Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/srecord-1.64/srec_cat/arglex3.cc Examining data/srecord-1.64/srec_cat/arglex3.h Examining data/srecord-1.64/srec_cat/main.cc Examining data/srecord-1.64/srec_cmp/main.cc Examining data/srecord-1.64/srec_info/main.cc Examining data/srecord-1.64/srecord/adler16.cc Examining data/srecord-1.64/srecord/adler16.h Examining data/srecord-1.64/srecord/adler32.cc Examining data/srecord-1.64/srecord/adler32.h Examining data/srecord-1.64/srecord/arglex.cc Examining data/srecord-1.64/srecord/arglex.h Examining data/srecord-1.64/srecord/arglex/abbreviate.cc Examining data/srecord-1.64/srecord/arglex/test_ambiguous.cc Examining data/srecord-1.64/srecord/arglex/tool.cc Examining data/srecord-1.64/srecord/arglex/tool.h Examining data/srecord-1.64/srecord/arglex/tool/get_interval.cc Examining data/srecord-1.64/srecord/arglex/tool/get_interval_small.cc Examining data/srecord-1.64/srecord/arglex/tool/get_number.cc Examining data/srecord-1.64/srecord/arglex/tool/get_string.cc Examining data/srecord-1.64/srecord/arglex/tool/input.cc Examining data/srecord-1.64/srecord/arglex/tool/output.cc Examining data/srecord-1.64/srecord/bitrev.cc Examining data/srecord-1.64/srecord/bitrev.h Examining data/srecord-1.64/srecord/config.messy.h Examining data/srecord-1.64/srecord/crc16.cc Examining data/srecord-1.64/srecord/crc16.h Examining data/srecord-1.64/srecord/crc32.cc Examining data/srecord-1.64/srecord/crc32.h Examining data/srecord-1.64/srecord/defcon.cc Examining data/srecord-1.64/srecord/defcon.h Examining data/srecord-1.64/srecord/endian.cc Examining data/srecord-1.64/srecord/endian.h Examining data/srecord-1.64/srecord/endian/decode_word.cc Examining data/srecord-1.64/srecord/fletcher16.cc Examining data/srecord-1.64/srecord/fletcher16.h Examining data/srecord-1.64/srecord/fletcher32.cc Examining data/srecord-1.64/srecord/fletcher32.h Examining data/srecord-1.64/srecord/format_printf.h Examining data/srecord-1.64/srecord/input.cc Examining data/srecord-1.64/srecord/input.h Examining data/srecord-1.64/srecord/input/catenate.cc Examining data/srecord-1.64/srecord/input/catenate.h Examining data/srecord-1.64/srecord/input/file.cc Examining data/srecord-1.64/srecord/input/file.h Examining data/srecord-1.64/srecord/input/file/aomf.cc Examining data/srecord-1.64/srecord/input/file/aomf.h Examining data/srecord-1.64/srecord/input/file/ascii_hex.cc Examining data/srecord-1.64/srecord/input/file/ascii_hex.h Examining data/srecord-1.64/srecord/input/file/atmel_generic.cc Examining data/srecord-1.64/srecord/input/file/atmel_generic.h Examining data/srecord-1.64/srecord/input/file/binary.cc Examining data/srecord-1.64/srecord/input/file/binary.h Examining data/srecord-1.64/srecord/input/file/brecord.cc Examining data/srecord-1.64/srecord/input/file/brecord.h Examining data/srecord-1.64/srecord/input/file/cosmac.cc Examining data/srecord-1.64/srecord/input/file/cosmac.h Examining data/srecord-1.64/srecord/input/file/dec_binary.cc Examining data/srecord-1.64/srecord/input/file/dec_binary.h Examining data/srecord-1.64/srecord/input/file/emon52.cc Examining data/srecord-1.64/srecord/input/file/emon52.h Examining data/srecord-1.64/srecord/input/file/fairchild.cc Examining data/srecord-1.64/srecord/input/file/fairchild.h Examining data/srecord-1.64/srecord/input/file/fastload.cc Examining data/srecord-1.64/srecord/input/file/fastload.h Examining data/srecord-1.64/srecord/input/file/formatted_binary.cc Examining data/srecord-1.64/srecord/input/file/formatted_binary.h Examining data/srecord-1.64/srecord/input/file/four_packed_code.cc Examining data/srecord-1.64/srecord/input/file/four_packed_code.h Examining data/srecord-1.64/srecord/input/file/guess.cc Examining data/srecord-1.64/srecord/input/file/hexdump.cc Examining data/srecord-1.64/srecord/input/file/hexdump.h Examining data/srecord-1.64/srecord/input/file/idt.cc Examining data/srecord-1.64/srecord/input/file/idt.h Examining data/srecord-1.64/srecord/input/file/intel.cc Examining data/srecord-1.64/srecord/input/file/intel.h Examining data/srecord-1.64/srecord/input/file/intel16.cc Examining data/srecord-1.64/srecord/input/file/intel16.h Examining data/srecord-1.64/srecord/input/file/logisim.cc Examining data/srecord-1.64/srecord/input/file/logisim.h Examining data/srecord-1.64/srecord/input/file/mif.cc Examining data/srecord-1.64/srecord/input/file/mif.h Examining data/srecord-1.64/srecord/input/file/mips_flash.cc Examining data/srecord-1.64/srecord/input/file/mips_flash.h Examining data/srecord-1.64/srecord/input/file/mos_tech.cc Examining data/srecord-1.64/srecord/input/file/mos_tech.h Examining data/srecord-1.64/srecord/input/file/motorola.cc Examining data/srecord-1.64/srecord/input/file/motorola.h Examining data/srecord-1.64/srecord/input/file/msbin.cc Examining data/srecord-1.64/srecord/input/file/msbin.h Examining data/srecord-1.64/srecord/input/file/needham.cc Examining data/srecord-1.64/srecord/input/file/needham.h Examining data/srecord-1.64/srecord/input/file/os65v.cc Examining data/srecord-1.64/srecord/input/file/os65v.h Examining data/srecord-1.64/srecord/input/file/ppb.cc Examining data/srecord-1.64/srecord/input/file/ppb.h Examining data/srecord-1.64/srecord/input/file/ppx.cc Examining data/srecord-1.64/srecord/input/file/ppx.h Examining data/srecord-1.64/srecord/input/file/signetics.cc Examining data/srecord-1.64/srecord/input/file/signetics.h Examining data/srecord-1.64/srecord/input/file/spasm.cc Examining data/srecord-1.64/srecord/input/file/spasm.h Examining data/srecord-1.64/srecord/input/file/spectrum.cc Examining data/srecord-1.64/srecord/input/file/spectrum.h Examining data/srecord-1.64/srecord/input/file/stewie.cc Examining data/srecord-1.64/srecord/input/file/stewie.h Examining data/srecord-1.64/srecord/input/file/tektronix.cc Examining data/srecord-1.64/srecord/input/file/tektronix.h Examining data/srecord-1.64/srecord/input/file/tektronix_extended.cc Examining data/srecord-1.64/srecord/input/file/tektronix_extended.h Examining data/srecord-1.64/srecord/input/file/ti_tagged.cc Examining data/srecord-1.64/srecord/input/file/ti_tagged.h Examining data/srecord-1.64/srecord/input/file/ti_tagged_16.cc Examining data/srecord-1.64/srecord/input/file/ti_tagged_16.h Examining data/srecord-1.64/srecord/input/file/ti_txt.cc Examining data/srecord-1.64/srecord/input/file/ti_txt.h Examining data/srecord-1.64/srecord/input/file/trs80.cc Examining data/srecord-1.64/srecord/input/file/trs80.h Examining data/srecord-1.64/srecord/input/file/vmem.cc Examining data/srecord-1.64/srecord/input/file/vmem.h Examining data/srecord-1.64/srecord/input/file/wilson.cc Examining data/srecord-1.64/srecord/input/file/wilson.h Examining data/srecord-1.64/srecord/input/filter.cc Examining data/srecord-1.64/srecord/input/filter.h Examining data/srecord-1.64/srecord/input/filter/and.cc Examining data/srecord-1.64/srecord/input/filter/and.h Examining data/srecord-1.64/srecord/input/filter/bitrev.cc Examining data/srecord-1.64/srecord/input/filter/bitrev.h Examining data/srecord-1.64/srecord/input/filter/byte_swap.cc Examining data/srecord-1.64/srecord/input/filter/byte_swap.h Examining data/srecord-1.64/srecord/input/filter/checksum.cc Examining data/srecord-1.64/srecord/input/filter/checksum.h Examining data/srecord-1.64/srecord/input/filter/checksum/bitnot.cc Examining data/srecord-1.64/srecord/input/filter/checksum/bitnot.h Examining data/srecord-1.64/srecord/input/filter/checksum/negative.cc Examining data/srecord-1.64/srecord/input/filter/checksum/negative.h Examining data/srecord-1.64/srecord/input/filter/checksum/positive.cc Examining data/srecord-1.64/srecord/input/filter/checksum/positive.h Examining data/srecord-1.64/srecord/input/filter/crop.cc Examining data/srecord-1.64/srecord/input/filter/crop.h Examining data/srecord-1.64/srecord/input/filter/fill.cc Examining data/srecord-1.64/srecord/input/filter/fill.h Examining data/srecord-1.64/srecord/input/filter/interval.cc Examining data/srecord-1.64/srecord/input/filter/interval.h Examining data/srecord-1.64/srecord/input/filter/interval/length.cc Examining data/srecord-1.64/srecord/input/filter/interval/length.h Examining data/srecord-1.64/srecord/input/filter/interval/maximum.cc Examining data/srecord-1.64/srecord/input/filter/interval/maximum.h Examining data/srecord-1.64/srecord/input/filter/interval/minimum.cc Examining data/srecord-1.64/srecord/input/filter/interval/minimum.h Examining data/srecord-1.64/srecord/input/filter/message.cc Examining data/srecord-1.64/srecord/input/filter/message.h Examining data/srecord-1.64/srecord/input/filter/message/adler16.cc Examining data/srecord-1.64/srecord/input/filter/message/adler16.h Examining data/srecord-1.64/srecord/input/filter/message/adler32.cc Examining data/srecord-1.64/srecord/input/filter/message/adler32.h Examining data/srecord-1.64/srecord/input/filter/message/crc16.cc Examining data/srecord-1.64/srecord/input/filter/message/crc16.h Examining data/srecord-1.64/srecord/input/filter/message/crc32.cc Examining data/srecord-1.64/srecord/input/filter/message/crc32.h Examining data/srecord-1.64/srecord/input/filter/message/fletcher16.cc Examining data/srecord-1.64/srecord/input/filter/message/fletcher16.h Examining data/srecord-1.64/srecord/input/filter/message/fletcher32.cc Examining data/srecord-1.64/srecord/input/filter/message/fletcher32.h Examining data/srecord-1.64/srecord/input/filter/message/gcrypt.cc Examining data/srecord-1.64/srecord/input/filter/message/gcrypt.h Examining data/srecord-1.64/srecord/input/filter/message/stm32.cc Examining data/srecord-1.64/srecord/input/filter/message/stm32.h Examining data/srecord-1.64/srecord/input/filter/not.cc Examining data/srecord-1.64/srecord/input/filter/not.h Examining data/srecord-1.64/srecord/input/filter/offset.cc Examining data/srecord-1.64/srecord/input/filter/offset.h Examining data/srecord-1.64/srecord/input/filter/or.cc Examining data/srecord-1.64/srecord/input/filter/or.h Examining data/srecord-1.64/srecord/input/filter/random_fill.cc Examining data/srecord-1.64/srecord/input/filter/random_fill.h Examining data/srecord-1.64/srecord/input/filter/sequence.cc Examining data/srecord-1.64/srecord/input/filter/sequence.h Examining data/srecord-1.64/srecord/input/filter/split.cc Examining data/srecord-1.64/srecord/input/filter/split.h Examining data/srecord-1.64/srecord/input/filter/unfill.cc Examining data/srecord-1.64/srecord/input/filter/unfill.h Examining data/srecord-1.64/srecord/input/filter/unsplit.cc Examining data/srecord-1.64/srecord/input/filter/unsplit.h Examining data/srecord-1.64/srecord/input/filter/xor.cc Examining data/srecord-1.64/srecord/input/filter/xor.h Examining data/srecord-1.64/srecord/input/generator.cc Examining data/srecord-1.64/srecord/input/generator.h Examining data/srecord-1.64/srecord/input/generator/constant.cc Examining data/srecord-1.64/srecord/input/generator/constant.h Examining data/srecord-1.64/srecord/input/generator/random.cc Examining data/srecord-1.64/srecord/input/generator/random.h Examining data/srecord-1.64/srecord/input/generator/repeat.cc Examining data/srecord-1.64/srecord/input/generator/repeat.h Examining data/srecord-1.64/srecord/input/interval.cc Examining data/srecord-1.64/srecord/input/interval.h Examining data/srecord-1.64/srecord/interval.cc Examining data/srecord-1.64/srecord/interval.h Examining data/srecord-1.64/srecord/interval/coverage.cc Examining data/srecord-1.64/srecord/interval/flatten.cc Examining data/srecord-1.64/srecord/memory.cc Examining data/srecord-1.64/srecord/memory.h Examining data/srecord-1.64/srecord/memory/chunk.cc Examining data/srecord-1.64/srecord/memory/chunk.h Examining data/srecord-1.64/srecord/memory/walker.cc Examining data/srecord-1.64/srecord/memory/walker.h Examining data/srecord-1.64/srecord/memory/walker/adler16.cc Examining data/srecord-1.64/srecord/memory/walker/adler16.h Examining data/srecord-1.64/srecord/memory/walker/adler32.cc Examining data/srecord-1.64/srecord/memory/walker/adler32.h Examining data/srecord-1.64/srecord/memory/walker/alignment.cc Examining data/srecord-1.64/srecord/memory/walker/alignment.h Examining data/srecord-1.64/srecord/memory/walker/compare.cc Examining data/srecord-1.64/srecord/memory/walker/compare.h Examining data/srecord-1.64/srecord/memory/walker/continuity.cc Examining data/srecord-1.64/srecord/memory/walker/continuity.h Examining data/srecord-1.64/srecord/memory/walker/crc16.cc Examining data/srecord-1.64/srecord/memory/walker/crc16.h Examining data/srecord-1.64/srecord/memory/walker/crc32.cc Examining data/srecord-1.64/srecord/memory/walker/crc32.h Examining data/srecord-1.64/srecord/memory/walker/fletcher16.cc Examining data/srecord-1.64/srecord/memory/walker/fletcher16.h Examining data/srecord-1.64/srecord/memory/walker/fletcher32.cc Examining data/srecord-1.64/srecord/memory/walker/fletcher32.h Examining data/srecord-1.64/srecord/memory/walker/gcrypt.cc Examining data/srecord-1.64/srecord/memory/walker/gcrypt.h Examining data/srecord-1.64/srecord/memory/walker/stm32.cc Examining data/srecord-1.64/srecord/memory/walker/stm32.h Examining data/srecord-1.64/srecord/memory/walker/writer.cc Examining data/srecord-1.64/srecord/memory/walker/writer.h Examining data/srecord-1.64/srecord/output.cc Examining data/srecord-1.64/srecord/output.h Examining data/srecord-1.64/srecord/output/file.cc Examining data/srecord-1.64/srecord/output/file.h Examining data/srecord-1.64/srecord/output/file/aomf.cc Examining data/srecord-1.64/srecord/output/file/aomf.h Examining data/srecord-1.64/srecord/output/file/ascii_hex.cc Examining data/srecord-1.64/srecord/output/file/ascii_hex.h Examining data/srecord-1.64/srecord/output/file/asm.cc Examining data/srecord-1.64/srecord/output/file/asm.h Examining data/srecord-1.64/srecord/output/file/atmel_generic.cc Examining data/srecord-1.64/srecord/output/file/atmel_generic.h Examining data/srecord-1.64/srecord/output/file/basic.cc Examining data/srecord-1.64/srecord/output/file/basic.h Examining data/srecord-1.64/srecord/output/file/binary.cc Examining data/srecord-1.64/srecord/output/file/binary.h Examining data/srecord-1.64/srecord/output/file/brecord.cc Examining data/srecord-1.64/srecord/output/file/brecord.h Examining data/srecord-1.64/srecord/output/file/c.cc Examining data/srecord-1.64/srecord/output/file/c.h Examining data/srecord-1.64/srecord/output/file/coe.cc Examining data/srecord-1.64/srecord/output/file/coe.h Examining data/srecord-1.64/srecord/output/file/cosmac.cc Examining data/srecord-1.64/srecord/output/file/cosmac.h Examining data/srecord-1.64/srecord/output/file/dec_binary.cc Examining data/srecord-1.64/srecord/output/file/dec_binary.h Examining data/srecord-1.64/srecord/output/file/emon52.cc Examining data/srecord-1.64/srecord/output/file/emon52.h Examining data/srecord-1.64/srecord/output/file/fairchild.cc Examining data/srecord-1.64/srecord/output/file/fairchild.h Examining data/srecord-1.64/srecord/output/file/fastload.cc Examining data/srecord-1.64/srecord/output/file/fastload.h Examining data/srecord-1.64/srecord/output/file/formatted_binary.cc Examining data/srecord-1.64/srecord/output/file/formatted_binary.h Examining data/srecord-1.64/srecord/output/file/forth.cc Examining data/srecord-1.64/srecord/output/file/forth.h Examining data/srecord-1.64/srecord/output/file/four_packed_code.cc Examining data/srecord-1.64/srecord/output/file/four_packed_code.h Examining data/srecord-1.64/srecord/output/file/hexdump.cc Examining data/srecord-1.64/srecord/output/file/hexdump.h Examining data/srecord-1.64/srecord/output/file/idt.cc Examining data/srecord-1.64/srecord/output/file/idt.h Examining data/srecord-1.64/srecord/output/file/intel.cc Examining data/srecord-1.64/srecord/output/file/intel.h Examining data/srecord-1.64/srecord/output/file/intel16.cc Examining data/srecord-1.64/srecord/output/file/intel16.h Examining data/srecord-1.64/srecord/output/file/line_termination.cc Examining data/srecord-1.64/srecord/output/file/logisim.cc Examining data/srecord-1.64/srecord/output/file/logisim.h Examining data/srecord-1.64/srecord/output/file/mem.cc Examining data/srecord-1.64/srecord/output/file/mem.h Examining data/srecord-1.64/srecord/output/file/mif.cc Examining data/srecord-1.64/srecord/output/file/mif.h Examining data/srecord-1.64/srecord/output/file/mips_flash.cc Examining data/srecord-1.64/srecord/output/file/mips_flash.h Examining data/srecord-1.64/srecord/output/file/mos_tech.cc Examining data/srecord-1.64/srecord/output/file/mos_tech.h Examining data/srecord-1.64/srecord/output/file/motorola.cc Examining data/srecord-1.64/srecord/output/file/motorola.h Examining data/srecord-1.64/srecord/output/file/msbin.cc Examining data/srecord-1.64/srecord/output/file/msbin.h Examining data/srecord-1.64/srecord/output/file/needham.cc Examining data/srecord-1.64/srecord/output/file/needham.h Examining data/srecord-1.64/srecord/output/file/os65v.cc Examining data/srecord-1.64/srecord/output/file/os65v.h Examining data/srecord-1.64/srecord/output/file/ppb.cc Examining data/srecord-1.64/srecord/output/file/ppb.h Examining data/srecord-1.64/srecord/output/file/ppx.cc Examining data/srecord-1.64/srecord/output/file/ppx.h Examining data/srecord-1.64/srecord/output/file/signetics.cc Examining data/srecord-1.64/srecord/output/file/signetics.h Examining data/srecord-1.64/srecord/output/file/spasm.cc Examining data/srecord-1.64/srecord/output/file/spasm.h Examining data/srecord-1.64/srecord/output/file/spectrum.cc Examining data/srecord-1.64/srecord/output/file/spectrum.h Examining data/srecord-1.64/srecord/output/file/stewie.cc Examining data/srecord-1.64/srecord/output/file/stewie.h Examining data/srecord-1.64/srecord/output/file/tektronix.cc Examining data/srecord-1.64/srecord/output/file/tektronix.h Examining data/srecord-1.64/srecord/output/file/tektronix_extended.cc Examining data/srecord-1.64/srecord/output/file/tektronix_extended.h Examining data/srecord-1.64/srecord/output/file/ti_tagged.cc Examining data/srecord-1.64/srecord/output/file/ti_tagged.h Examining data/srecord-1.64/srecord/output/file/ti_tagged_16.cc Examining data/srecord-1.64/srecord/output/file/ti_tagged_16.h Examining data/srecord-1.64/srecord/output/file/ti_txt.cc Examining data/srecord-1.64/srecord/output/file/ti_txt.h Examining data/srecord-1.64/srecord/output/file/trs80.cc Examining data/srecord-1.64/srecord/output/file/trs80.h Examining data/srecord-1.64/srecord/output/file/vhdl.cc Examining data/srecord-1.64/srecord/output/file/vhdl.h Examining data/srecord-1.64/srecord/output/file/vmem.cc Examining data/srecord-1.64/srecord/output/file/vmem.h Examining data/srecord-1.64/srecord/output/file/wilson.cc Examining data/srecord-1.64/srecord/output/file/wilson.h Examining data/srecord-1.64/srecord/output/filter.cc Examining data/srecord-1.64/srecord/output/filter.h Examining data/srecord-1.64/srecord/output/filter/reblock.cc Examining data/srecord-1.64/srecord/output/filter/reblock.h Examining data/srecord-1.64/srecord/patchlevel.h Examining data/srecord-1.64/srecord/pretty_size.cc Examining data/srecord-1.64/srecord/pretty_size.h Examining data/srecord-1.64/srecord/progname.cc Examining data/srecord-1.64/srecord/progname.h Examining data/srecord-1.64/srecord/quit.cc Examining data/srecord-1.64/srecord/quit.h Examining data/srecord-1.64/srecord/quit/exception.cc Examining data/srecord-1.64/srecord/quit/exception.h Examining data/srecord-1.64/srecord/quit/normal.cc Examining data/srecord-1.64/srecord/quit/normal.h Examining data/srecord-1.64/srecord/quit/prefix.cc Examining data/srecord-1.64/srecord/quit/prefix.h Examining data/srecord-1.64/srecord/r250.cc Examining data/srecord-1.64/srecord/r250.h Examining data/srecord-1.64/srecord/record.cc Examining data/srecord-1.64/srecord/record.h Examining data/srecord-1.64/srecord/sizeof.h Examining data/srecord-1.64/srecord/srecord.h Examining data/srecord-1.64/srecord/stm32.cc Examining data/srecord-1.64/srecord/stm32.h Examining data/srecord-1.64/srecord/string.h Examining data/srecord-1.64/srecord/string/quote_c.cc Examining data/srecord-1.64/srecord/string/url_decode.cc Examining data/srecord-1.64/srecord/string/url_encode.cc Examining data/srecord-1.64/srecord/versn_stamp.cc Examining data/srecord-1.64/srecord/versn_stamp.h Examining data/srecord-1.64/srecord/vsnprintf.cc Examining data/srecord-1.64/test/arglex_ambiguous/main.cc Examining data/srecord-1.64/test/crc16/main.cc Examining data/srecord-1.64/test/fletcher16/main.cc Examining data/srecord-1.64/test/gecos/main.cc Examining data/srecord-1.64/test/hyphen/main.cc Examining data/srecord-1.64/test/url_decode/main.cc FINAL RESULTS: data/srecord-1.64/srecord/arglex.cc:670:5: [4] (shell) execvp: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execvp(cmd[0], (char *const *)cmd); data/srecord-1.64/srecord/config.messy.h:57:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/srecord-1.64/srecord/config.messy.h:57:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/srecord-1.64/srecord/config.messy.h:58:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define vsnprintf _vsnprintf data/srecord-1.64/srecord/format_printf.h:24:55: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define FORMAT_PRINTF(x, y) __attribute__((__format__(printf, x, y))) data/srecord-1.64/srecord/output.cc:55:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), fmt, ap); data/srecord-1.64/srecord/output.cc:77:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), fmt, ap); data/srecord-1.64/srecord/output.cc:105:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), fmt, ap); data/srecord-1.64/srecord/output/file.cc:357:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buffer, fmt, ap); data/srecord-1.64/srecord/quit.cc:82:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), fmt, ap); data/srecord-1.64/srecord/quit.cc:101:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), fmt, ap); data/srecord-1.64/srecord/quit/normal.cc:52:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf + len, sizeof(buf) - len, fmt, ap); data/srecord-1.64/srecord/quit/prefix.cc:57:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buf, sizeof(buf), fmt, ap); data/srecord-1.64/srecord/vsnprintf.cc:27:1: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(char *str, size_t size, const char *format, ...) data/srecord-1.64/srecord/vsnprintf.cc:30:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(str, size, format, ap); data/srecord-1.64/srecord/vsnprintf.cc:40:1: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(char *str, size_t size, const char *format, va_list ap) data/srecord-1.64/srecord/vsnprintf.cc:43:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(str, format, ap); data/srecord-1.64/srecord/r250.cc:68:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(now + getpid()); data/srecord-1.64/test/crc16/main.cc:66:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int c = getopt_long(argc, argv, "abchp:rtVx", options, 0); data/srecord-1.64/test/hyphen/main.cc:157:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int c = getopt_long(argc, argv, "V", options, 0); data/srecord-1.64/test/url_decode/main.cc:94:17: [3] (buffer) getopt_long: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. int c = getopt_long(argc, argv, "deV", options, NULL); data/srecord-1.64/srec_info/main.cc:107:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/srecord-1.64/srec_info/main.cc:140:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/srecord-1.64/srecord/arglex.cc:77:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(filename, "r"); data/srecord-1.64/srecord/arglex.cc:106:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1000]; data/srecord-1.64/srecord/arglex.cc:669:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *cmd[3] = { "man", name, 0 }; data/srecord-1.64/srecord/bitrev.cc:22:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char table[256] = data/srecord-1.64/srecord/input/file.cc:89:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). vfp = fopen(file_name.c_str(), the_mode); data/srecord-1.64/srecord/input/file.cc:119:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/srecord-1.64/srecord/input/file.cc:121:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, ": %d", line_number); data/srecord-1.64/srecord/input/file.cc:123:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, ": 0x%04X", line_number); data/srecord-1.64/srecord/input/file/atmel_generic.cc:64:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[2]; data/srecord-1.64/srecord/input/file/binary.cc:64:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[srecord::record::max_data_length]; data/srecord-1.64/srecord/input/file/brecord.cc:56:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[32]; data/srecord-1.64/srecord/input/file/dec_binary.cc:131:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[srecord::record::max_data_length]; data/srecord-1.64/srecord/input/file/emon52.cc:78:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[256]; data/srecord-1.64/srecord/input/file/fairchild.cc:112:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[8]; data/srecord-1.64/srecord/input/file/fastload.cc:169:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[srecord::record::max_data_length]; data/srecord-1.64/srecord/input/file/formatted_binary.cc:150:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[record::max_data_length]; data/srecord-1.64/srecord/input/file/four_packed_code.cc:234:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[256]; data/srecord-1.64/srecord/input/file/hexdump.cc:144:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[16]; data/srecord-1.64/srecord/input/file/intel.cc:110:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[255+5]; data/srecord-1.64/srecord/input/file/intel16.cc:111:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[255*2+5]; data/srecord-1.64/srecord/input/file/logisim.cc:57:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2] = { static_cast<char>(c), '\0' }; data/srecord-1.64/srecord/input/file/logisim.cc:65:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/srecord-1.64/srecord/input/file/logisim.cc:133:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[200]; data/srecord-1.64/srecord/input/file/logisim.cc:294:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[200]; data/srecord-1.64/srecord/input/file/mif.cc:293:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[srecord::record::max_data_length]; data/srecord-1.64/srecord/input/file/mips_flash.cc:159:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[4]; data/srecord-1.64/srecord/input/file/mips_flash.cc:168:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[4]; data/srecord-1.64/srecord/input/file/mos_tech.cc:122:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[256]; data/srecord-1.64/srecord/input/file/motorola.cc:131:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[256]; data/srecord-1.64/srecord/input/file/msbin.cc:83:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[sizeof(uint32_t)]; data/srecord-1.64/srecord/input/file/msbin.cc:103:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char Magic[7] = data/srecord-1.64/srecord/input/file/msbin.cc:107:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buff[sizeof(Magic) + 1]; data/srecord-1.64/srecord/input/file/msbin.cc:252:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[record::max_data_length]; data/srecord-1.64/srecord/input/file/os65v.cc:103:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[1]; data/srecord-1.64/srecord/input/file/ppb.cc:57:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hdr[8]; data/srecord-1.64/srecord/input/file/signetics.cc:104:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[256]; data/srecord-1.64/srecord/input/file/spasm.cc:66:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[2]; data/srecord-1.64/srecord/input/file/stewie.cc:92:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[256]; data/srecord-1.64/srecord/input/file/tektronix.cc:105:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[255+5]; data/srecord-1.64/srecord/input/file/tektronix_extended.cc:137:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[125]; data/srecord-1.64/srecord/input/file/ti_tagged.cc:81:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[1]; data/srecord-1.64/srecord/input/file/ti_tagged.cc:135:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[2]; data/srecord-1.64/srecord/input/file/ti_tagged_16.cc:81:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[1]; data/srecord-1.64/srecord/input/file/ti_tagged_16.cc:135:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[2]; data/srecord-1.64/srecord/input/file/ti_txt.cc:159:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[record::max_data_length]; data/srecord-1.64/srecord/input/file/trs80.cc:92:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char payload[258]; data/srecord-1.64/srecord/input/file/vmem.cc:120:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char value[5]; data/srecord-1.64/srecord/input/file/wilson.cc:105:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[256]; data/srecord-1.64/srecord/input/filter/checksum.cc:60:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char chunk[sizeof(sum_t)]; data/srecord-1.64/srecord/input/filter/interval.cc:52:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char chunk[8]; data/srecord-1.64/srecord/input/filter/message.cc:126:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[64]; data/srecord-1.64/srecord/input/filter/message/adler16.cc:71:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char chunk[2]; data/srecord-1.64/srecord/input/filter/message/adler32.cc:72:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char chunk[4]; data/srecord-1.64/srecord/input/filter/message/crc16.cc:158:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char chunk[2]; data/srecord-1.64/srecord/input/filter/message/crc32.cc:96:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char chunk[4]; data/srecord-1.64/srecord/input/filter/message/fletcher16.cc:90:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char chunk[2]; data/srecord-1.64/srecord/input/filter/message/fletcher32.cc:72:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char chunk[4]; data/srecord-1.64/srecord/input/filter/message/stm32.cc:84:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char chunk[4]; data/srecord-1.64/srecord/input/filter/random_fill.cc:52:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[srecord::record::max_data_length]; data/srecord-1.64/srecord/input/generator.cc:122:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[4]; data/srecord-1.64/srecord/input/generator.cc:162:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[4]; data/srecord-1.64/srecord/input/generator.cc:215:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_data, data, length); data/srecord-1.64/srecord/input/generator/constant.cc:57:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/srecord-1.64/srecord/interval.cc:783:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/srecord-1.64/srecord/memory/chunk.cc:101:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret_data, data + j, nbytes); data/srecord-1.64/srecord/memory/chunk.h:142:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char data[size]; data/srecord-1.64/srecord/memory/chunk.h:148:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char mask[(size + 7) / 8]; data/srecord-1.64/srecord/output.cc:54:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/srecord-1.64/srecord/output.cc:76:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/srecord-1.64/srecord/output.cc:104:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/srecord-1.64/srecord/output/file.cc:110:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). vfp = fopen(file_name.c_str(), "w"); data/srecord-1.64/srecord/output/file.cc:118:19: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). vfp = fopen(file_name.c_str(), "wb"); data/srecord-1.64/srecord/output/file.cc:132:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/srecord-1.64/srecord/output/file.cc:133:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, ": %d", line_number); data/srecord-1.64/srecord/output/file.cc:356:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1000]; data/srecord-1.64/srecord/output/file/aomf.cc:70:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[1 + 255 + 2]; data/srecord-1.64/srecord/output/file/aomf.cc:75:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + 1, name, len); data/srecord-1.64/srecord/output/file/aomf.cc:89:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[maxlen + 3]; data/srecord-1.64/srecord/output/file/aomf.cc:94:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + 3, data, nbytes); data/srecord-1.64/srecord/output/file/aomf.cc:106:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[1 + 255 + 4]; data/srecord-1.64/srecord/output/file/aomf.cc:111:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + 1, name, len); data/srecord-1.64/srecord/output/file/asm.cc:64:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/srecord-1.64/srecord/output/file/asm.cc:132:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[30]; data/srecord-1.64/srecord/output/file/asm.cc:288:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[8]; data/srecord-1.64/srecord/output/file/asm.cc:290:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "0x%2.2X", (unsigned char)n); data/srecord-1.64/srecord/output/file/asm.cc:292:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%u", (unsigned char)n); data/srecord-1.64/srecord/output/file/asm.cc:326:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[16]; data/srecord-1.64/srecord/output/file/basic.cc:68:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[8]; data/srecord-1.64/srecord/output/file/basic.cc:69:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "%d", (unsigned char)n); data/srecord-1.64/srecord/output/file/c.cc:320:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(include_file_name.c_str(), "w"); data/srecord-1.64/srecord/output/file/c.cc:588:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[30]; data/srecord-1.64/srecord/output/file/c.cc:615:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[30]; data/srecord-1.64/srecord/output/file/c.cc:642:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[30]; data/srecord-1.64/srecord/output/file/fastload.cc:66:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[20]; data/srecord-1.64/srecord/output/file/four_packed_code.cc:178:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[256]; data/srecord-1.64/srecord/output/file/four_packed_code.cc:186:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + 8, data, data_nbytes); data/srecord-1.64/srecord/output/file/intel.cc:66:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[2]; data/srecord-1.64/srecord/output/file/intel.cc:82:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[4]; data/srecord-1.64/srecord/output/file/intel16.cc:67:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[2]; data/srecord-1.64/srecord/output/file/intel16.cc:86:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[4]; data/srecord-1.64/srecord/output/file/logisim.cc:57:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[100]; data/srecord-1.64/srecord/output/file/mips_flash.h:128:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[256]; data/srecord-1.64/srecord/output/file/motorola.cc:118:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[256]; data/srecord-1.64/srecord/output/file/motorola.cc:123:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + 1 + address_nbytes, data, data_nbytes); data/srecord-1.64/srecord/output/file/msbin.cc:72:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char c[sizeof(uint32_t)]; data/srecord-1.64/srecord/output/file/msbin.cc:97:27: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char Magic[7] = data/srecord-1.64/srecord/output/file/ppb.h:91:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[8192]; data/srecord-1.64/srecord/output/file/stewie.cc:87:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[256]; data/srecord-1.64/srecord/output/file/stewie.cc:92:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + 1 + address_nbytes, data, data_nbytes); data/srecord-1.64/srecord/output/file/tektronix.cc:78:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[2]; data/srecord-1.64/srecord/output/file/tektronix_extended.cc:53:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[260]; data/srecord-1.64/srecord/output/file/wilson.cc:52:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char *table[256] = data/srecord-1.64/srecord/output/file/wilson.cc:105:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[256]; data/srecord-1.64/srecord/output/file/wilson.cc:110:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + 5, data, data_nbytes); data/srecord-1.64/srecord/output/filter/reblock.cc:133:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer + buffer_pos, r.get_data(), r.get_length()); data/srecord-1.64/srecord/pretty_size.cc:49:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[20]; data/srecord-1.64/srecord/quit.cc:81:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/srecord-1.64/srecord/quit.cc:100:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/srecord-1.64/srecord/quit/normal.cc:49:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2000]; data/srecord-1.64/srecord/quit/prefix.cc:56:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/srecord-1.64/srecord/record.cc:40:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, arg.data, arg.length); data/srecord-1.64/srecord/record.cc:67:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, a3, length); data/srecord-1.64/srecord/record.cc:80:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, arg.data, arg.length); data/srecord-1.64/srecord/stm32.h:109:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[wordsize]; data/srecord-1.64/test/crc16/main.cc:128:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/srecord-1.64/test/fletcher16/main.cc:64:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[1024]; data/srecord-1.64/test/hyphen/main.cc:56:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *fp = fopen(filename, "r"); data/srecord-1.64/test/url_decode/main.cc:49:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/srecord-1.64/test/url_decode/main.cc:66:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/srecord-1.64/srec_info/main.cc:76:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (ifp->read(record)) data/srecord-1.64/srecord/arglex.cc:82:18: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int sc = getc(fp); data/srecord-1.64/srecord/arglex.cc:100:22: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). sc = getc(fp); data/srecord-1.64/srecord/arglex.cc:112:18: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). sc = getc(fp); data/srecord-1.64/srecord/arglex.cc:514:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). std::string(tp->name + 1, strlen(tp->name) - 12); data/srecord-1.64/srecord/arglex.cc:528:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). std::string(tp->name + 1, strlen(tp->name) - 15); data/srecord-1.64/srecord/input.h:64:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). virtual bool read(class record &rec) = 0; data/srecord-1.64/srecord/input/catenate.cc:45:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_catenate::read(srecord::record &record) data/srecord-1.64/srecord/input/catenate.cc:49:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool ok = in1->read(record); data/srecord-1.64/srecord/input/catenate.cc:67:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool ok = in2->read(record); data/srecord-1.64/srecord/input/catenate.h:66:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file.cc:134:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int c = getc(fp); data/srecord-1.64/srecord/input/file.cc:152:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(fp); data/srecord-1.64/srecord/input/file.cc:190:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int c = getc(fp); data/srecord-1.64/srecord/input/file/aomf.cc:185:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_aomf::read(srecord::record &record) data/srecord-1.64/srecord/input/file/aomf.h:64:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/ascii_hex.cc:169:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_ascii_hex::read(record &result) data/srecord-1.64/srecord/input/file/ascii_hex.h:52:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/atmel_generic.cc:84:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_atmel_generic::read(srecord::record &record) data/srecord-1.64/srecord/input/file/atmel_generic.h:67:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/binary.cc:44:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_binary::read(srecord::record &record) data/srecord-1.64/srecord/input/file/binary.h:52:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/brecord.cc:75:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_brecord::read(record &result) data/srecord-1.64/srecord/input/file/brecord.h:52:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/cosmac.cc:46:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_cosmac::read(record &result) data/srecord-1.64/srecord/input/file/cosmac.h:52:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/dec_binary.cc:73:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_dec_binary::read(srecord::record &record) data/srecord-1.64/srecord/input/file/dec_binary.h:53:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/emon52.cc:57:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_emon52::read(srecord::record &record) data/srecord-1.64/srecord/input/file/emon52.h:52:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/fairchild.cc:68:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_fairchild::read(record &result) data/srecord-1.64/srecord/input/file/fairchild.h:52:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/fastload.cc:298:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_fastload::read(srecord::record &record) data/srecord-1.64/srecord/input/file/fastload.h:51:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/formatted_binary.cc:50:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_formatted_binary::read(record &result) data/srecord-1.64/srecord/input/file/formatted_binary.h:52:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read (record &record); data/srecord-1.64/srecord/input/file/four_packed_code.cc:252:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_four_packed_code::read(srecord::record &record) data/srecord-1.64/srecord/input/file/four_packed_code.h:53:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/guess.cc:142:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (ifp->read(record)) data/srecord-1.64/srecord/input/file/hexdump.cc:106:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_hexdump::read(record &result) data/srecord-1.64/srecord/input/file/hexdump.h:50:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(class record &rec); data/srecord-1.64/srecord/input/file/idt.cc:177:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_idt::read(record &record) data/srecord-1.64/srecord/input/file/idt.h:52:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/intel.cc:339:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_intel::read(srecord::record &record) data/srecord-1.64/srecord/input/file/intel.h:52:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/intel16.cc:304:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_intel16::read(record &result) data/srecord-1.64/srecord/input/file/intel16.h:53:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/logisim.cc:236:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_logisim::read(class record &rec) data/srecord-1.64/srecord/input/file/logisim.h:100:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(srecord::record &rec); data/srecord-1.64/srecord/input/file/mif.cc:291:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_mif::read(srecord::record &record) data/srecord-1.64/srecord/input/file/mif.h:52:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/mips_flash.cc:194:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_mips_flash::read(record &result) data/srecord-1.64/srecord/input/file/mips_flash.h:65:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/mos_tech.cc:140:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_mos_tech::read(srecord::record &record) data/srecord-1.64/srecord/input/file/mos_tech.h:51:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/motorola.cc:236:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_motorola::read(record &record) data/srecord-1.64/srecord/input/file/motorola.h:52:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/msbin.cc:167:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_msbin::read(record &result) data/srecord-1.64/srecord/input/file/msbin.cc:264:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read < to_read) data/srecord-1.64/srecord/input/file/msbin.cc:268:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read >= to_read) data/srecord-1.64/srecord/input/file/msbin.cc:278:55: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). result = record(record::type_data, address, data, read); data/srecord-1.64/srecord/input/file/msbin.cc:279:16: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). address += read; data/srecord-1.64/srecord/input/file/msbin.cc:280:25: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). assert(remaining >= read); data/srecord-1.64/srecord/input/file/msbin.cc:281:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). remaining -= read; data/srecord-1.64/srecord/input/file/msbin.cc:282:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). running_checksum += checksum(data, read); data/srecord-1.64/srecord/input/file/msbin.h:61:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/needham.cc:49:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_needham::read(srecord::record &record) data/srecord-1.64/srecord/input/file/needham.h:52:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/os65v.cc:157:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_os65v::read(srecord::record &record) data/srecord-1.64/srecord/input/file/os65v.h:53:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/ppb.cc:118:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_ppb::read(record &result) data/srecord-1.64/srecord/input/file/ppb.h:51:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(class record &rec); data/srecord-1.64/srecord/input/file/ppx.cc:139:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_ppx::read(record &result) data/srecord-1.64/srecord/input/file/ppx.h:51:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(class record &rec); data/srecord-1.64/srecord/input/file/signetics.cc:130:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_signetics::read(srecord::record &record) data/srecord-1.64/srecord/input/file/signetics.h:52:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/spasm.cc:93:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_spasm::read(record &result) data/srecord-1.64/srecord/input/file/spasm.h:67:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/spectrum.cc:125:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_spectrum::read(srecord::record &record) data/srecord-1.64/srecord/input/file/spectrum.h:52:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/stewie.cc:170:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_stewie::read(record &result) data/srecord-1.64/srecord/input/file/stewie.h:53:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/tektronix.cc:160:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_tektronix::read(srecord::record &record) data/srecord-1.64/srecord/input/file/tektronix.h:52:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/tektronix_extended.cc:183:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_tektronix_extended::read(srecord::record &record) data/srecord-1.64/srecord/input/file/tektronix_extended.h:55:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/ti_tagged.cc:61:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_ti_tagged::read(record &result) data/srecord-1.64/srecord/input/file/ti_tagged.h:52:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/ti_tagged_16.cc:61:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_ti_tagged_16::read(record &result) data/srecord-1.64/srecord/input/file/ti_tagged_16.h:52:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/ti_txt.cc:122:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_ti_txt::read(record &result) data/srecord-1.64/srecord/input/file/ti_txt.h:52:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/trs80.cc:64:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_trs80::read(srecord::record &result) data/srecord-1.64/srecord/input/file/trs80.h:56:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &result); data/srecord-1.64/srecord/input/file/vmem.cc:47:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_vmem::read(srecord::record &record) data/srecord-1.64/srecord/input/file/vmem.h:52:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/file/wilson.cc:155:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_file_wilson::read(record &record) data/srecord-1.64/srecord/input/file/wilson.h:54:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/filter.cc:51:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_filter::read(srecord::record &record) data/srecord-1.64/srecord/input/filter.cc:53:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return ifp->read(record); data/srecord-1.64/srecord/input/filter.h:45:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(class record &record); data/srecord-1.64/srecord/input/filter/and.cc:45:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_filter_and::read(record &result) data/srecord-1.64/srecord/input/filter/and.cc:47:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!input_filter::read(result)) data/srecord-1.64/srecord/input/filter/and.h:66:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/filter/bitrev.cc:45:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_filter_bitrev::read(srecord::record &record) data/srecord-1.64/srecord/input/filter/bitrev.cc:47:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!srecord::input_filter::read(record)) data/srecord-1.64/srecord/input/filter/bitrev.h:60:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/filter/byte_swap.cc:48:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_filter_byte_swap::read(srecord::record &record) data/srecord-1.64/srecord/input/filter/byte_swap.cc:59:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!srecord::input_filter::read(buffer)) data/srecord-1.64/srecord/input/filter/byte_swap.h:62:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/filter/checksum.cc:70:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_filter_checksum::read(record &record) data/srecord-1.64/srecord/input/filter/checksum.cc:72:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!input_filter::read(record)) data/srecord-1.64/srecord/input/filter/checksum.h:46:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/filter/crop.cc:49:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_filter_crop::read(srecord::record &record) data/srecord-1.64/srecord/input/filter/crop.cc:62:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!srecord::input_filter::read(data)) data/srecord-1.64/srecord/input/filter/crop.h:69:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/filter/fill.cc:77:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_filter_fill::read(record &result) data/srecord-1.64/srecord/input/filter/fill.cc:79:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!input_filter::read(result)) data/srecord-1.64/srecord/input/filter/fill.h:73:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/filter/interval.cc:61:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_filter_interval::read(record &record) data/srecord-1.64/srecord/input/filter/interval.cc:63:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!input_filter::read(record)) data/srecord-1.64/srecord/input/filter/interval.h:74:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/filter/message.cc:51:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_filter_message::read(record &result) data/srecord-1.64/srecord/input/filter/message.h:60:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/filter/not.cc:44:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_filter_not::read(srecord::record &record) data/srecord-1.64/srecord/input/filter/not.cc:46:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!srecord::input_filter::read(record)) data/srecord-1.64/srecord/input/filter/not.h:62:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/filter/offset.cc:46:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_filter_offset::read(srecord::record &record) data/srecord-1.64/srecord/input/filter/offset.cc:48:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!srecord::input_filter::read(record)) data/srecord-1.64/srecord/input/filter/offset.h:69:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/filter/or.cc:45:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_filter_or::read(srecord::record &record) data/srecord-1.64/srecord/input/filter/or.cc:47:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!srecord::input_filter::read(record)) data/srecord-1.64/srecord/input/filter/or.h:67:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/filter/random_fill.cc:73:36: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_filter_random_fill::read(srecord::record &record) data/srecord-1.64/srecord/input/filter/random_fill.cc:75:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!srecord::input_filter::read(record)) data/srecord-1.64/srecord/input/filter/random_fill.h:69:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/filter/sequence.cc:46:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_filter_sequence::read(srecord::record &record) data/srecord-1.64/srecord/input/filter/sequence.cc:48:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!srecord::input_filter::read(record)) data/srecord-1.64/srecord/input/filter/sequence.h:57:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/filter/split.cc:55:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_filter_split::read(srecord::record &record) data/srecord-1.64/srecord/input/filter/split.cc:66:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!srecord::input_filter::read(buffer)) data/srecord-1.64/srecord/input/filter/split.h:103:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/filter/unfill.cc:49:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_filter_unfill::read(srecord::record &record) data/srecord-1.64/srecord/input/filter/unfill.cc:60:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!srecord::input_filter::read(buffer)) data/srecord-1.64/srecord/input/filter/unfill.h:79:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/filter/unsplit.cc:50:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_filter_unsplit::read(srecord::record &record) data/srecord-1.64/srecord/input/filter/unsplit.cc:61:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!srecord::input_filter::read(buffer)) data/srecord-1.64/srecord/input/filter/unsplit.h:83:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/filter/xor.cc:45:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_filter_xor::read(srecord::record &record) data/srecord-1.64/srecord/input/filter/xor.cc:47:33: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (!srecord::input_filter::read(record)) data/srecord-1.64/srecord/input/filter/xor.h:67:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/generator.cc:43:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). srecord::input_generator::read(srecord::record &result) data/srecord-1.64/srecord/input/generator.h:61:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bool read(record &record); data/srecord-1.64/srecord/input/interval.cc:31:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (ifp->read(record)) data/srecord-1.64/srecord/interval.cc:725:20: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. srecord::interval::equal(const interval &lhs, const interval &rhs) data/srecord-1.64/srecord/interval.h:107:17: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static bool equal(const interval &, const interval &); data/srecord-1.64/srecord/interval.h:267:22: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return interval::equal(lhs, rhs); data/srecord-1.64/srecord/interval.h:277:23: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return !interval::equal(lhs, rhs); data/srecord-1.64/srecord/memory.cc:212:18: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. srecord::memory::equal(const srecord::memory &lhs, const srecord::memory &rhs) data/srecord-1.64/srecord/memory.cc:281:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (ifp->read(record)) data/srecord-1.64/srecord/memory.cc:387:29: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return srecord::memory::equal(lhs, rhs); data/srecord-1.64/srecord/memory.cc:394:30: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return !srecord::memory::equal(lhs, rhs); data/srecord-1.64/srecord/memory.h:131:17: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static bool equal(const memory &, const memory &); data/srecord-1.64/srecord/memory/chunk.cc:125:24: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. srecord::memory_chunk::equal(const srecord::memory_chunk &lhs, data/srecord-1.64/srecord/memory/chunk.cc:171:35: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return srecord::memory_chunk::equal(lhs, rhs); data/srecord-1.64/srecord/memory/chunk.cc:179:36: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return !srecord::memory_chunk::equal(lhs, rhs); data/srecord-1.64/srecord/memory/chunk.h:109:17: [1] (buffer) equal: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static bool equal(const memory_chunk &, const memory_chunk &); data/srecord-1.64/srecord/output.cc:132:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(hdr) data/srecord-1.64/srecord/output/file/aomf.cc:71:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(name); data/srecord-1.64/srecord/output/file/aomf.cc:107:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(name); data/srecord-1.64/srecord/output/file/asm.cc:72:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). long len = strlen(buffer); data/srecord-1.64/srecord/output/file/asm.cc:137:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). long len = strlen(buffer); data/srecord-1.64/srecord/output/file/asm.cc:293:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(buffer); data/srecord-1.64/srecord/output/file/asm.cc:331:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(buffer); data/srecord-1.64/srecord/output/file/basic.cc:70:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(buffer); data/srecord-1.64/srecord/output/file/c.cc:426:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). colon = fn + strlen(fn); data/srecord-1.64/srecord/output/file/c.cc:593:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(buffer); data/srecord-1.64/srecord/output/file/c.cc:620:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(buffer); data/srecord-1.64/srecord/output/file/logisim.cc:62:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int buffer_length = strlen(buffer); data/srecord-1.64/srecord/progname.cc:66:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(progname); data/srecord-1.64/srecord/quit/normal.cc:51:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(buf); data/srecord-1.64/test/crc16/main.cc:129:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int n = read(0, buffer, sizeof(buffer)); data/srecord-1.64/test/fletcher16/main.cc:65:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int n = read(0, buffer, sizeof(buffer)); data/srecord-1.64/test/hyphen/main.cc:37:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int c = getc(fp); data/srecord-1.64/test/url_decode/main.cc:52:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(buf); data/srecord-1.64/test/url_decode/main.cc:69:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(buf); ANALYSIS SUMMARY: Hits = 338 Lines analyzed = 56988 in approximately 1.15 seconds (49590 lines/second) Physical Source Lines of Code (SLOC) = 29491 Hits@level = [0] 93 [1] 186 [2] 131 [3] 4 [4] 17 [5] 0 Hits@level+ = [0+] 431 [1+] 338 [2+] 152 [3+] 21 [4+] 17 [5+] 0 Hits/KSLOC@level+ = [0+] 14.6146 [1+] 11.4611 [2+] 5.15411 [3+] 0.712082 [4+] 0.576447 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.