip) + 1; data/racket-7.8+dfsg1/src/ChezScheme/c/io.c:94:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t n = strlen(inpath) + 1; data/racket-7.8+dfsg1/src/ChezScheme/c/io.c:223:12: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((n = wcslen(s)) == 0) return S_G.null_bytevector; data/racket-7.8+dfsg1/src/ChezScheme/c/io.c:254:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((n = strlen(s)) == 0) return S_G.null_bytevector; data/racket-7.8+dfsg1/src/ChezScheme/c/itest.c:47:31: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((i = digit_value((c = getchar()), r)) == -1) { data/racket-7.8+dfsg1/src/ChezScheme/c/itest.c:58:13: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ICHAR c = getchar(); data/racket-7.8+dfsg1/src/ChezScheme/c/itest.c:65:17: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). switch (getchar()) { data/racket-7.8+dfsg1/src/ChezScheme/c/itest.c:77:17: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ICHAR c = getchar(); data/racket-7.8+dfsg1/src/ChezScheme/c/itest.c:89:15: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getchar(); data/racket-7.8+dfsg1/src/ChezScheme/c/itest.c:91:17: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getchar(); data/racket-7.8+dfsg1/src/ChezScheme/c/itest.c:94:17: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getchar(); data/racket-7.8+dfsg1/src/ChezScheme/c/itest.c:108:34: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((i = digit_value((c2 = getchar()), 10)) == -1) { data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:300:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (addrwidth < (INT)strlen(addrtitle)) addrwidth = (INT)strlen(addrtitle); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:300:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (addrwidth < (INT)strlen(addrtitle)) addrwidth = (INT)strlen(addrtitle); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:325:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (addrwidth < (INT)strlen(addrtitle) + 1) addrwidth = (INT)strlen(addrtitle) + 1; data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:325:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (addrwidth < (INT)strlen(addrtitle) + 1) addrwidth = (INT)strlen(addrtitle) + 1; data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:357:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (addrwidth < (INT)strlen(addrtitle)) addrwidth = (INT)strlen(addrtitle); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:357:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (addrwidth < (INT)strlen(addrtitle)) addrwidth = (INT)strlen(addrtitle); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:359:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (byteswidth < (INT)strlen(bytestitle)) byteswidth = (INT)strlen(bytestitle); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:359:63: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (byteswidth < (INT)strlen(bytestitle)) byteswidth = (INT)strlen(bytestitle); data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:745:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t n = strlen(comspec) + strlen(s) + 7; data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:745:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t n = strlen(comspec) + strlen(s) + 7; data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:1453:73: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define display(s) { const char *S = (s); if (WRITE(1, S, (unsigned int)strlen(S))) {} } data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:2036:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(what) + strlen(dll) + 17; data/racket-7.8+dfsg1/src/ChezScheme/c/prim5.c:2036:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(what) + strlen(dll) + 17; data/racket-7.8+dfsg1/src/ChezScheme/c/scheme.c:278:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(VERSION)+1 > HEAP_VERSION_LENGTH) { data/racket-7.8+dfsg1/src/ChezScheme/c/scheme.c:282:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(MACHINE_TYPE)+1 > HEAP_MACHID_LENGTH) { data/racket-7.8+dfsg1/src/ChezScheme/c/scheme.c:590:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) >= PATH_MAX) { data/racket-7.8+dfsg1/src/ChezScheme/c/scheme.c:1008:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } else if (*Sschemeheapdirs != 0 && Sschemeheapdirs[strlen(Sschemeheapdirs)-1] == SEARCHPATHSEP) { data/racket-7.8+dfsg1/src/ChezScheme/c/scheme.c:1089:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) >= PATH_MAX) { data/racket-7.8+dfsg1/src/ChezScheme/c/scheme.c:1099:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(name) - 4; data/racket-7.8+dfsg1/src/ChezScheme/c/schsig.c:378:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(who) == 0) data/racket-7.8+dfsg1/src/ChezScheme/c/schsig.c:388:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Scons((strlen(who) == 0 ? Sfalse : Sstring_utf8(who,-1)), data/racket-7.8+dfsg1/src/ChezScheme/c/version.h:435:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). # define READ read data/racket-7.8+dfsg1/src/ChezScheme/c/windows.c:151:15: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t n = (wcslen(val) + 1) * sizeof(wchar_t); data/racket-7.8+dfsg1/src/ChezScheme/examples/csocket.c:42:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). i = read(fd, buf, n); data/racket-7.8+dfsg1/src/ChezScheme/mats/cat_flush.c:32:15: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getchar()) != EOF) { data/racket-7.8+dfsg1/src/ChezScheme/mats/foreign3.c:233:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, s, 9); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/blast/blast.c:458:12: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (getchar() != EOF) data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream2/zstream.h:87:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int read(void* buf, size_t len) { data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream2/zstream.h:115:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). inline int read(izstream& zs, T* x, Items items) { data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream2/zstream.h:278:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). val.byte = 255; val.word = ::strlen(x); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:146:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(c_mode, "w"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:148:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(c_mode, "a"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:150:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(c_mode, "w"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:152:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(c_mode, "r"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:160:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(c_mode) == 0) data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/iostream3/zfstream.cc:163:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(c_mode, "b"); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/miniunz.c:143:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = (int)strlen(newdir); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/miniunz.c:390:27: [1] (buffer) scanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. ret = scanf("%1s",answer); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/miniunz.c:609:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename_try, zipfilename,MAXFILENAME-1); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/minizip.c:111:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(f); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/minizip.c:115:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, f,MAXFILENAME-1); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/minizip.c:324:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(filename_try, argv[zipfilenamearg],MAXFILENAME-1); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/minizip.c:328:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len=(int)strlen(filename_try); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/minizip.c:352:27: [1] (buffer) scanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. ret = scanf("%1s",answer); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/minizip.c:396:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (strlen(argv[i]) == 2))) data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/mztools.c:151:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int comsize = (int) strlen(comment); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/mztools.c:226:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int comsize = (int) strlen(comment); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/unzip.c:1249:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(szFileName)>=UNZ_MAXFILENAMEINZIP) data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/zip.c:962:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uInt size_filename = (uInt)strlen(filename); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/zip.c:1101:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_comment = (uInt)strlen(comment); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/zip.c:1103:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_filename = (uInt)strlen(filename); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/minizip/zip.c:1870:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_global_comment = (uInt)strlen(global_comment); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:138:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). origlen = strlen(buffer); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:332:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(buffer); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:440:15: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fname,buffer.header.name,SHORTNAMESIZE); data/racket-7.8+dfsg1/src/ChezScheme/zlib/contrib/untgz/untgz.c:514:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fname[BLOCKSIZE-1] != 0 || (int)strlen(fname) > remaining) data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gun.c:103:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = (int)read(me->infile, next, ret); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gun.c:669:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (int)strlen(*argv); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzappend.c:184:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(in->fd, in->buf, 1 << in->size); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzappend.c:356:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(gz.fd, gz.buf, 1) != 1) bye("reading after seek on ", name); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzappend.c:375:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(gz.fd, gz.buf, 1) != 1) bye("reading after seek on ", name); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzappend.c:411:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = read(fd, in, CHUNK); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzjoin.c:131:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). len = (long)read(in->fd, in->buf + in->left, CHUNK - in->left); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzjoin.c:183:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(in->fd, in->buf, 1) != 1) data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:416:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(log->fd, buf, HEAD + EXTRA) != HEAD + EXTRA || data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:477:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(log->fd, buf, 1) != 1)) data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:583:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dest = malloc(strlen(log->path) + 1); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:631:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). dict = read(fd, buf, DICT); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:646:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(log->fd, buf, 1) != 1 || lseek(log->fd, -1, SEEK_CUR) < 0) { data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:678:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(log->fd, buf, 1) != 1) data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:762:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = (size_t)read(fd, data, len) != len; data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:882:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(path); data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:939:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(log->fd, buf, 5) != 5) data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/gzlog.c:943:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(log->fd, (char *)data + next, block) != block) data/racket-7.8+dfsg1/src/ChezScheme/zlib/examples/zran.c:281:15: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = getc(in); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzguts.h:48:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). # define read _read data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzlib.c:199:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen((const char *)path); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzlib.c:605:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((state->msg = (char *)malloc(strlen(state->path) + strlen(msg) + 3)) == data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzlib.c:605:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((state->msg = (char *)malloc(strlen(state->path) + strlen(msg) + 3)) == data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzlib.c:611:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void)snprintf(state->msg, strlen(state->path) + strlen(msg) + 3, data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzlib.c:611:54: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void)snprintf(state->msg, strlen(state->path) + strlen(msg) + 3, data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzread.c:35:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(state->fd, buf + *have, get); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzwrite.c:370:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzwrite.c:426:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(next); data/racket-7.8+dfsg1/src/ChezScheme/zlib/gzwrite.c:524:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(next); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/example.c:93:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uLong len = (uLong)strlen(hello)+1; data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/example.c:123:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = (int)strlen(hello)+1; data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/example.c:180:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen((char*)uncompr) != 7) { /* " hello!" */ data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/example.c:206:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uLong len = (uLong)strlen(hello)+1; data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/example.c:381:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uInt len = (uInt)strlen(hello)+1; data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/example.c:480:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c_stream.avail_in = (uInt)strlen(hello)+1; data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/infcover.c:250:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). in = malloc((strlen(hex) + 1) >> 1); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/infcover.c:525:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix = malloc(strlen(id) + 6); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:465:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(file) + strlen(GZ_SUFFIX) >= sizeof(outfile)) { data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:465:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(file) + strlen(GZ_SUFFIX) >= sizeof(outfile)) { data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:503:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). unsigned len = strlen(file); data/racket-7.8+dfsg1/src/ChezScheme/zlib/test/minigzip.c:505:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len + strlen(GZ_SUFFIX) >= sizeof(buf)) { data/racket-7.8+dfsg1/src/cs/c/boot.c:33:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iptr len = strlen(s); data/racket-7.8+dfsg1/src/cs/c/boot.c:42:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iptr len = strlen(s); data/racket-7.8+dfsg1/src/cs/c/boot.c:55:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s + delta); data/racket-7.8+dfsg1/src/cs/c/main.c:122:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/racket-7.8+dfsg1/src/cs/c/main.c:137:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l1 = strlen(p1); data/racket-7.8+dfsg1/src/cs/c/main.c:138:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l2 = strlen(p2); data/racket-7.8+dfsg1/src/cs/c/main.c:224:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, &e, sizeof(e)) == sizeof(e)) { data/racket-7.8+dfsg1/src/cs/c/main.c:226:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, &s, sizeof(s)) != sizeof(s)) { data/racket-7.8+dfsg1/src/cs/c/main.c:233:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, strs, s.sh_size) != s.sh_size) { data/racket-7.8+dfsg1/src/cs/c/main.c:240:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, &s, sizeof(s)) != sizeof(s)) { data/racket-7.8+dfsg1/src/cs/c/main.c:302:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l2 = strlen(s2); data/racket-7.8+dfsg1/src/cs/c/main.c:319:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return do_path_append(s1, strlen(s1), s2); data/racket-7.8+dfsg1/src/cs/c/main.c:329:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l1 = strlen(s1); data/racket-7.8+dfsg1/src/foreign/foreign.c:4886:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). scheme_print_bytes(pp, str, 0, strlen(str)); data/racket-7.8+dfsg1/src/foreign/libffi/src/closures.c:283:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t lendir = strlen (dir); data/racket-7.8+dfsg1/src/foreign/libffi/src/dlmalloc.c:656:32: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. #define dlmemalign memalign data/racket-7.8+dfsg1/src/foreign/libffi/src/dlmalloc.c:2528:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fd, buf, sizeof(buf)) == sizeof(buf)) { data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/strlen.c:12:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (strlen(s)); data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/strlen2.c:13:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (size_t) ((int) strlen(s) + (int) a); data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/strlen3.c:13:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (size_t) ((int) strlen(s) + (int) a); data/racket-7.8+dfsg1/src/foreign/libffi/testsuite/libffi.call/strlen4.c:13:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (size_t) ((int) strlen(s) + (int) a + i); data/racket-7.8+dfsg1/src/gracket/grmain.c:101:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer = (char *)malloc((5 * strlen(msg)) + 80); data/racket-7.8+dfsg1/src/gracket/grmain.c:103:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WriteConsole(console_out, buffer, strlen(buffer), &wrote, NULL); data/racket-7.8+dfsg1/src/mzcom/mzcom.cxx:70:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return RegSetValueExA(sub, name, 0, REG_SZ, (const BYTE *)s, strlen(s)); data/racket-7.8+dfsg1/src/mzcom/mzobj.cxx:121:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/racket-7.8+dfsg1/src/racket/gc/cord/cordbscs.c:90:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define GEN_LEN(s) (CORD_IS_STRING(s) ? strlen(s) : LEN(s)) data/racket-7.8+dfsg1/src/racket/gc/cord/cordbscs.c:156:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenx = strlen(x); data/racket-7.8+dfsg1/src/racket/gc/cord/cordbscs.c:186:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). right_len = strlen(right); data/racket-7.8+dfsg1/src/racket/gc/cord/cordbscs.c:240:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return(CORD_cat_char_star(x, y, strlen(y))); data/racket-7.8+dfsg1/src/racket/gc/cord/cordbscs.c:242:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lenx = strlen(x); data/racket-7.8+dfsg1/src/racket/gc/cord/cordbscs.c:370:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(result, x+i, n); data/racket-7.8+dfsg1/src/racket/gc/cord/cordprnt.c:316:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/racket-7.8+dfsg1/src/racket/gc/cord/cordxtra.c:238:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(s); data/racket-7.8+dfsg1/src/racket/gc/cord/cordxtra.c:317:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). d -> pos += strlen(s); data/racket-7.8+dfsg1/src/racket/gc/cord/cordxtra.c:375:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(s); data/racket-7.8+dfsg1/src/racket/gc/cord/cordxtra.c:448:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(f); data/racket-7.8+dfsg1/src/racket/gc/cord/cordxtra.c:456:25: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getc(f)) == 0) count++; data/racket-7.8+dfsg1/src/racket/gc/cord/de.c:64:44: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). # define de_error(s) { fprintf(stderr, s); getchar(); } data/racket-7.8+dfsg1/src/racket/gc/cord/de.c:582:17: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getchar()) != QUIT) { data/racket-7.8+dfsg1/src/racket/gc/cord/de_win.c:333:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). control, (int)strlen(control)); data/racket-7.8+dfsg1/src/racket/gc/dbg_mlc.c:642:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). copy = GC_debug_malloc_atomic(strlen(str) + 1, OPT_RA s, i); data/racket-7.8+dfsg1/src/racket/gc/include/private/gc_priv.h:368:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (tmp == 0 || strlen(tmp) == 0) data/racket-7.8+dfsg1/src/racket/gc/malloc.c:246:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((copy = GC_malloc_atomic(strlen(s) + 1)) == NULL) { data/racket-7.8+dfsg1/src/racket/gc/malloc.c:375:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(s) + 1; data/racket-7.8+dfsg1/src/racket/gc/misc.c:989:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (WRITE(GC_stdout, buf, strlen(buf)) < 0) ABORT("write to stdout failed"); data/racket-7.8+dfsg1/src/racket/gc/misc.c:1002:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (WRITE(GC_stderr, buf, strlen(buf)) < 0) ABORT("write to stderr failed"); data/racket-7.8+dfsg1/src/racket/gc/misc.c:1015:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (WRITE(GC_log, buf, strlen(buf)) < 0) ABORT("write to log failed"); data/racket-7.8+dfsg1/src/racket/gc/misc.c:1020:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (WRITE(GC_stderr, s, strlen(s)) < 0) ABORT("write to stderr failed"); data/racket-7.8+dfsg1/src/racket/gc/msvc_dbg.c:180:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(moduleName, sourceName, size)[size - 1] = 0; data/racket-7.8+dfsg1/src/racket/gc/msvc_dbg.c:182:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(sourceName); data/racket-7.8+dfsg1/src/racket/gc/msvc_dbg.c:223:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(symbolName, sourceName, size)[size - 1] = 0; data/racket-7.8+dfsg1/src/racket/gc/msvc_dbg.c:225:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(sourceName); data/racket-7.8+dfsg1/src/racket/gc/msvc_dbg.c:264:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fileName, sourceName, size)[size - 1] = 0; data/racket-7.8+dfsg1/src/racket/gc/msvc_dbg.c:266:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(sourceName); data/racket-7.8+dfsg1/src/racket/gc/msvc_dbg.c:296:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buffer, str, size)[size - 1] = 0; data/racket-7.8+dfsg1/src/racket/gc/msvc_dbg.c:298:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer += strlen(str); data/racket-7.8+dfsg1/src/racket/gc/msvc_dbg.c:303:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, "at ", size)[size - 1] = 0; data/racket-7.8+dfsg1/src/racket/gc/msvc_dbg.c:305:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer += strlen("at "); data/racket-7.8+dfsg1/src/racket/gc/msvc_dbg.c:312:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(buffer, " in ", size)[size - 1] = 0; data/racket-7.8+dfsg1/src/racket/gc/msvc_dbg.c:314:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer += strlen(" in "); data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:148:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define READ read data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:177:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). result = read(f, buf, GET_FILE_LEN_BUF_SZ); data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:381:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t nm_len = strlen(nm); data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:1130:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). # define STAT_READ read data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:3315:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ssize_t read(int fd, void *buf, size_t nbyte) data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:3451:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). # define READ(fd,buf,nbytes) read(fd, buf, nbytes) data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:4417:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (old_preload) >= PRELOAD_SZ) { data/racket-7.8+dfsg1/src/racket/gc/os_dep.c:4487:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). GC_err_write(maps, strlen(maps)); data/racket-7.8+dfsg1/src/racket/gc/pthread_stop_world.c:421:8: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(WAIT_UNIT); data/racket-7.8+dfsg1/src/racket/gc/pthread_support.c:560:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). # define STAT_READ read data/racket-7.8+dfsg1/src/racket/gc/setjmp_t.c:65:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). register int x = (int)strlen("a"); /* 1, slightly disguised */ data/racket-7.8+dfsg1/src/racket/gc2/msgprint.c:171:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(s); data/racket-7.8+dfsg1/src/racket/gc2/sighand.c:56:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while(read(fileno(stdin), inbuffer, 10) <= 0){ data/racket-7.8+dfsg1/src/racket/main.c:182:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int i = strlen(sprog) - 1; data/racket-7.8+dfsg1/src/racket/sgc/sgc.c:5209:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(s); data/racket-7.8+dfsg1/src/racket/src/bignum.c:1364:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(str XFORM_OK_PLUS offset), data/racket-7.8+dfsg1/src/racket/src/compile.c:278:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name = scheme_intern_exact_symbol(buf, strlen(buf)); data/racket-7.8+dfsg1/src/racket/src/compile.c:352:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/racket-7.8+dfsg1/src/racket/src/compile.c:2226:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = scheme_intern_exact_parallel_symbol(buf, strlen(buf)); data/racket-7.8+dfsg1/src/racket/src/dynext.c:142:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). intptr_t len = strlen(vers); data/racket-7.8+dfsg1/src/racket/src/dynext.c:173:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). comppath = scheme_is_complete_path(filename, strlen(filename), SCHEME_PLATFORM_PATH_KIND); data/racket-7.8+dfsg1/src/racket/src/dynext.c:196:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = strlen(filename); data/racket-7.8+dfsg1/src/racket/src/dynext.c:436:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(t); data/racket-7.8+dfsg1/src/racket/src/env.c:292:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). MZTIMEIT(read, scheme_init_read(env)); data/racket-7.8+dfsg1/src/racket/src/error.c:415:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen(t); data/racket-7.8+dfsg1/src/racket/src/error.c:431:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen(t); data/racket-7.8+dfsg1/src/racket/src/error.c:450:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen(t); data/racket-7.8+dfsg1/src/racket/src/error.c:459:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen(t); data/racket-7.8+dfsg1/src/racket/src/error.c:469:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen(t); data/racket-7.8+dfsg1/src/racket/src/error.c:500:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (es) elen = strlen(es); else elen = 0; data/racket-7.8+dfsg1/src/racket/src/error.c:501:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen(buf); data/racket-7.8+dfsg1/src/racket/src/error.c:592:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(es) - 1; i > 0; i--) { data/racket-7.8+dfsg1/src/racket/src/error.c:609:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen(es) + 24; data/racket-7.8+dfsg1/src/racket/src/error.c:614:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen(t); data/racket-7.8+dfsg1/src/racket/src/error.c:711:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen(t); data/racket-7.8+dfsg1/src/racket/src/error.c:713:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tlen = strlen(t); data/racket-7.8+dfsg1/src/racket/src/error.c:1274:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen(name); data/racket-7.8+dfsg1/src/racket/src/error.c:1308:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen(name); data/racket-7.8+dfsg1/src/racket/src/error.c:1343:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = (namelen < 0 ? strlen(n) : namelen); data/racket-7.8+dfsg1/src/racket/src/error.c:1349:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(n); data/racket-7.8+dfsg1/src/racket/src/error.c:1630:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pos = strlen(other); data/racket-7.8+dfsg1/src/racket/src/error.c:1647:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *_olen = strlen(other); data/racket-7.8+dfsg1/src/racket/src/error.c:1661:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *_olen = strlen(other); data/racket-7.8+dfsg1/src/racket/src/error.c:1667:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = strlen(indent); data/racket-7.8+dfsg1/src/racket/src/error.c:1697:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *_olen = strlen(other); data/racket-7.8+dfsg1/src/racket/src/error.c:1782:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/racket-7.8+dfsg1/src/racket/src/error.c:1924:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). intptr_t strlen; data/racket-7.8+dfsg1/src/racket/src/error.c:1933:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sstr = scheme_make_provided_string(s, 2, &strlen); data/racket-7.8+dfsg1/src/racket/src/error.c:1944:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sstr, strlen); data/racket-7.8+dfsg1/src/racket/src/error.c:2029:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). v_str_lens[cnt] = strlen(str); data/racket-7.8+dfsg1/src/racket/src/error.c:2042:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += v_str_len + 5 + strlen(strs[i]); data/racket-7.8+dfsg1/src/racket/src/error.c:2047:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mlen = strlen(msg); data/racket-7.8+dfsg1/src/racket/src/error.c:2048:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(name); data/racket-7.8+dfsg1/src/racket/src/error.c:2049:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). seplen = strlen(sep); data/racket-7.8+dfsg1/src/racket/src/error.c:2064:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(strs[i]); data/racket-7.8+dfsg1/src/racket/src/error.c:2291:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(s); data/racket-7.8+dfsg1/src/racket/src/error.c:2793:68: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static Scheme_Object *do_raise_mismatch_error(const char *who, int mismatch, int argc, Scheme_Object *argv[]) data/racket-7.8+dfsg1/src/racket/src/error.c:2806:16: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. for (i = 2 + mismatch; i < argc; i += 2) { data/racket-7.8+dfsg1/src/racket/src/error.c:2811:8: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!mismatch && (argc & 1)) { data/racket-7.8+dfsg1/src/racket/src/error.c:2818:8: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!mismatch && (argc == 2)) { data/racket-7.8+dfsg1/src/racket/src/error.c:2825:14: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. } else if (mismatch && (argc == 3)) { data/racket-7.8+dfsg1/src/racket/src/error.c:2836:19: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. int offset = (mismatch ? 0 : 1); data/racket-7.8+dfsg1/src/racket/src/error.c:2847:14: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!mismatch) data/racket-7.8+dfsg1/src/racket/src/error.c:2869:12: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!mismatch && !(i & 1)) { data/racket-7.8+dfsg1/src/racket/src/error.c:2875:12: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (!mismatch && !(i & 1)) { data/racket-7.8+dfsg1/src/racket/src/error.c:2883:9: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. if (mismatch) { data/racket-7.8+dfsg1/src/racket/src/error.c:3131:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). scheme_write_byte_string(buf, strlen(buf), port); data/racket-7.8+dfsg1/src/racket/src/error.c:3892:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). scheme_log_message(&logger, SCHEME_LOG_FATAL, buffer, strlen(buffer), scheme_false); data/racket-7.8+dfsg1/src/racket/src/error.c:3897:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). scheme_log_message(scheme_main_logger, SCHEME_LOG_WARNING, buffer, strlen(buffer), scheme_false); data/racket-7.8+dfsg1/src/racket/src/error.c:3926:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen(message); data/racket-7.8+dfsg1/src/racket/src/error.c:3928:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len1 = strlen(log_domain); data/racket-7.8+dfsg1/src/racket/src/eval.c:368:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf); data/racket-7.8+dfsg1/src/racket/src/eval.c:3764:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). e = scheme_make_utf8_string(desc XFORM_OK_PLUS strlen(desc) XFORM_OK_PLUS 1); data/racket-7.8+dfsg1/src/racket/src/file.c:536:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return make_protected_sized_offset_path(1, chars, 0, strlen(chars), 1, 0, SCHEME_WINDOWS_PATH_KIND); data/racket-7.8+dfsg1/src/racket/src/file.c:909:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(s); data/racket-7.8+dfsg1/src/racket/src/file.c:976:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). scheme_split_path(filename, strlen(filename), &base, &isdir, SCHEME_PLATFORM_PATH_KIND); data/racket-7.8+dfsg1/src/racket/src/file.c:1379:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/racket-7.8+dfsg1/src/racket/src/file.c:1477:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return is_special_filename(f, 0, strlen(f), not_nul, 0); data/racket-7.8+dfsg1/src/racket/src/file.c:1541:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ilen = strlen(filename); data/racket-7.8+dfsg1/src/racket/src/file.c:1567:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ilen = strlen(filename); data/racket-7.8+dfsg1/src/racket/src/file.c:1697:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ilen = strlen(filename); data/racket-7.8+dfsg1/src/racket/src/file.c:3085:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wlen = strlen(wrt); data/racket-7.8+dfsg1/src/racket/src/file.c:3184:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return scheme_make_sized_offset_kind_path(s, 0, strlen(s), 0, kind); data/racket-7.8+dfsg1/src/racket/src/file.c:3189:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return scheme_make_sized_offset_kind_path(s, 0, strlen(s), 0, kind); data/racket-7.8+dfsg1/src/racket/src/file.c:3496:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(fullfilename); data/racket-7.8+dfsg1/src/racket/src/file.c:3503:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(fullfilename); data/racket-7.8+dfsg1/src/racket/src/file.c:3527:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return scheme_make_sized_path(filename, strlen(filename), 1); data/racket-7.8+dfsg1/src/racket/src/file.c:3738:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(s); data/racket-7.8+dfsg1/src/racket/src/file.c:3898:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/racket-7.8+dfsg1/src/racket/src/file.c:4142:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return scheme_make_sized_path(drive, strlen(drive), 0); data/racket-7.8+dfsg1/src/racket/src/file.c:4175:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return scheme_make_sized_offset_kind_path(filename, 0, strlen(filename), 1, kind); data/racket-7.8+dfsg1/src/racket/src/file.c:4199:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return scheme_make_sized_path(filename, strlen(filename), 1); data/racket-7.8+dfsg1/src/racket/src/file.c:4267:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = make_protected_sized_offset_path(1, s, 0, strlen(s), 1, 0, SCHEME_PLATFORM_PATH_KIND); data/racket-7.8+dfsg1/src/racket/src/file.c:4298:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(fn); data/racket-7.8+dfsg1/src/racket/src/file.c:4859:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ed = scheme_make_sized_path(expanded, strlen(expanded), 1); data/racket-7.8+dfsg1/src/racket/src/file.c:5093:9: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = wcslen(r) + 1; data/racket-7.8+dfsg1/src/racket/src/fun.c:2477:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen(((Scheme_Primitive_Proc *)p)->name); data/racket-7.8+dfsg1/src/racket/src/fun.c:2481:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *len = strlen(((Scheme_Closed_Primitive_Proc *)p)->name); data/racket-7.8+dfsg1/src/racket/src/linklet.c:1134:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = scheme_intern_exact_parallel_symbol(buf, strlen(buf)); data/racket-7.8+dfsg1/src/racket/src/linklet.c:1829:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return do_tab(strlen(s), tab, max_len); data/racket-7.8+dfsg1/src/racket/src/linklet.c:1902:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(perf_entries[i].name); data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.c:512:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *p = &buff[strlen(buff)]; data/racket-7.8+dfsg1/src/racket/src/longdouble/longdouble.h:23:7: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. !! mismatch in mz_long_double size !! data/racket-7.8+dfsg1/src/racket/src/mzmarksrc.c:2032:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). START read; data/racket-7.8+dfsg1/src/racket/src/mzmarksrc.c:2092:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). END read; data/racket-7.8+dfsg1/src/racket/src/numstr.c:246:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/racket-7.8+dfsg1/src/racket/src/numstr.c:1903:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(buffer); data/racket-7.8+dfsg1/src/racket/src/numstr.c:1955:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). s = (char *)scheme_malloc_atomic(strlen(buffer) + 1); data/racket-7.8+dfsg1/src/racket/src/numstr.c:1963:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(s) + 1; data/racket-7.8+dfsg1/src/racket/src/numstr.c:2015:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(ns); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2016:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dlen = strlen(ds); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2033:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rlen = strlen(rs); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2034:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ilen = strlen(is); data/racket-7.8+dfsg1/src/racket/src/numstr.c:2261:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). intptr_t strlen, slen; data/racket-7.8+dfsg1/src/racket/src/numstr.c:2288:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen; data/racket-7.8+dfsg1/src/racket/src/optimize.c:312:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = strlen(ctx); data/racket-7.8+dfsg1/src/racket/src/optimize.c:313:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). plen = strlen(prefix); data/racket-7.8+dfsg1/src/racket/src/optimize.c:314:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mclen = strlen(mctx); data/racket-7.8+dfsg1/src/racket/src/optimize.c:315:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). mplen = strlen(mprefix); data/racket-7.8+dfsg1/src/racket/src/port.c:3664:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(filename); data/racket-7.8+dfsg1/src/racket/src/port.c:4510:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). (void)scheme_split_path(filename, strlen(filename), &base, &is_dir, SCHEME_PLATFORM_PATH_KIND); data/racket-7.8+dfsg1/src/racket/src/port.c:6234:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nplen = strlen(argv[0]); data/racket-7.8+dfsg1/src/racket/src/port.c:6437:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nplen = strlen(dir); data/racket-7.8+dfsg1/src/racket/src/port.c:6639:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(itimer_data->delay); data/racket-7.8+dfsg1/src/racket/src/portfun.c:669:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return scheme_make_sized_byte_string_input_port(str, strlen(str)); data/racket-7.8+dfsg1/src/racket/src/portfun.c:2096:45: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void scheme_pipe_with_limit(Scheme_Object **read, Scheme_Object **write, int queuelimit) data/racket-7.8+dfsg1/src/racket/src/portfun.c:2151:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void scheme_pipe(Scheme_Object **read, Scheme_Object **write) data/racket-7.8+dfsg1/src/racket/src/portfun.c:2153:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). scheme_pipe_with_limit(read, write, 0); data/racket-7.8+dfsg1/src/racket/src/portfun.c:4414:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ed = scheme_make_sized_path(expanded, strlen(expanded), 1); data/racket-7.8+dfsg1/src/racket/src/print.c:1197:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str XFORM_OK_PLUS offset); data/racket-7.8+dfsg1/src/racket/src/print.c:3277:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s) - 1; data/racket-7.8+dfsg1/src/racket/src/regexp.c:4190:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). #ifndef strncpy data/racket-7.8+dfsg1/src/racket/src/regexp.c:4191:16: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). extern char *strncpy(); data/racket-7.8+dfsg1/src/racket/src/regexp.c:5733:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(n); data/racket-7.8+dfsg1/src/racket/src/resolve.c:2269:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = scheme_intern_exact_parallel_symbol(buf, strlen(buf)); data/racket-7.8+dfsg1/src/racket/src/salloc.c:575:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str) + 1; data/racket-7.8+dfsg1/src/racket/src/salloc.c:588:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str) + 1; data/racket-7.8+dfsg1/src/racket/src/salloc.c:601:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str) + 1; data/racket-7.8+dfsg1/src/racket/src/salloc.c:2402:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen(buffer); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2422:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen(buffer); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2435:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen(buffer); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2481:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen(buffer); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2522:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(t2); data/racket-7.8+dfsg1/src/racket/src/salloc.c:2965:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(struct_name_to_match, SCHEME_SYM_VAL(SCHEME_CADR(p[0])), sizeof(struct_name_to_match)); data/racket-7.8+dfsg1/src/racket/src/schemef.h:909:44: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). MZ_EXTERN void scheme_pipe(Scheme_Object **read, Scheme_Object **write); data/racket-7.8+dfsg1/src/racket/src/schemef.h:910:78: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). MZ_EXTERN void scheme_pipe_with_limit(Scheme_Object **write, Scheme_Object **read, int maxsize); data/racket-7.8+dfsg1/src/racket/src/schemex.h:751:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void (*scheme_pipe)(Scheme_Object **read, Scheme_Object **write); data/racket-7.8+dfsg1/src/racket/src/schemex.h:752:71: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). void (*scheme_pipe_with_limit)(Scheme_Object **write, Scheme_Object **read, int maxsize); data/racket-7.8+dfsg1/src/racket/src/startup.c:16:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(str); data/racket-7.8+dfsg1/src/racket/src/string.c:1129:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define xstrlen strlen data/racket-7.8+dfsg1/src/racket/src/string.c:1644:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flen = strlen((char *)format); data/racket-7.8+dfsg1/src/racket/src/string.c:1885:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). scheme_write_byte_string(s, strlen(s), port); data/racket-7.8+dfsg1/src/racket/src/string.c:1920:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flen = strlen(format); data/racket-7.8+dfsg1/src/racket/src/string.c:1933:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). flen = strlen(format); data/racket-7.8+dfsg1/src/racket/src/string.c:3004:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(s); data/racket-7.8+dfsg1/src/racket/src/string.c:4753:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). end = strlen((char *)s); data/racket-7.8+dfsg1/src/racket/src/struct.c:3125:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(tn) - 2; /* drop < ... > */ data/racket-7.8+dfsg1/src/racket/src/struct.c:3593:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fieldstrlen = strlen(fieldstr); data/racket-7.8+dfsg1/src/racket/src/struct.c:4360:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fnlen = strlen(field_name); data/racket-7.8+dfsg1/src/racket/src/struct.c:4416:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(base), data/racket-7.8+dfsg1/src/racket/src/struct.c:4550:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). total = lp = strlen(pre); data/racket-7.8+dfsg1/src/racket/src/struct.c:4552:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). total += (lp1 = strlen(post1)); data/racket-7.8+dfsg1/src/racket/src/struct.c:4554:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). total += (lp2 = strlen(post2)); data/racket-7.8+dfsg1/src/racket/src/struct.c:5131:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namesym = scheme_intern_exact_symbol(name, strlen(name)); data/racket-7.8+dfsg1/src/racket/src/symbol.c:408:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return make_a_symbol(name, strlen(name), 0x1); data/racket-7.8+dfsg1/src/racket/src/symbol.c:560:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name); data/racket-7.8+dfsg1/src/racket/src/symbol.c:579:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return scheme_intern_exact_symbol(name, strlen(name)); data/racket-7.8+dfsg1/src/racket/src/thread.c:2848:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(key); data/racket-7.8+dfsg1/src/racket/src/thread.c:9412:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(buf); data/racket-7.8+dfsg1/src/racket/src/thread.c:9515:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(buf); data/racket-7.8+dfsg1/src/racket/src/thread.c:9576:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buflen = strlen(buf); data/racket-7.8+dfsg1/src/racket/src/type.c:368:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name) + 1; data/racket-7.8+dfsg1/src/racket/src/unwind/libunwind.c:2075:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen (mi.path); data/racket-7.8+dfsg1/src/racket/src/unwind/libunwind_i.h:220:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return write (2, string, strlen (string)); data/racket-7.8+dfsg1/src/racket/src/unwind/os-linux.h:235:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nread = read (mi->fd, mi->buf + bytes_left, data/racket-7.8+dfsg1/src/rktio/rktio_convert.c:168:12: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len1 = wcslen(dlldir); data/racket-7.8+dfsg1/src/rktio/rktio_convert.c:169:12: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = wcslen(s); data/racket-7.8+dfsg1/src/rktio/rktio_convert.c:285:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(current_locale_name) - i; data/racket-7.8+dfsg1/src/rktio/rktio_convert.c:531:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). intptr_t iilen = strlen(in); data/racket-7.8+dfsg1/src/rktio/rktio_envvars.c:35:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). intptr_t i = strlen(s); data/racket-7.8+dfsg1/src/rktio/rktio_envvars.c:100:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). intptr_t len = strlen(val); data/racket-7.8+dfsg1/src/rktio/rktio_envvars.c:370:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(envvars->names[i]); data/racket-7.8+dfsg1/src/rktio/rktio_envvars.c:371:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(envvars->vals[i]); data/racket-7.8+dfsg1/src/rktio/rktio_envvars.c:380:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(envvars->names[i]); data/racket-7.8+dfsg1/src/rktio/rktio_envvars.c:384:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(envvars->vals[i]); data/racket-7.8+dfsg1/src/rktio/rktio_envvars.c:401:14: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += wcslen(s); data/racket-7.8+dfsg1/src/rktio/rktio_envvars.c:404:16: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += wcslen(s); data/racket-7.8+dfsg1/src/rktio/rktio_envvars.c:416:14: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = wcslen(s); data/racket-7.8+dfsg1/src/rktio/rktio_envvars.c:422:14: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = wcslen(s); data/racket-7.8+dfsg1/src/rktio/rktio_error.c:161:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen(es) - 1; i > 0; i--) { data/racket-7.8+dfsg1/src/rktio/rktio_fd.c:553:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = read(fd, buf, 1); data/racket-7.8+dfsg1/src/rktio/rktio_fd.c:899:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bc = read(rfd->fd, buffer, len); data/racket-7.8+dfsg1/src/rktio/rktio_fd.c:926:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bc = read(rfd->fd, buffer, len); data/racket-7.8+dfsg1/src/rktio/rktio_flock.c:75:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cr = read(ifds[0], &errid, sizeof(int)); data/racket-7.8+dfsg1/src/rktio/rktio_flock.c:129:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cr = read(ofds[0], &ok, sizeof(int)); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:328:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(dirname); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:919:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(filename); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1147:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int read, write, execute, ok; data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1183:20: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return ((read ? RKTIO_PERMISSION_READ : 0) data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1194:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int cr, read, write, execute; data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1237:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return ((read ? RKTIO_PERMISSION_READ : 0) data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1368:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(filename); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1496:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nlen = strlen(e->d_name); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1750:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ds += strlen(s + ds) + 1; data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1828:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ilen = strlen(filename); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1829:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(home); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1848:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int alen = strlen(a); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1849:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int blen = strlen(b); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:1933:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int h_len = strlen(home_str); data/racket-7.8+dfsg1/src/rktio/rktio_fs.c:2072:8: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = wcslen(s) - 1; data/racket-7.8+dfsg1/src/rktio/rktio_fs_change.c:354:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(fd, ev, bsize); data/racket-7.8+dfsg1/src/rktio/rktio_network.c:575:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). cr = read(lookup->done_fd[0], &v, sizeof(long)); data/racket-7.8+dfsg1/src/rktio/rktio_poll_set.c:343:23: [1] (obsolete) ulimit: This C routine is considered obsolete (as opposed to the shell command by the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2), setrlimit(2), and sysconf(3) instead. dynamic_fd_size = ulimit(4, 0); data/racket-7.8+dfsg1/src/rktio/rktio_poll_set.c:1038:18: [1] (obsolete) ulimit: This C routine is considered obsolete (as opposed to the shell command by the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2), setrlimit(2), and sysconf(3) instead. actual_limit = ulimit(4, 0); data/racket-7.8+dfsg1/src/rktio/rktio_poll_set.c:1183:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). rc = read(rktio->external_event_fd, buf, 10); data/racket-7.8+dfsg1/src/rktio/rktio_poll_set.c:1347:5: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep((unsigned)(nsecs * 1000)); data/racket-7.8+dfsg1/src/rktio/rktio_process.c:1026:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). naya = malloc(strlen(s) + 3 + 3*has_quote + was_slash); data/racket-7.8+dfsg1/src/rktio/rktio_process.c:1076:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len += strlen(argv[i]) + 1; data/racket-7.8+dfsg1/src/rktio/rktio_process.c:1083:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(argv[i]); data/racket-7.8+dfsg1/src/rktio/rktio_process.c:1652:7: [1] (obsolete) ulimit: This C routine is considered obsolete (as opposed to the shell command by the same name, which is NOT obsolete) (CWE-676). Use getrlimit(2), setrlimit(2), and sysconf(3) instead. i = ulimit(4, 0); data/racket-7.8+dfsg1/src/rktio/rktio_sha1.c:333:9: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(c, " "); data/racket-7.8+dfsg1/src/rktio/rktio_sha1.c:351:62: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SHA1_Update(&context, (uint8_sha1_t *) test_data[k], strlen(test_data[k])); data/racket-7.8+dfsg1/src/rktio/rktio_syslog.c:114:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). slen = strlen(name); data/racket-7.8+dfsg1/src/rktio/rktio_syslog.c:115:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(msg); data/racket-7.8+dfsg1/src/rktio/rktio_wide.c:278:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(s)+1; /* add nul terminator */ data/racket-7.8+dfsg1/src/rktio/rktio_wide.c:312:7: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = wcslen(ws) + 1; /* add nul terminator */ data/racket-7.8+dfsg1/src/start/MemoryModule.c:142:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmpmsg = (char *)LocalAlloc(LPTR, strlen(msg) + strlen(tmp) + 3); data/racket-7.8+dfsg1/src/start/MemoryModule.c:142:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmpmsg = (char *)LocalAlloc(LPTR, strlen(msg) + strlen(tmp) + 3); data/racket-7.8+dfsg1/src/start/MemoryModule.c:977:31: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t searchKeyLen = _tcslen(key); data/racket-7.8+dfsg1/src/start/MemoryModule.c:1156:5: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). wcsncpy(buffer, data->NameString, size); data/racket-7.8+dfsg1/src/start/start.c:199:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). WriteFile(h, s, strlen(s), &done, NULL); data/racket-7.8+dfsg1/src/start/ustart.c:141:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return write(fd, s, strlen(s)); data/racket-7.8+dfsg1/src/start/ustart.c:165:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l1 = strlen(s1); data/racket-7.8+dfsg1/src/start/ustart.c:166:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l2 = strlen(s2); data/racket-7.8+dfsg1/src/start/ustart.c:184:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l1 = strlen(s1); data/racket-7.8+dfsg1/src/start/ustart.c:198:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l2 = strlen(s2); data/racket-7.8+dfsg1/src/start/ustart.c:215:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return do_path_append(s1, strlen(s1), s2); data/racket-7.8+dfsg1/src/start/ustart.c:250:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l1 = strlen(d); data/racket-7.8+dfsg1/src/start/ustart.c:262:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return s + strlen(s) + 1; data/racket-7.8+dfsg1/src/start/ustart.c:312:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, &e, sizeof(e)) == sizeof(e)) { data/racket-7.8+dfsg1/src/start/ustart.c:319:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, &s, sizeof(s)) != sizeof(s)) { data/racket-7.8+dfsg1/src/start/ustart.c:326:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, strs, s.sh_size) != s.sh_size) { data/racket-7.8+dfsg1/src/start/ustart.c:333:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(fd, &s, sizeof(s)) != sizeof(s)) { data/racket-7.8+dfsg1/src/start/ustart.c:450:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(_coldir + offset); data/racket-7.8+dfsg1/src/start/ustart.c:465:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (expected_length != read(fd, data, expected_length)) { data/racket-7.8+dfsg1/src/start/ustart.c:530:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(_coldir + offset); data/racket-7.8+dfsg1/src/worksp/cstartup.c:30:11: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(in); data/racket-7.8+dfsg1/src/worksp/cstartup.c:41:11: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(in); data/racket-7.8+dfsg1/src/worksp/cstartup.c:45:13: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = fgetc(in); data/racket-7.8+dfsg1/src/worksp/genvsx.c:35:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_fn = malloc(strlen(fn) + 2); data/racket-7.8+dfsg1/src/worksp/genvsx.c:49:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). i = fgetc(f); data/racket-7.8+dfsg1/src/worksp/genvsx.c:76:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fwrite(vers, 1, strlen(vers), new_f); data/racket-7.8+dfsg1/src/worksp/genvsx.c:78:7: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fgetc(f); fgetc(f); fgetc(f); /* = "100" */ data/racket-7.8+dfsg1/src/worksp/genvsx.c:78:17: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fgetc(f); fgetc(f); fgetc(f); /* = "100" */ data/racket-7.8+dfsg1/src/worksp/genvsx.c:78:27: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fgetc(f); fgetc(f); fgetc(f); /* = "100" */ ANALYSIS SUMMARY: Hits = 2197 Lines analyzed = 420483 in approximately 10.47 seconds (40149 lines/second) Physical Source Lines of Code (SLOC) = 315411 Hits@level = [0] 1238 [1] 435 [2] 1531 [3] 50 [4] 171 [5] 10 Hits@level+ = [0+] 3435 [1+] 2197 [2+] 1762 [3+] 231 [4+] 181 [5+] 10 Hits/KSLOC@level+ = [0+] 10.8906 [1+] 6.96551 [2+] 5.58636 [3+] 0.732378 [4+] 0.573854 [5+] 0.0317047 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.