Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/rustc-1.48.0~beta.8+dfsg1/src/ci/docker/scripts/qemu-bare-bones-addentropy.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/auxiliary/rust_test_helpers.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/libcmake_foo/src/foo_cxx.cpp
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make/x86_64-fortanix-unknown-sgx-lvi/enclave/foo_cxx.cpp
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/cross-lang-lto-clang/clib.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/cross-lang-lto-clang/cmain.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/issue-36710/foo.cpp
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/linkage-attr-on-static/foo.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/lto-no-link-whole-rlib/foo.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/lto-no-link-whole-rlib/bar.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/cross-lang-lto-pgo-smoketest/clib.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/cross-lang-lto-pgo-smoketest/cmain.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/extern-fn-with-union/ctest.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/extern-fn-mangle/test.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/issue-28595/a.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/issue-28595/b.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/static-extern-type/define-foo.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/cdylib/foo.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/lto-smoke-c/bar.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/c-static-rlib/cfoo.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/longjmp-across-rust/foo.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/link-cfg/return1.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/link-cfg/return2.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/link-cfg/return3.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/static-dylib-by-default/main.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/cdylib-dylib-linkage/foo.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/issue-25581/test.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/compiler-lookup-paths/native.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/return-non-c-like-enum/test.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/sanitizer-staticlib-link/program.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/issue-24445/foo.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/foreign-exceptions/foo.cpp
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/c-dynamic-rlib/cfoo.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/interdependent-c-libraries/foo.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/interdependent-c-libraries/bar.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/c-dynamic-dylib/cfoo.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/extern-fn-struct-passing-abi/test.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/static-nobundle/aaa.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/issue-14500/foo.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/arguments-non-c-like-enum/test.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/no-duplicate-libs/foo.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/no-duplicate-libs/bar.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/return-non-c-like-enum-from-c/test.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/c-static-dylib/cfoo.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/manual-link/foo.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/manual-link/bar.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/pass-non-c-like-enum-to-c/test.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/archive-duplicate-names/foo.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/archive-duplicate-names/bar.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/redundant-libs/foo.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/redundant-libs/bar.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/redundant-libs/baz.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/link-path-order/wrong.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/link-path-order/correct.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/extern-fn-generic/test.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/compiler-rt-works-on-mingw/foo.cpp
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/issue-68794-textrel-on-minimal-lib/bar.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/c-link-to-rust-dylib/bar.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/issue-15460/foo.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/c-link-to-rust-staticlib/bar.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/c-link-to-rust-va-list-fn/test.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/extern-fn-with-extern-types/ctest.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/extern-fn-with-packed-struct/test.c
Examining data/rustc-1.48.0~beta.8+dfsg1/src/test/run-make-fulldeps/glibc-staticlib-args/program.c
Examining data/rustc-1.48.0~beta.8+dfsg1/compiler/rustc_llvm/llvm-wrapper/LLVMWrapper.h
Examining data/rustc-1.48.0~beta.8+dfsg1/compiler/rustc_llvm/llvm-wrapper/Linker.cpp
Examining data/rustc-1.48.0~beta.8+dfsg1/compiler/rustc_llvm/llvm-wrapper/ArchiveWrapper.cpp
Examining data/rustc-1.48.0~beta.8+dfsg1/compiler/rustc_llvm/llvm-wrapper/CoverageMappingWrapper.cpp
Examining data/rustc-1.48.0~beta.8+dfsg1/compiler/rustc_llvm/llvm-wrapper/PassWrapper.cpp
Examining data/rustc-1.48.0~beta.8+dfsg1/compiler/rustc_llvm/llvm-wrapper/RustWrapper.cpp
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/edtest2.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/testlib.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/atomic.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/alloc.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/instrumented_alloc.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/read.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/nounwind.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/backtrace.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/simple.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/fileline.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/state.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/allocfail.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/unknown.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/mmapio.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/mmap.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/test_format.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/print.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/sort.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/btest.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/edtest.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/stest.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ttest.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/unittest.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ztest.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/posix.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/testlib.h
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/backtrace.h
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/internal.h
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/filenames.h
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/android-api.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/cpp_smoke_test/cpp/trampoline.cpp
Examining data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/line-tables-only/src/callback.c
Examining data/rustc-1.48.0~beta.8+dfsg1/library/stdarch/crates/stdarch-verify/mips-msa.h
Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/perf-event/wrapper.h
Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/psm/src/arch/psm.h
Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/yaml-rust-0.3.5/tests/specs/handler_spec_test.cpp
Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/html5ever/examples/capi/tokenize.c
Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/dlmalloc/src/dlmalloc.c
Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/goblin/tests/bins/elf/gnu_hash/helloworld.c
Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/walkdir/compare/nftw.c
Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/stacker/src/arch/windows.c
Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/stacker/src/arch/asm.h
Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/perf-event-open-sys/wrapper.h
Examining data/rustc-1.48.0~beta.8+dfsg1/vendor/lzma-sys/config.h
FINAL RESULTS:
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:110:9: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
#define readlink xreadlink
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:773:12: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
rl = readlink (filename, buf, len);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/btest.c:220:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr,
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/btest.c:228:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr,
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/btest.c:256:8: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr,
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/btest.c:292:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr,
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/btest.c:367:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr,
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ztest.c:455:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr,
data/rustc-1.48.0~beta.8+dfsg1/vendor/dlmalloc/src/dlmalloc.c:1973:32: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
#define ACQUIRE_LOCK(lk) (EnterCriticalSection(lk), 0)
data/rustc-1.48.0~beta.8+dfsg1/vendor/dlmalloc/src/dlmalloc.c:1992:7: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&malloc_global_mutex);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/allocfail.c:119:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fail_at = atoi (argv[1]);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:748:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char b[200];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:2751:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s, dir, dir_len);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:2756:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s + dir_len + 1, filename, filename_len + 1);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:2843:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s, dir, dir_len);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:2848:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s + dir_len + 1, path, path_len + 1);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:3120:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p, dir, dir_len);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:3126:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p + dir_len + 1, f, f_len + 1);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:4064:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s, dir, dir_len);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:4067:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (s + dir_len + 1, filename, filename_len + 1);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:212:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char e_ident[EI_NIDENT]; /* ELF "magic number" */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:312:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[1];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:342:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const dwarf_section_names[DEBUG_MAX] =
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:821:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (t, prefix, prefix_len);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:836:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (t, suffix, suffix_len);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:872:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (try, prefix, prefix_len);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:873:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (try + prefix_len, prefix2, prefix2_len);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:874:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (try + prefix_len + prefix2_len, debuglink_name, debuglink_len);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:935:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (c, filename, slash - filename);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:936:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (c + (slash - filename), new_buf, strlen (new_buf));
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:1487:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char codes[288];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:1768:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pout, pin, len);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:1794:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char codebits[19];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:2305:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pout, pout - dist, len);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:2315:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (pout, pout - dist, copy);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:2668:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char split_debug_view_valid[DEBUG_MAX];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:2700:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&ehdr, ehdr_view.data, sizeof ehdr);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:3202:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
sections[i].data = ((const unsigned char *)
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:3205:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
zsections[i].data = ((const unsigned char *)
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/fileline.c:138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/internal.h:310:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const unsigned char *data[DEBUG_MAX];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:144:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char segname[MACH_O_NAMELEN]; /* Segment name */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:161:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char segname[MACH_O_NAMELEN]; /* Segment name */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:194:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uuid[MACH_O_UUID_LEN]; /* UUID */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:201:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sectname[MACH_O_NAMELEN]; /* Section name */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:202:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char segment[MACH_O_NAMELEN]; /* Segment of this section */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:218:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sectname[MACH_O_NAMELEN]; /* Section name */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:219:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char segment[MACH_O_NAMELEN]; /* Segment of this section */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:282:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const dwarf_section_names[DEBUG_MAX] =
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:399:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (§ion, psecs + secoffset, sizeof section);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:410:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (§ion, psecs + secoffset, sizeof section);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:538:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&nlist, (const char *) sym_view.data + symtaboff,
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:547:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&nlist, (const char *) sym_view.data + symtaboff,
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:576:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&nlist, (const char *) sym_view.data + symtaboff,
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:588:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&nlist, (const char *) sym_view.data + symtaboff,
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:777:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&fat_arch,
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:858:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (diralc, filename, dirnamelen);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:878:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ps, dirname, dirnamelen);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:881:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ps, basename, basenamelen);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:883:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ps, dsymsuffixdir, dsymsuffixdirlen);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:885:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (ps, basename, basenamelen);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:948:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uuid[MACH_O_UUID_LEN];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:966:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&header, header_view.data, sizeof header);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:985:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&fat_header, &header, sizeof fat_header);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:997:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&fat_header, &header, sizeof fat_header);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:1040:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&load_command, pcmd, sizeof load_command);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:1048:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&segcmd, pcmd, sizeof segcmd);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:1070:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&segcmd, pcmd, sizeof segcmd);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:1093:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&symcmd, pcmd, sizeof symcmd);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:1108:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&uuidcmd, pcmd, sizeof uuidcmd);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:1109:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&uuid[0], &uuidcmd.uuid[0], MACH_O_UUID_LEN);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/mmap.c:271:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (base, vec->base, vec->size);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char short_name[8];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:101:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char zeroes[4];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:102:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char off[4];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:110:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char value[4];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:111:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char section_number[2];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:112:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char type[2];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:138:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * const debug_section_names[DEBUG_MAX] =
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:214:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&res, p, 4);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:422:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (coff_str, isym.name, len);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:649:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&fhdr, fhdr_view.data + 4, sizeof fhdr);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:653:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&fhdr, fhdr_view.data, sizeof fhdr);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/pecoff.c:750:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
str_off = atoi (s->name + 1);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/posix.c:67:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
descriptor = open (filename, (int) (O_RDONLY | O_BINARY | O_CLOEXEC));
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/stest.c:122:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (a, tests[i].input, tests[i].count * sizeof (int));
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:96:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s_name[8];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:113:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _name[SYMNMLEN];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:205:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_fname[FILNMLEN];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:209:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pad[FILNMLEN-8];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:272:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fl_magic[8]; /* Archive magic string. */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:273:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fl_memoff[20]; /* Offset to member table. */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:274:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fl_gstoff[20]; /* Offset to global symbol table. */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:275:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fl_gst64off[20]; /* Offset to global symbol table for 64-bit objects. */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:276:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fl_fstmoff[20]; /* Offset to first archive member. */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:277:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fl_freeoff[20]; /* Offset to first member on free list. */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:283:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ar_size[20]; /* File member size - decimal. */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:284:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ar_nxtmem[20]; /* Next member offset - decimal. */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:285:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ar_prvmem[20]; /* Previous member offset - decimal. */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:286:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ar_date[12]; /* File member date - decimal. */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:287:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ar_uid[12]; /* File member userid - decimal. */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:288:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ar_gid[12]; /* File member group id - decimal. */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:289:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ar_mode[12]; /* File member mode - octal. */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:290:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ar_namlen[4]; /* File member name length - decimal. */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:291:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ar_name[2]; /* Start of member name. */
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:571:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SYMNMLEN+1];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:945:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FILNMLEN+1];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:1119:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&fhdr, fhdr_view.data, sizeof fhdr);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:1196:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&str_size, syms_view.data + syms_size, 4);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:1374:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:1379:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (str, buf, size);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:1412:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&fl_hdr, view.data, sizeof (b_ar_fl_hdr));
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ztest.c:203:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p, "ZLIB", 4);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ztest.c:209:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (p + 12, tests[i].compressed, tests[i].compressed_len);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ztest.c:212:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if (!backtrace_uncompress_zdebug (state, (unsigned char *) p,
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ztest.c:344:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
e = fopen (namebuf, "r");
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ztest.c:398:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (compressed_buf, "ZLIB", 4);
data/rustc-1.48.0~beta.8+dfsg1/src/ci/docker/scripts/qemu-bare-bones-addentropy.c:14:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[N];
data/rustc-1.48.0~beta.8+dfsg1/src/ci/docker/scripts/qemu-bare-bones-addentropy.c:21:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int random_fd = open("/dev/random", O_RDWR);
data/rustc-1.48.0~beta.8+dfsg1/vendor/dlmalloc/src/dlmalloc.c:1655:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(dev_zero_fd = open("/dev/zero", O_RDWR), \
data/rustc-1.48.0~beta.8+dfsg1/vendor/dlmalloc/src/dlmalloc.c:3159:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[sizeof(size_t)];
data/rustc-1.48.0~beta.8+dfsg1/vendor/dlmalloc/src/dlmalloc.c:3161:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = open("/dev/urandom", O_RDONLY)) >= 0 &&
data/rustc-1.48.0~beta.8+dfsg1/vendor/dlmalloc/src/dlmalloc.c:5216:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, oldmem, (oc < bytes)? oc : bytes);
data/rustc-1.48.0~beta.8+dfsg1/vendor/dlmalloc/src/dlmalloc.c:5766:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, oldmem, (oc < bytes)? oc : bytes);
data/rustc-1.48.0~beta.8+dfsg1/compiler/rustc_llvm/llvm-wrapper/PassWrapper.cpp:396:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
MaxLen = std::max(MaxLen, std::strlen(I.Key));
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/btest.c:289:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strncmp (symdata.name, expected, strlen (expected))
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:2744:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dir_len = strlen (dir);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:2745:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename_len = strlen (filename);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:2837:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dir_len = strlen (dir);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:2838:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_len = strlen (path);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:3112:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dir_len = strlen (dir);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:3113:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f_len = strlen (f);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:4054:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename_len = strlen (filename);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/dwarf.c:4056:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dir_len = strlen (dir);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:805:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t prefix_len = strlen (prefix);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:807:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t suffix_len = strlen (suffix);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:866:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
debuglink_len = strlen (debuglink_name);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:930:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
clen = slash - filename + strlen (new_buf) + 1;
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:936:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (c + (slash - filename), new_buf, strlen (new_buf));
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:937:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c[slash - filename + strlen (new_buf)] = '\0';
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:977:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen (".debug/"), debuglink_name,
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/elf.c:988:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen ("/usr/lib/debug/"), prefix,
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:849:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
basenamelen = strlen (basename);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:862:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
basenamelen = strlen (basename);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/macho.c:866:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dsymsuffixdirlen = strlen (dsymsuffixdir);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/read.c:77:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
r = read (descriptor, view->base, size - got);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:572:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, asym->n_name, SYMNMLEN);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:946:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, aux->x_file.x_fname, FILNMLEN);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:1419:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memlen = strlen (member);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/xcoff.c:1526:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
member = ldinfo->ldinfo_filename + strlen (ldinfo->ldinfo_filename) + 1;
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ztest.c:206:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
v = strlen (tests[i].uncompressed);
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ztest.c:336:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (SRCDIR) + strlen (names[i]) + 2;
data/rustc-1.48.0~beta.8+dfsg1/library/backtrace/crates/backtrace-sys/src/libbacktrace/ztest.c:336:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (SRCDIR) + strlen (names[i]) + 2;
data/rustc-1.48.0~beta.8+dfsg1/src/ci/docker/scripts/qemu-bare-bones-addentropy.c:24:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((n = read(0, &buf.data, N)) > 0) {
data/rustc-1.48.0~beta.8+dfsg1/vendor/dlmalloc/src/dlmalloc.c:819:32: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
#define dlmemalign memalign
data/rustc-1.48.0~beta.8+dfsg1/vendor/dlmalloc/src/dlmalloc.c:3162:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, buf, sizeof(buf)) == sizeof(buf)) {
ANALYSIS SUMMARY:
Hits = 158
Lines analyzed = 30476 in approximately 3.87 seconds (7876 lines/second)
Physical Source Lines of Code (SLOC) = 21610
Hits@level = [0] 112 [1] 32 [2] 116 [3] 2 [4] 6 [5] 2
Hits@level+ = [0+] 270 [1+] 158 [2+] 126 [3+] 10 [4+] 8 [5+] 2
Hits/KSLOC@level+ = [0+] 12.4942 [1+] 7.31143 [2+] 5.83063 [3+] 0.462749 [4+] 0.370199 [5+] 0.0925497
Dot directories skipped = 10 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.