Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/rustc-1.48.0~beta.8+dfsg1/src/ci/docker/scripts/qemu-bare-bones-addentropy.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/auxiliary/rust_test_helpers.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_cxx.cpp Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo_cxx.cpp Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/cross-lang-lto-clang/clib.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/cross-lang-lto-clang/cmain.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/issue-36710/foo.cpp Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/linkage-attr-on-static/foo.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/lto-no-link-whole-rlib/foo.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/lto-no-link-whole-rlib/bar.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/cross-lang-lto-pgo-smoketest/clib.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/cross-lang-lto-pgo-smoketest/cmain.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/extern-fn-with-union/ctest.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/extern-fn-mangle/test.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/issue-28595/a.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/issue-28595/b.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/static-extern-type/define-foo.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/cdylib/foo.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/lto-smoke-c/bar.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/c-static-rlib/cfoo.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/longjmp-across-rust/foo.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/link-cfg/return1.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/link-cfg/return2.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/link-cfg/return3.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/static-dylib-by-default/main.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/cdylib-dylib-linkage/foo.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/issue-25581/test.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/compiler-lookup-paths/native.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/return-non-c-like-enum/test.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/sanitizer-staticlib-link/program.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/issue-24445/foo.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/foreign-exceptions/foo.cpp Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/c-dynamic-rlib/cfoo.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/interdependent-c-libraries/foo.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/interdependent-c-libraries/bar.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/c-dynamic-dylib/cfoo.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/extern-fn-struct-passing-abi/test.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/static-nobundle/aaa.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/issue-14500/foo.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/arguments-non-c-like-enum/test.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/no-duplicate-libs/foo.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/no-duplicate-libs/bar.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/return-non-c-like-enum-from-c/test.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/c-static-dylib/cfoo.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/manual-link/foo.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/manual-link/bar.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/pass-non-c-like-enum-to-c/test.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/archive-duplicate-names/foo.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/archive-duplicate-names/bar.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/redundant-libs/foo.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/redundant-libs/bar.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/redundant-libs/baz.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/link-path-order/wrong.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/link-path-order/correct.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/extern-fn-generic/test.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/compiler-rt-works-on-mingw/foo.cpp Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/issue-68794-textrel-on-minimal-lib/bar.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/c-link-to-rust-dylib/bar.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/issue-15460/foo.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/c-link-to-rust-staticlib/bar.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/c-link-to-rust-va-list-fn/test.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/extern-fn-with-extern-types/ctest.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/extern-fn-with-packed-struct/test.c Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/glibc-staticlib-args/program.c Examining data/rustc-1.48.0~beta.8+dfsg1/compiler/rustc_llvm/llvm-wrapper/LLVMWrapper.h Examining data/rustc-1.48.0~beta.8+dfsg1/compiler/rustc_llvm/llvm-wrapper/Linker.cpp Examining data/rustc-1.48.0~beta.8+dfsg1/compiler/rustc_llvm/llvm-wrapper/ArchiveWrapper.cpp Examining data/rustc-1.48.0~beta.8+dfsg1/compiler/rustc_llvm/llvm-wrapper/CoverageMappingWrapper.cpp Examining data/rustc-1.48.0~beta.8+dfsg1/compiler/rustc_llvm/llvm-wrapper/PassWrapper.cpp Examining data/rustc-1.48.0~beta.8+dfsg1/compiler/rustc_llvm/llvm-wrapper/RustWrapper.cpp Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/edtest2.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/testlib.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/atomic.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/alloc.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/instrumented_alloc.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/read.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/nounwind.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/backtrace.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/simple.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/fileline.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/state.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/allocfail.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/unknown.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/mmapio.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/mmap.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/test_format.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/print.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/sort.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/btest.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/edtest.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/stest.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ttest.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/unittest.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ztest.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/posix.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/testlib.h Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/backtrace.h Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/internal.h Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/filenames.h Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/android-api.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/cpp_smoke_test/cpp/trampoline.cpp Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/line-tables-only/src/callback.c Examining data/rustc-1.48.0~beta.8+dfsg1/library/stdarch/crates/stdarch-verify/mips-msa.h Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/perf-event/wrapper.h Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/psm/src/arch/psm.h Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/yaml-rust-0.3.5/tests/specs/handler_spec_test.cpp Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/html5ever/examples/capi/tokenize.c Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/dlmalloc/src/dlmalloc.c Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/goblin/tests/bins/elf/gnu_hash/helloworld.c Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/walkdir/compare/nftw.c Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/stacker/src/arch/windows.c Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/stacker/src/arch/asm.h Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/perf-event-open-sys/wrapper.h Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/lzma-sys/config.h FINAL RESULTS: data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:110:9: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. #define readlink xreadlink data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:773:12: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. rl = readlink (filename, buf, len); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/btest.c:220:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/btest.c:228:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/btest.c:256:8: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/btest.c:292:5: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/btest.c:367:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ztest.c:455:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, data/rustc-1.48.0~beta.8+dfsg1/vendor/dlmalloc/src/dlmalloc.c:1973:32: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. #define ACQUIRE_LOCK(lk) (EnterCriticalSection(lk), 0) data/rustc-1.48.0~beta.8+dfsg1/vendor/dlmalloc/src/dlmalloc.c:1992:7: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(&malloc_global_mutex); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/allocfail.c:119:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). fail_at = atoi (argv[1]); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:748:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[200]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:2751:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s, dir, dir_len); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:2756:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s + dir_len + 1, filename, filename_len + 1); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:2843:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s, dir, dir_len); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:2848:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s + dir_len + 1, path, path_len + 1); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:3120:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, dir, dir_len); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:3126:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p + dir_len + 1, f, f_len + 1); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:4064:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s, dir, dir_len); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:4067:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (s + dir_len + 1, filename, filename_len + 1); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:212:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char e_ident[EI_NIDENT]; /* ELF "magic number" */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:312:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:342:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * const dwarf_section_names[DEBUG_MAX] = data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:821:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (t, prefix, prefix_len); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:836:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (t, suffix, suffix_len); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:872:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (try, prefix, prefix_len); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:873:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (try + prefix_len, prefix2, prefix2_len); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:874:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (try + prefix_len + prefix2_len, debuglink_name, debuglink_len); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:935:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (c, filename, slash - filename); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:936:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (c + (slash - filename), new_buf, strlen (new_buf)); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:1487:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char codes[288]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:1768:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pout, pin, len); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:1794:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char codebits[19]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:2305:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pout, pout - dist, len); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:2315:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (pout, pout - dist, copy); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:2668:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char split_debug_view_valid[DEBUG_MAX]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:2700:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&ehdr, ehdr_view.data, sizeof ehdr); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:3202:42: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. sections[i].data = ((const unsigned char *) data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:3205:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. zsections[i].data = ((const unsigned char *) data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/fileline.c:138:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/internal.h:310:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char *data[DEBUG_MAX]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:144:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char segname[MACH_O_NAMELEN]; /* Segment name */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:161:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char segname[MACH_O_NAMELEN]; /* Segment name */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:194:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[MACH_O_UUID_LEN]; /* UUID */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:201:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sectname[MACH_O_NAMELEN]; /* Section name */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:202:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char segment[MACH_O_NAMELEN]; /* Segment of this section */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:218:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sectname[MACH_O_NAMELEN]; /* Section name */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:219:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char segment[MACH_O_NAMELEN]; /* Segment of this section */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:282:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * const dwarf_section_names[DEBUG_MAX] = data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:399:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (§ion, psecs + secoffset, sizeof section); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:410:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (§ion, psecs + secoffset, sizeof section); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:538:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&nlist, (const char *) sym_view.data + symtaboff, data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:547:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&nlist, (const char *) sym_view.data + symtaboff, data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:576:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&nlist, (const char *) sym_view.data + symtaboff, data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:588:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&nlist, (const char *) sym_view.data + symtaboff, data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:777:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&fat_arch, data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:858:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (diralc, filename, dirnamelen); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:878:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ps, dirname, dirnamelen); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:881:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ps, basename, basenamelen); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:883:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ps, dsymsuffixdir, dsymsuffixdirlen); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:885:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (ps, basename, basenamelen); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:948:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char uuid[MACH_O_UUID_LEN]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:966:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&header, header_view.data, sizeof header); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:985:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&fat_header, &header, sizeof fat_header); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:997:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&fat_header, &header, sizeof fat_header); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:1040:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&load_command, pcmd, sizeof load_command); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:1048:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&segcmd, pcmd, sizeof segcmd); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:1070:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&segcmd, pcmd, sizeof segcmd); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:1093:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&symcmd, pcmd, sizeof symcmd); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:1108:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&uuidcmd, pcmd, sizeof uuidcmd); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:1109:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&uuid[0], &uuidcmd.uuid[0], MACH_O_UUID_LEN); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/mmap.c:271:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (base, vec->base, vec->size); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:84:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:99:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char short_name[8]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:101:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char zeroes[4]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:102:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char off[4]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:110:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char value[4]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:111:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char section_number[2]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:112:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char type[2]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:138:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * const debug_section_names[DEBUG_MAX] = data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:214:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&res, p, 4); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:422:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (coff_str, isym.name, len); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:649:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&fhdr, fhdr_view.data + 4, sizeof fhdr); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:653:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&fhdr, fhdr_view.data, sizeof fhdr); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:750:14: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). str_off = atoi (s->name + 1); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/posix.c:67:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). descriptor = open (filename, (int) (O_RDONLY | O_BINARY | O_CLOEXEC)); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/stest.c:122:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (a, tests[i].input, tests[i].count * sizeof (int)); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:96:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s_name[8]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:113:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[8]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:145:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _name[SYMNMLEN]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:205:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char x_fname[FILNMLEN]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:209:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pad[FILNMLEN-8]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:272:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fl_magic[8]; /* Archive magic string. */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:273:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fl_memoff[20]; /* Offset to member table. */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:274:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fl_gstoff[20]; /* Offset to global symbol table. */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:275:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fl_gst64off[20]; /* Offset to global symbol table for 64-bit objects. */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:276:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fl_fstmoff[20]; /* Offset to first archive member. */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:277:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fl_freeoff[20]; /* Offset to first member on free list. */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:283:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ar_size[20]; /* File member size - decimal. */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:284:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ar_nxtmem[20]; /* Next member offset - decimal. */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:285:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ar_prvmem[20]; /* Previous member offset - decimal. */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:286:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ar_date[12]; /* File member date - decimal. */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:287:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ar_uid[12]; /* File member userid - decimal. */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:288:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ar_gid[12]; /* File member group id - decimal. */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:289:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ar_mode[12]; /* File member mode - octal. */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:290:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ar_namlen[4]; /* File member name length - decimal. */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:291:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ar_name[2]; /* Start of member name. */ data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:571:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[SYMNMLEN+1]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:945:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[FILNMLEN+1]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:1119:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&fhdr, fhdr_view.data, sizeof fhdr); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:1196:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&str_size, syms_view.data + syms_size, 4); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:1374:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[32]; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:1379:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (str, buf, size); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:1412:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&fl_hdr, view.data, sizeof (b_ar_fl_hdr)); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ztest.c:203:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p, "ZLIB", 4); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ztest.c:209:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (p + 12, tests[i].compressed, tests[i].compressed_len); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ztest.c:212:58: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (!backtrace_uncompress_zdebug (state, (unsigned char *) p, data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ztest.c:344:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). e = fopen (namebuf, "r"); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ztest.c:398:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (compressed_buf, "ZLIB", 4); data/rustc-1.48.0~beta.8+dfsg1/src/ci/docker/scripts/qemu-bare-bones-addentropy.c:14:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[N]; data/rustc-1.48.0~beta.8+dfsg1/src/ci/docker/scripts/qemu-bare-bones-addentropy.c:21:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int random_fd = open("/dev/random", O_RDWR); data/rustc-1.48.0~beta.8+dfsg1/vendor/dlmalloc/src/dlmalloc.c:1655:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). (dev_zero_fd = open("/dev/zero", O_RDWR), \ data/rustc-1.48.0~beta.8+dfsg1/vendor/dlmalloc/src/dlmalloc.c:3159:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[sizeof(size_t)]; data/rustc-1.48.0~beta.8+dfsg1/vendor/dlmalloc/src/dlmalloc.c:3161:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = open("/dev/urandom", O_RDONLY)) >= 0 && data/rustc-1.48.0~beta.8+dfsg1/vendor/dlmalloc/src/dlmalloc.c:5216:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mem, oldmem, (oc < bytes)? oc : bytes); data/rustc-1.48.0~beta.8+dfsg1/vendor/dlmalloc/src/dlmalloc.c:5766:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(mem, oldmem, (oc < bytes)? oc : bytes); data/rustc-1.48.0~beta.8+dfsg1/compiler/rustc_llvm/llvm-wrapper/PassWrapper.cpp:396:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). MaxLen = std::max(MaxLen, std::strlen(I.Key)); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/btest.c:289:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if (strncmp (symdata.name, expected, strlen (expected)) data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:2744:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dir_len = strlen (dir); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:2745:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename_len = strlen (filename); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:2837:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dir_len = strlen (dir); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:2838:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path_len = strlen (path); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:3112:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dir_len = strlen (dir); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:3113:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). f_len = strlen (f); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:4054:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). filename_len = strlen (filename); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:4056:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dir_len = strlen (dir); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:805:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t prefix_len = strlen (prefix); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:807:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t suffix_len = strlen (suffix); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:866:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). debuglink_len = strlen (debuglink_name); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:930:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = slash - filename + strlen (new_buf) + 1; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:936:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy (c + (slash - filename), new_buf, strlen (new_buf)); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:937:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c[slash - filename + strlen (new_buf)] = '\0'; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:977:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (".debug/"), debuglink_name, data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:988:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen ("/usr/lib/debug/"), prefix, data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:849:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). basenamelen = strlen (basename); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:862:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). basenamelen = strlen (basename); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:866:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dsymsuffixdirlen = strlen (dsymsuffixdir); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/read.c:77:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read (descriptor, view->base, size - got); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:572:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (name, asym->n_name, SYMNMLEN); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:946:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (name, aux->x_file.x_fname, FILNMLEN); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:1419:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memlen = strlen (member); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:1526:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). member = ldinfo->ldinfo_filename + strlen (ldinfo->ldinfo_filename) + 1; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ztest.c:206:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). v = strlen (tests[i].uncompressed); data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ztest.c:336:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (SRCDIR) + strlen (names[i]) + 2; data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ztest.c:336:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen (SRCDIR) + strlen (names[i]) + 2; data/rustc-1.48.0~beta.8+dfsg1/src/ci/docker/scripts/qemu-bare-bones-addentropy.c:24:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((n = read(0, &buf.data, N)) > 0) { data/rustc-1.48.0~beta.8+dfsg1/vendor/dlmalloc/src/dlmalloc.c:819:32: [1] (free) memalign: On some systems (though not Linux-based systems) an attempt to free() results from memalign() may fail. This may, on a few systems, be exploitable. Also note that memalign() may not check that the boundary parameter is correct (CWE-676). Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient. #define dlmemalign memalign data/rustc-1.48.0~beta.8+dfsg1/vendor/dlmalloc/src/dlmalloc.c:3162:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). read(fd, buf, sizeof(buf)) == sizeof(buf)) { ANALYSIS SUMMARY: Hits = 158 Lines analyzed = 30476 in approximately 3.87 seconds (7876 lines/second) Physical Source Lines of Code (SLOC) = 21610 Hits@level = [0] 112 [1] 32 [2] 116 [3] 2 [4] 6 [5] 2 Hits@level+ = [0+] 270 [1+] 158 [2+] 126 [3+] 10 [4+] 8 [5+] 2 Hits/KSLOC@level+ = [0+] 12.4942 [1+] 7.31143 [2+] 5.83063 [3+] 0.462749 [4+] 0.370199 [5+] 0.0925497 Dot directories skipped = 10 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.