Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/binder.cpp
Examining data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/binder.h
Examining data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/cmain.cpp
Examining data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp
Examining data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.h
Examining data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp
Examining data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.h
Examining data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/eventmachine.h
Examining data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/fastfilereader/mapper.cpp
Examining data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/fastfilereader/mapper.h
Examining data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/fastfilereader/rubymain.cpp
Examining data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/kb.cpp
Examining data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/page.cpp
Examining data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/page.h
Examining data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/pipe.cpp
Examining data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/project.h
Examining data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/rubymain.cpp
Examining data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ssl.h
Examining data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/wait_for_single_fd.h
Examining data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ssl.cpp
FINAL RESULTS:
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:1364:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (pun.sun_path, server);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:2036:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp (cmd_strings[0], cmd_strings+1);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:2101:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errbuf, "failed to register file watch descriptor with kqueue: %s", strerror(errno));
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:2168:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errbuf, "error registering file %s for watching: %s", fpath, strerror(errno));
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:2183:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errbuf, "failed to open file %s for registering with inotify: %s", fpath, strerror(errno));
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:2196:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errbuf, "failed to open file %s for registering with kqueue: %s", fpath, strerror(errno));
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:2347:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(errbuf, "failed to register file watch descriptor with kqueue: %s", strerror(errno));
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:381:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand ((int)time(NULL));
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/binder.cpp:47:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open (DEV_URANDOM, O_RDONLY);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/binder.cpp:51:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char u[16];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/binder.cpp:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char u2 [sizeof(u) * 2 + 1];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/binder.cpp:60:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (u2 + (i * 2), "%02x", u1[i]);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/cmain.cpp:38:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err_string[err_size];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/cmain.cpp:917:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[32*1024];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/cmain.cpp:923:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int Fd = open (filename, O_RDONLY|O_BINARY);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/cmain.cpp:925:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int Fd = open (filename, O_RDONLY);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:288:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:306:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:317:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:328:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:339:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:350:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:375:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:390:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:488:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:507:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:831:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, data, length);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:972:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readbuffer [16 * 1024 + 1];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:1051:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char B [2048];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:1232:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_buffer [16 * 1024];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:1237:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (output_buffer + nbytes, op->Buffer + op->Offset, op->Length - op->Offset);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:1244:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (output_buffer + nbytes, op->Buffer + op->Offset, len);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:1310:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, output_buffer + bytes_written, len);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:1526:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char BigBuf [SSLBOX_OUTPUT_CHUNKSIZE];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:1891:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readbuffer [16 * 1024];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:1929:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&ReturnAddress, &sin, slen);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:2051:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, data, length);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:2098:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, data, length);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:2149:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s, &ReturnAddress, sizeof(ReturnAddress));
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:2195:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:278:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:399:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:415:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:867:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:897:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:1082:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer [1024];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:1181:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:1188:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:1211:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:1480:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:1499:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:1540:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portstr[12];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:1546:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (addr, ai->ai_addr, ai->ai_addrlen);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:1695:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:1723:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:1760:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:1871:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:2100:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:2167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[300];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:2182:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[300];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:2193:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wd = open(fpath, O_RDONLY);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:2195:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[300];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:2256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:2346:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errbuf[200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/fastfilereader/mapper.cpp:52:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Fd = open (filename.c_str(), O_RDONLY);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/page.cpp:99:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (copy, buf, size);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/pipe.cpp:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char readbuffer [16 * 1024];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/pipe.cpp:205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char output_buffer [16 * 1024];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/pipe.cpp:211:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (output_buffer + nbytes, op->Buffer + op->Offset, op->Length - op->Offset);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/pipe.cpp:218:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (output_buffer + nbytes, op->Buffer + op->Offset, len);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/pipe.cpp:245:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, output_buffer + bytes_written, len);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/pipe.cpp:326:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buffer, data, length);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/rubymain.cpp:482:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/rubymain.cpp:501:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/rubymain.cpp:744:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/rubymain.cpp:989:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *strings [2048];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/rubymain.cpp:1005:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/rubymain.cpp:1221:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ssl.cpp:97:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buf, "kittycat");
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ssl.cpp:229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [500];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ssl.cpp:238:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [500];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ssl.cpp:256:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ssl.cpp:263:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf [200];
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/binder.cpp:52:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
size_t r = read (fd, u, sizeof(u));
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/cmain.cpp:948:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read (Fd, data, filesize);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:621:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void ConnectionDescriptor::_UpdateEvents(bool read, bool write)
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:626:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read && !write)
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:632:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read) {
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:651:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read && SelectForRead())
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:983:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int r = read (sd, readbuffer, sizeof(readbuffer) - 1);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/ed.cpp:1497:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*EventCallback)(GetBinding(), EM_SSL_VERIFY, cert, strlen(cert));
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:1083:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void)read (LoopBreakerReader, buffer, sizeof(buffer));
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:1360:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(server) >= sizeof(pun.sun_path))
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:1916:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (s_sun.sun_path, filename, sizeof(s_sun.sun_path)-1);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/em.cpp:2261:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int returned = read(inotify->GetSocket(), buffer, sizeof(buffer));
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/kb.cpp:77:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(void)read (GetSocket(), &c, 1);
data/ruby-eventmachine-1.3~pre20190820-g10fb0c4/ext/pipe.cpp:160:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int r = read (sd, readbuffer, sizeof(readbuffer) - 1);
ANALYSIS SUMMARY:
Hits = 97
Lines analyzed = 10256 in approximately 0.28 seconds (37063 lines/second)
Physical Source Lines of Code (SLOC) = 6031
Hits@level = [0] 35 [1] 14 [2] 75 [3] 1 [4] 7 [5] 0
Hits@level+ = [0+] 132 [1+] 97 [2+] 83 [3+] 8 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 21.8869 [1+] 16.0836 [2+] 13.7622 [3+] 1.32648 [4+] 1.16067 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.