Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/surgescript-0.5.4.2/src/main.c
Examining data/surgescript-0.5.4.2/src/surgescript.h
Examining data/surgescript-0.5.4.2/src/surgescript/compiler/asm.c
Examining data/surgescript-0.5.4.2/src/surgescript/compiler/asm.h
Examining data/surgescript-0.5.4.2/src/surgescript/compiler/lexer.c
Examining data/surgescript-0.5.4.2/src/surgescript/compiler/lexer.h
Examining data/surgescript-0.5.4.2/src/surgescript/compiler/nodecontext.h
Examining data/surgescript-0.5.4.2/src/surgescript/compiler/parser.c
Examining data/surgescript-0.5.4.2/src/surgescript/compiler/parser.h
Examining data/surgescript-0.5.4.2/src/surgescript/compiler/symtable.c
Examining data/surgescript-0.5.4.2/src/surgescript/compiler/symtable.h
Examining data/surgescript-0.5.4.2/src/surgescript/compiler/token.c
Examining data/surgescript-0.5.4.2/src/surgescript/compiler/token.h
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/heap.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/heap.h
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/object.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/object.h
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/object_manager.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/object_manager.h
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/program.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/program.h
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/program_operators.h
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.h
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/renv.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/renv.h
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/application.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/arguments.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/array.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/boolean.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/console.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/date.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/dictionary.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/gc.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/math.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/number.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/object.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/plugin.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/sslib.h
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/string.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/surgescript.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/system.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/tags.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/temp.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/time.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/stack.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/stack.h
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.h
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/variable.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/variable.h
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/vm.c
Examining data/surgescript-0.5.4.2/src/surgescript/runtime/vm.h
Examining data/surgescript-0.5.4.2/src/surgescript/util/fasthash.c
Examining data/surgescript-0.5.4.2/src/surgescript/util/fasthash.h
Examining data/surgescript-0.5.4.2/src/surgescript/util/ssarray.h
Examining data/surgescript-0.5.4.2/src/surgescript/util/transform.c
Examining data/surgescript-0.5.4.2/src/surgescript/util/transform.h
Examining data/surgescript-0.5.4.2/src/surgescript/util/utf8.c
Examining data/surgescript-0.5.4.2/src/surgescript/util/utf8.h
Examining data/surgescript-0.5.4.2/src/surgescript/util/uthash.h
Examining data/surgescript-0.5.4.2/src/surgescript/util/util.c
Examining data/surgescript-0.5.4.2/src/surgescript/util/util.h
Examining data/surgescript-0.5.4.2/src/surgescript/util/xoroshiro128plus.c
Examining data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h
Examining data/surgescript-0.5.4.2/src/surgescript/util/xxhash.c
Examining data/surgescript-0.5.4.2/src/surgescript/util/xxhash.h
FINAL RESULTS:
data/surgescript-0.5.4.2/src/surgescript/compiler/parser.c:808:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(strcpy(program_name, prefix), state_name);
data/surgescript-0.5.4.2/src/surgescript/compiler/parser.c:808:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcat(strcpy(program_name, prefix), state_name);
data/surgescript-0.5.4.2/src/surgescript/compiler/symtable.c:404:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, symbol);
data/surgescript-0.5.4.2/src/surgescript/compiler/symtable.c:405:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf + symbol_len + 1, path);
data/surgescript-0.5.4.2/src/surgescript/runtime/object.c:857:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
return strcat(strcpy(fun_name, prefix), state);
data/surgescript-0.5.4.2/src/surgescript/runtime/object.c:857:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcat(strcpy(fun_name, prefix), state);
data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/object.c:249:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(strcat(strcpy(str, "["), object_name), "]");
data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/string.c:224:37: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
surgescript_var_set_string(ret, strcat(strcpy(buf, str[0]), str[1]));
data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/string.c:224:44: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
surgescript_var_set_string(ret, strcat(strcpy(buf, str[0]), str[1]));
data/surgescript-0.5.4.2/src/surgescript/util/utf8.c:25:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/surgescript-0.5.4.2/src/surgescript/util/utf8.c:25:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/surgescript-0.5.4.2/src/surgescript/util/utf8.c:562:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
cnt = vsnprintf(buf, sz, fmt, ap);
data/surgescript-0.5.4.2/src/surgescript/util/utf8.c:568:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, cnt+1, fmt, ap);
data/surgescript-0.5.4.2/src/surgescript/util/uthash.h:393:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0)
data/surgescript-0.5.4.2/src/surgescript/util/util.c:106:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf+len, sizeof(buf)-len, fmt, args);
data/surgescript-0.5.4.2/src/surgescript/util/util.c:123:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf+len, sizeof(buf)-len, fmt, args);
data/surgescript-0.5.4.2/src/surgescript/util/util.c:218:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(str, src);
data/surgescript-0.5.4.2/src/surgescript/util/util.c:266:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, prefix);
data/surgescript-0.5.4.2/src/surgescript/util/util.c:267:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, tmp);
data/surgescript-0.5.4.2/src/surgescript/util/util.c:268:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, text);
data/surgescript-0.5.4.2/src/surgescript/compiler/lexer.c:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZE]; /* auxiliary buffer */
data/surgescript-0.5.4.2/src/surgescript/compiler/parser.c:642:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32] = { '.', 'd', 'u', 'p', '.' };
data/surgescript-0.5.4.2/src/surgescript/compiler/parser.c:1708:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
*annotations = memcpy(
data/surgescript-0.5.4.2/src/surgescript/runtime/program.c:252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[2][1 + 2 * sizeof(unsigned)];
data/surgescript-0.5.4.2/src/surgescript/runtime/program.c:408:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char state[256] = "";
data/surgescript-0.5.4.2/src/surgescript/runtime/program.c:792:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hex[2][1 + 2 * sizeof(unsigned)];
data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.c:376:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2 * SS_NAMEMAX + 2] = { 0 };
data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.c:379:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, object_name, l1);
data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.c:380:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + l1 + 1, program_name, l2);
data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/console.c:111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[1024] = "";
data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/date.c:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/string.c:151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chr[7] = { 0 };
data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:337:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2 * SS_NAMEMAX + 2] = { 0 };
data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:340:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, object_name, l1);
data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:341:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + l1 + 1, tag_name, l2);
data/surgescript-0.5.4.2/src/surgescript/runtime/variable.c:207:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/surgescript-0.5.4.2/src/surgescript/runtime/variable.c:307:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/surgescript-0.5.4.2/src/surgescript/runtime/variable.c:479:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32];
data/surgescript-0.5.4.2/src/surgescript/runtime/variable.c:538:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/surgescript-0.5.4.2/src/surgescript/util/utf8.c:40:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char trailingBytesForUTF8[256] = {
data/surgescript-0.5.4.2/src/surgescript/util/utf8.c:324:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char digs[10];
data/surgescript-0.5.4.2/src/surgescript/util/utf8.c:363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[4];
data/surgescript-0.5.4.2/src/surgescript/util/utf8.c:378:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[c], temp, amt);
data/surgescript-0.5.4.2/src/surgescript/util/util.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024] = "[surgescript] ";
data/surgescript-0.5.4.2/src/surgescript/util/util.c:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024] = "[surgescript-error] ";
data/surgescript-0.5.4.2/src/surgescript/util/util.c:227:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const union { int i; char c[sizeof(int)]; } u = { .i = 1 };
data/surgescript-0.5.4.2/src/surgescript/util/util.c:264:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[2] = { '_', '\0' };
data/surgescript-0.5.4.2/src/surgescript/util/util.c:335:22: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
int wpath_size = MultiByteToWideChar(CP_UTF8, 0, filepath, -1, NULL, 0);
data/surgescript-0.5.4.2/src/surgescript/util/util.c:336:22: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
int wmode_size = MultiByteToWideChar(CP_UTF8, 0, mode, -1, NULL, 0);
data/surgescript-0.5.4.2/src/surgescript/util/util.c:342:9: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, filepath, -1, wpath, wpath_size);
data/surgescript-0.5.4.2/src/surgescript/util/util.c:343:9: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, mode, -1, wmode, wmode_size);
data/surgescript-0.5.4.2/src/surgescript/util/util.c:351:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filepath, mode);
data/surgescript-0.5.4.2/src/surgescript/util/util.c:356:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(filepath, mode);
data/surgescript-0.5.4.2/src/surgescript/util/util.c:375:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128] = "Out of memory in ";
data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h:932:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &v64, sizeof(v64));
data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h:964:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
XXH_ALIGN(8) char secret[XXH_SECRET_DEFAULT_SIZE];
data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h:1096:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst_state, src_state, sizeof(*dst_state));
data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h:1240:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(acc, state->acc, sizeof(state->acc)); /* digest locally, state remains unaltered, and can continue ingesting more data afterwards */
data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h:1257:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastStripe[STRIPE_LEN];
data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h:1259:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lastStripe, (const char*)state->buffer + sizeof(state->buffer) - catchupSize, catchupSize);
data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h:1260:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lastStripe + catchupSize, state->buffer, state->bufferedSize);
data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h:1397:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
XXH_ALIGN(8) char secret[XXH_SECRET_DEFAULT_SIZE];
data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h:1616:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &hash.high64, sizeof(hash.high64));
data/surgescript-0.5.4.2/src/surgescript/util/xxh3.h:1617:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char*)dst + sizeof(hash.high64), &hash.low64, sizeof(hash.low64));
data/surgescript-0.5.4.2/src/surgescript/util/xxhash.c:112:76: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
static void* XXH_memcpy(void* dest, const void* src, size_t size) { return memcpy(dest,src,size); }
data/surgescript-0.5.4.2/src/surgescript/util/xxhash.c:518:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstState, srcState, sizeof(*dstState));
data/surgescript-0.5.4.2/src/surgescript/util/xxhash.c:530:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(statePtr, &state, sizeof(state) - sizeof(state.reserved));
data/surgescript-0.5.4.2/src/surgescript/util/xxhash.c:630:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &hash, sizeof(*dst));
data/surgescript-0.5.4.2/src/surgescript/util/xxhash.c:992:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstState, srcState, sizeof(*dstState));
data/surgescript-0.5.4.2/src/surgescript/util/xxhash.c:1004:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(statePtr, &state, sizeof(state) - sizeof(state.reserved));
data/surgescript-0.5.4.2/src/surgescript/util/xxhash.c:1100:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &hash, sizeof(*dst));
data/surgescript-0.5.4.2/src/surgescript/util/xxhash.h:221:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef struct { unsigned char digest[4]; } XXH32_canonical_t;
data/surgescript-0.5.4.2/src/surgescript/util/xxhash.h:263:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef struct { unsigned char digest[8]; } XXH64_canonical_t;
data/surgescript-0.5.4.2/src/surgescript/util/xxhash.h:426:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
XXH_ALIGN(64) char customSecret[XXH3_SECRET_DEFAULT_SIZE]; /* used to store a custom secret generated from the seed. Makes state larger. Design might change */
data/surgescript-0.5.4.2/src/surgescript/util/xxhash.h:427:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
XXH_ALIGN(64) char buffer[XXH3_INTERNALBUFFER_SIZE];
data/surgescript-0.5.4.2/src/surgescript/util/xxhash.h:520:27: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef struct { unsigned char digest[16]; } XXH128_canonical_t;
data/surgescript-0.5.4.2/src/surgescript/compiler/parser.c:578:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(name) > SS_NAMEMAX;
data/surgescript-0.5.4.2/src/surgescript/compiler/parser.c:807:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
program_name = ssmalloc((1 + strlen(prefix) + strlen(state_name)) * sizeof(*program_name));
data/surgescript-0.5.4.2/src/surgescript/compiler/parser.c:807:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
program_name = ssmalloc((1 + strlen(prefix) + strlen(state_name)) * sizeof(*program_name));
data/surgescript-0.5.4.2/src/surgescript/compiler/symtable.c:52:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void (*read)(surgescript_symtable_entry_t* entry, surgescript_program_t* program, unsigned k);
data/surgescript-0.5.4.2/src/surgescript/compiler/symtable.c:234:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
entry->vtable->read(entry, program, k);
data/surgescript-0.5.4.2/src/surgescript/compiler/symtable.c:402:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t symbol_len = strlen(symbol);
data/surgescript-0.5.4.2/src/surgescript/compiler/symtable.c:403:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* buf = ssmalloc((3 + symbol_len + strlen(path)) * sizeof(*buf));
data/surgescript-0.5.4.2/src/surgescript/compiler/symtable.c:411:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t symbol_len = strlen(symbol);
data/surgescript-0.5.4.2/src/surgescript/runtime/object.c:856:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *fun_name = ssmalloc((strlen(state) + strlen(prefix) + 1) * sizeof(char));
data/surgescript-0.5.4.2/src/surgescript/runtime/object.c:856:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *fun_name = ssmalloc((strlen(state) + strlen(prefix) + 1) * sizeof(char));
data/surgescript-0.5.4.2/src/surgescript/runtime/program.c:835:9: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.c:269:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_FIND(hh, pool->meta, object_name, strlen(object_name), m);
data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.c:276:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_ADD_KEYPTR(hh, pool->meta, m->object_name, strlen(m->object_name), m);
data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.c:286:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_FIND(hh, pool->meta, object_name, strlen(object_name), m);
data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.c:308:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_FIND(hh, pool->meta, object_name, strlen(object_name), m);
data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.c:378:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l1 = strlen(object_name), l2 = strlen(program_name);
data/surgescript-0.5.4.2/src/surgescript/runtime/program_pool.c:378:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l1 = strlen(object_name), l2 = strlen(program_name);
data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/console.c:116:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(result);
data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/object.c:246:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* str = ssmalloc((strlen(object_name) + 3) * sizeof(*str));
data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/object.c:249:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(strcat(strcpy(str, "["), object_name), "]");
data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/object.c:249:19: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcat(strcat(strcpy(str, "["), object_name), "]");
data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/string.c:223:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = ssmalloc((1 + strlen(str[0]) + strlen(str[1])) * sizeof(*buf));
data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/string.c:223:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf = ssmalloc((1 + strlen(str[0]) + strlen(str[1])) * sizeof(*buf));
data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/string.c:240:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int search_len = strlen(search);
data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/string.c:272:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* dst = ssmalloc((1 + strlen(src)) * sizeof(*dst)), *q;
data/surgescript-0.5.4.2/src/surgescript/runtime/sslib/string.c:288:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* dst = ssmalloc((1 + strlen(src)) * sizeof(*dst)), *q;
data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:32:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define generate_tag(tag_name) XXH64(tag_name, strlen(tag_name), 0)
data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:188:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_FIND(hh, tag_system->inverse_tag_table, tag_name, strlen(tag_name), ientry);
data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:194:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_ADD_KEYPTR(hh, tag_system->inverse_tag_table, ientry->tag_name, strlen(ientry->tag_name), ientry);
data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:210:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_FIND(hh, tag_system->tag_table, object_name, strlen(object_name), entry);
data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:215:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_ADD_KEYPTR(hh, tag_system->tag_table, entry->object_name, strlen(entry->object_name), entry);
data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:218:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_FIND(hh, tag_system->inverse_tag_table, tag_name, strlen(tag_name), ientry);
data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:224:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_ADD_KEYPTR(hh, tag_system->inverse_tag_table, ientry->tag_name, strlen(ientry->tag_name), ientry);
data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:251:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_FIND(hh, tag_system->tag_table, object_name, strlen(object_name), entry);
data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:281:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_FIND(hh, tag_system->inverse_tag_table, tag_name, strlen(tag_name), ientry);
data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:339:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l1 = strlen(object_name), l2 = strlen(tag_name);
data/surgescript-0.5.4.2/src/surgescript/runtime/tag_system.c:339:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l1 = strlen(object_name), l2 = strlen(tag_name);
data/surgescript-0.5.4.2/src/surgescript/runtime/variable.c:196:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(string != NULL && strlen(string) <= MAXLEN) {
data/surgescript-0.5.4.2/src/surgescript/runtime/variable.c:199:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!u8_isvalid(var->string, strlen(var->string)))
data/surgescript-0.5.4.2/src/surgescript/runtime/variable.c:608:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return sizeof(surgescript_var_t) + (1 + strlen(var->string)) * sizeof(char);
data/surgescript-0.5.4.2/src/surgescript/util/uthash.h:369:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_FIND(hh,head,findstr,(unsigned)strlen(findstr),out)
data/surgescript-0.5.4.2/src/surgescript/util/uthash.h:371:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_ADD(hh,head,strfield[0],(unsigned int)strlen(add->strfield),add)
data/surgescript-0.5.4.2/src/surgescript/util/uthash.h:373:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_REPLACE(hh,head,strfield[0],(unsigned)strlen(add->strfield),add,replaced)
data/surgescript-0.5.4.2/src/surgescript/util/util.c:102:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buf);
data/surgescript-0.5.4.2/src/surgescript/util/util.c:119:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buf);
data/surgescript-0.5.4.2/src/surgescript/util/util.c:217:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* str = surgescript_util_malloc(sizeof(char) * (1 + strlen(src)), location);
data/surgescript-0.5.4.2/src/surgescript/util/util.c:263:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* str = ssmalloc((strlen(prefix) + strlen(text) + 2) * sizeof(char));
data/surgescript-0.5.4.2/src/surgescript/util/util.c:263:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char* str = ssmalloc((strlen(prefix) + strlen(text) + 2) * sizeof(char));
ANALYSIS SUMMARY:
Hits = 124
Lines analyzed = 21154 in approximately 0.59 seconds (35793 lines/second)
Physical Source Lines of Code (SLOC) = 13651
Hits@level = [0] 26 [1] 48 [2] 56 [3] 0 [4] 20 [5] 0
Hits@level+ = [0+] 150 [1+] 124 [2+] 76 [3+] 20 [4+] 20 [5+] 0
Hits/KSLOC@level+ = [0+] 10.9882 [1+] 9.08358 [2+] 5.56736 [3+] 1.46509 [4+] 1.46509 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.