Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/ucommon-7.0.0/inc/ucommon/fsys.h
Examining data/ucommon-7.0.0/inc/ucommon/thread.h
Examining data/ucommon-7.0.0/inc/ucommon/stream.h
Examining data/ucommon-7.0.0/inc/ucommon/object.h
Examining data/ucommon-7.0.0/inc/ucommon/ucommon.h
Examining data/ucommon-7.0.0/inc/ucommon/cpr.h
Examining data/ucommon-7.0.0/inc/ucommon/string.h
Examining data/ucommon-7.0.0/inc/ucommon/secure.h
Examining data/ucommon-7.0.0/inc/ucommon/shared.h
Examining data/ucommon-7.0.0/inc/ucommon/mapref.h
Examining data/ucommon-7.0.0/inc/ucommon/typeref.h
Examining data/ucommon-7.0.0/inc/ucommon/linked.h
Examining data/ucommon-7.0.0/inc/ucommon/stl.h
Examining data/ucommon-7.0.0/inc/ucommon/atomic.h
Examining data/ucommon-7.0.0/inc/ucommon/mapped.h
Examining data/ucommon-7.0.0/inc/ucommon/condition.h
Examining data/ucommon-7.0.0/inc/ucommon/access.h
Examining data/ucommon-7.0.0/inc/ucommon/export.h
Examining data/ucommon-7.0.0/inc/ucommon/unicode.h
Examining data/ucommon-7.0.0/inc/ucommon/counter.h
Examining data/ucommon-7.0.0/inc/ucommon/platform.h
Examining data/ucommon-7.0.0/inc/ucommon/datetime.h
Examining data/ucommon-7.0.0/inc/ucommon/protocols.h
Examining data/ucommon-7.0.0/inc/ucommon/timers.h
Examining data/ucommon-7.0.0/inc/ucommon/memory.h
Examining data/ucommon-7.0.0/inc/ucommon/temporary.h
Examining data/ucommon-7.0.0/inc/ucommon/reuse.h
Examining data/ucommon-7.0.0/inc/ucommon/arrayref.h
Examining data/ucommon-7.0.0/inc/ucommon/shell.h
Examining data/ucommon-7.0.0/inc/ucommon/socket.h
Examining data/ucommon-7.0.0/inc/ucommon/numbers.h
Examining data/ucommon-7.0.0/inc/ucommon/keydata.h
Examining data/ucommon-7.0.0/inc/ucommon/generics.h
Examining data/ucommon-7.0.0/inc/commoncpp/exception.h
Examining data/ucommon-7.0.0/inc/commoncpp/persist.h
Examining data/ucommon-7.0.0/inc/commoncpp/thread.h
Examining data/ucommon-7.0.0/inc/commoncpp/object.h
Examining data/ucommon-7.0.0/inc/commoncpp/commoncpp.h
Examining data/ucommon-7.0.0/inc/commoncpp/serial.h
Examining data/ucommon-7.0.0/inc/commoncpp/slog.h
Examining data/ucommon-7.0.0/inc/commoncpp/tcp.h
Examining data/ucommon-7.0.0/inc/commoncpp/string.h
Examining data/ucommon-7.0.0/inc/commoncpp/udp.h
Examining data/ucommon-7.0.0/inc/commoncpp/misc.h
Examining data/ucommon-7.0.0/inc/commoncpp/export.h
Examining data/ucommon-7.0.0/inc/commoncpp/pointer.h
Examining data/ucommon-7.0.0/inc/commoncpp/dccp.h
Examining data/ucommon-7.0.0/inc/commoncpp/address.h
Examining data/ucommon-7.0.0/inc/commoncpp/mime.h
Examining data/ucommon-7.0.0/inc/commoncpp/applog.h
Examining data/ucommon-7.0.0/inc/commoncpp/file.h
Examining data/ucommon-7.0.0/inc/commoncpp/socket.h
Examining data/ucommon-7.0.0/inc/commoncpp/tokenizer.h
Examining data/ucommon-7.0.0/inc/commoncpp/process.h
Examining data/ucommon-7.0.0/inc/commoncpp/numbers.h
Examining data/ucommon-7.0.0/inc/commoncpp/config.h
Examining data/ucommon-7.0.0/inc/commoncpp/xml.h
Examining data/ucommon-7.0.0/corelib/unicode.cpp
Examining data/ucommon-7.0.0/corelib/reuse.cpp
Examining data/ucommon-7.0.0/corelib/timer.cpp
Examining data/ucommon-7.0.0/corelib/numbers.cpp
Examining data/ucommon-7.0.0/corelib/datetime.cpp
Examining data/ucommon-7.0.0/corelib/counter.cpp
Examining data/ucommon-7.0.0/corelib/string.cpp
Examining data/ucommon-7.0.0/corelib/socket.cpp
Examining data/ucommon-7.0.0/corelib/object.cpp
Examining data/ucommon-7.0.0/corelib/protocols.cpp
Examining data/ucommon-7.0.0/corelib/memory.cpp
Examining data/ucommon-7.0.0/corelib/cpr.cpp
Examining data/ucommon-7.0.0/corelib/shared.cpp
Examining data/ucommon-7.0.0/corelib/mapped.cpp
Examining data/ucommon-7.0.0/corelib/typeref.cpp
Examining data/ucommon-7.0.0/corelib/regex.cpp
Examining data/ucommon-7.0.0/corelib/condition.cpp
Examining data/ucommon-7.0.0/corelib/access.cpp
Examining data/ucommon-7.0.0/corelib/fsys.cpp
Examining data/ucommon-7.0.0/corelib/atomic.cpp
Examining data/ucommon-7.0.0/corelib/keydata.cpp
Examining data/ucommon-7.0.0/corelib/shell.cpp
Examining data/ucommon-7.0.0/corelib/thread.cpp
Examining data/ucommon-7.0.0/corelib/mapref.cpp
Examining data/ucommon-7.0.0/corelib/arrayref.cpp
Examining data/ucommon-7.0.0/corelib/linked.cpp
Examining data/ucommon-7.0.0/corelib/stream.cpp
Examining data/ucommon-7.0.0/test/unicode.cpp
Examining data/ucommon-7.0.0/test/cipher.cpp
Examining data/ucommon-7.0.0/test/datetime.cpp
Examining data/ucommon-7.0.0/test/string.cpp
Examining data/ucommon-7.0.0/test/socket.cpp
Examining data/ucommon-7.0.0/test/keydata.cpp
Examining data/ucommon-7.0.0/test/stdcpp.cpp
Examining data/ucommon-7.0.0/test/shell.cpp
Examining data/ucommon-7.0.0/test/thread.cpp
Examining data/ucommon-7.0.0/test/linked.cpp
Examining data/ucommon-7.0.0/test/stream.cpp
Examining data/ucommon-7.0.0/test/digest.cpp
Examining data/ucommon-7.0.0/test/memory.cpp
Examining data/ucommon-7.0.0/gnutls/sstream.cpp
Examining data/ucommon-7.0.0/gnutls/secure.cpp
Examining data/ucommon-7.0.0/gnutls/cipher.cpp
Examining data/ucommon-7.0.0/gnutls/local.h
Examining data/ucommon-7.0.0/gnutls/random.cpp
Examining data/ucommon-7.0.0/gnutls/hmac.cpp
Examining data/ucommon-7.0.0/gnutls/digest.cpp
Examining data/ucommon-7.0.0/utils/zerofill.cpp
Examining data/ucommon-7.0.0/utils/sockaddr.cpp
Examining data/ucommon-7.0.0/utils/pdetach.cpp
Examining data/ucommon-7.0.0/utils/keywait.cpp
Examining data/ucommon-7.0.0/utils/args.cpp
Examining data/ucommon-7.0.0/utils/urlout.cpp
Examining data/ucommon-7.0.0/utils/car.cpp
Examining data/ucommon-7.0.0/utils/mdsum.cpp
Examining data/ucommon-7.0.0/utils/scrub.cpp
Examining data/ucommon-7.0.0/nossl/brg_endian.h
Examining data/ucommon-7.0.0/nossl/common.cpp
Examining data/ucommon-7.0.0/nossl/sstream.cpp
Examining data/ucommon-7.0.0/nossl/sha1.cpp
Examining data/ucommon-7.0.0/nossl/sha2.h
Examining data/ucommon-7.0.0/nossl/secure.cpp
Examining data/ucommon-7.0.0/nossl/cipher.cpp
Examining data/ucommon-7.0.0/nossl/md5.h
Examining data/ucommon-7.0.0/nossl/local.h
Examining data/ucommon-7.0.0/nossl/sha2.cpp
Examining data/ucommon-7.0.0/nossl/random.cpp
Examining data/ucommon-7.0.0/nossl/sha1.h
Examining data/ucommon-7.0.0/nossl/md5.cpp
Examining data/ucommon-7.0.0/nossl/hmac.cpp
Examining data/ucommon-7.0.0/nossl/brg_types.h
Examining data/ucommon-7.0.0/nossl/digest.cpp
Examining data/ucommon-7.0.0/commoncpp/socket.cpp
Examining data/ucommon-7.0.0/commoncpp/xml.cpp
Examining data/ucommon-7.0.0/commoncpp/misc.cpp
Examining data/ucommon-7.0.0/commoncpp/exception.cpp
Examining data/ucommon-7.0.0/commoncpp/address.cpp
Examining data/ucommon-7.0.0/commoncpp/serial.cpp
Examining data/ucommon-7.0.0/commoncpp/process.cpp
Examining data/ucommon-7.0.0/commoncpp/strchar.cpp
Examining data/ucommon-7.0.0/commoncpp/dir.cpp
Examining data/ucommon-7.0.0/commoncpp/applog.cpp
Examining data/ucommon-7.0.0/commoncpp/pointer.cpp
Examining data/ucommon-7.0.0/commoncpp/udp.cpp
Examining data/ucommon-7.0.0/commoncpp/thread.cpp
Examining data/ucommon-7.0.0/commoncpp/map.cpp
Examining data/ucommon-7.0.0/commoncpp/linked.cpp
Examining data/ucommon-7.0.0/commoncpp/tokenizer.cpp
Examining data/ucommon-7.0.0/commoncpp/slog.cpp
Examining data/ucommon-7.0.0/commoncpp/persist.cpp
Examining data/ucommon-7.0.0/commoncpp/file.cpp
Examining data/ucommon-7.0.0/commoncpp/dso.cpp
Examining data/ucommon-7.0.0/commoncpp/tcp.cpp
Examining data/ucommon-7.0.0/commoncpp/dccp.cpp
Examining data/ucommon-7.0.0/commoncpp/mime.cpp
Examining data/ucommon-7.0.0/openssl/sstream.cpp
Examining data/ucommon-7.0.0/openssl/secure.cpp
Examining data/ucommon-7.0.0/openssl/cipher.cpp
Examining data/ucommon-7.0.0/openssl/local.h
Examining data/ucommon-7.0.0/openssl/random.cpp
Examining data/ucommon-7.0.0/openssl/hmac.cpp
Examining data/ucommon-7.0.0/openssl/digest.cpp
FINAL RESULTS:
data/ucommon-7.0.0/commoncpp/file.cpp:1600:20: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
slen = readlink(buffer, symlink, size);
data/ucommon-7.0.0/corelib/fsys.cpp:1021:10: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if(::chmod(path, value))
data/ucommon-7.0.0/corelib/fsys.cpp:1244:10: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
if(::readlink(path, buffer, size))
data/ucommon-7.0.0/corelib/protocols.cpp:34:9: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
#undef gets
data/ucommon-7.0.0/commoncpp/applog.cpp:951:29: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
logIt->second._msgpos = vsnprintf(logIt->second._msgbuf, logStruct::BUFF_SIZE, format, args);
data/ucommon-7.0.0/commoncpp/applog.cpp:980:29: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
logIt->second._msgpos = vsnprintf(logIt->second._msgbuf, logStruct::BUFF_SIZE, format, args);
data/ucommon-7.0.0/commoncpp/applog.cpp:1009:29: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
logIt->second._msgpos = vsnprintf(logIt->second._msgbuf, logStruct::BUFF_SIZE, format, args);
data/ucommon-7.0.0/commoncpp/applog.cpp:1036:29: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
logIt->second._msgpos = vsnprintf(logIt->second._msgbuf, logStruct::BUFF_SIZE, format, args);
data/ucommon-7.0.0/commoncpp/applog.cpp:1065:29: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
logIt->second._msgpos = vsnprintf(logIt->second._msgbuf, logStruct::BUFF_SIZE, format, args);
data/ucommon-7.0.0/commoncpp/applog.cpp:1094:29: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
logIt->second._msgpos = vsnprintf(logIt->second._msgbuf, logStruct::BUFF_SIZE, format, args);
data/ucommon-7.0.0/commoncpp/applog.cpp:1123:29: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
logIt->second._msgpos = vsnprintf(logIt->second._msgbuf, logStruct::BUFF_SIZE, format, args);
data/ucommon-7.0.0/commoncpp/applog.cpp:1152:29: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
logIt->second._msgpos = vsnprintf(logIt->second._msgbuf, logStruct::BUFF_SIZE, format, args);
data/ucommon-7.0.0/commoncpp/file.cpp:1275:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!access(path, R_OK))
data/ucommon-7.0.0/commoncpp/file.cpp:1300:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!access(path, W_OK | R_OK))
data/ucommon-7.0.0/commoncpp/process.cpp:417:9: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp((char *)exename, (char **)args);
data/ucommon-7.0.0/commoncpp/slog.cpp:80:8: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
if(syslog)
data/ucommon-7.0.0/commoncpp/slog.cpp:81:16: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
fclose(syslog);
data/ucommon-7.0.0/commoncpp/slog.cpp:91:8: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
if(syslog)
data/ucommon-7.0.0/commoncpp/slog.cpp:92:16: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
fclose(syslog);
data/ucommon-7.0.0/commoncpp/slog.cpp:166:8: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
if(syslog)
data/ucommon-7.0.0/commoncpp/slog.cpp:167:20: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
fclose(syslog);
data/ucommon-7.0.0/commoncpp/slog.cpp:198:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(thread->msgbuf, sizeof(thread->msgbuf), format, args);
data/ucommon-7.0.0/commoncpp/slog.cpp:215:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(thread->msgbuf, sizeof(thread->msgbuf), format, args);
data/ucommon-7.0.0/commoncpp/slog.cpp:232:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(thread->msgbuf, sizeof(thread->msgbuf), format, args);
data/ucommon-7.0.0/commoncpp/slog.cpp:249:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(thread->msgbuf, sizeof(thread->msgbuf), format, args);
data/ucommon-7.0.0/commoncpp/slog.cpp:266:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(thread->msgbuf, sizeof(thread->msgbuf), format, args);
data/ucommon-7.0.0/commoncpp/slog.cpp:283:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(thread->msgbuf, sizeof(thread->msgbuf), format, args);
data/ucommon-7.0.0/commoncpp/slog.cpp:300:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(thread->msgbuf, sizeof(thread->msgbuf), format, args);
data/ucommon-7.0.0/commoncpp/slog.cpp:317:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(thread->msgbuf, sizeof(thread->msgbuf), format, args);
data/ucommon-7.0.0/commoncpp/slog.cpp:377:16: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
if(syslog)
data/ucommon-7.0.0/commoncpp/slog.cpp:378:28: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
fputs(buf, syslog);
data/ucommon-7.0.0/commoncpp/tcp.cpp:1027:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
size_t TCPStream::printf(const char *format, ...)
data/ucommon-7.0.0/commoncpp/tcp.cpp:1037:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, len, format, args);
data/ucommon-7.0.0/corelib/condition.cpp:364:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void ConditionalAccess::access(void)
data/ucommon-7.0.0/corelib/condition.cpp:429:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access();
data/ucommon-7.0.0/corelib/condition.cpp:484:23: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void ConditionalLock::access(void)
data/ucommon-7.0.0/corelib/fsys.cpp:376:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf((char *)buf, len, ptr->cFileName);
data/ucommon-7.0.0/corelib/fsys.cpp:483:44: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void fsys::open(const char *path, access_t access)
data/ucommon-7.0.0/corelib/fsys.cpp:506:17: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf) "/dev/tty%s", path);
data/ucommon-7.0.0/corelib/fsys.cpp:524:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
switch(access)
data/ucommon-7.0.0/corelib/fsys.cpp:566:60: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void fsys::open(const char *path, unsigned fmode, access_t access)
data/ucommon-7.0.0/corelib/fsys.cpp:592:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
switch(access)
data/ucommon-7.0.0/corelib/fsys.cpp:854:60: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void fsys::open(const char *path, unsigned fmode, access_t access)
data/ucommon-7.0.0/corelib/fsys.cpp:861:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
switch(access)
data/ucommon-7.0.0/corelib/fsys.cpp:919:44: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void fsys::open(const char *path, access_t access)
data/ucommon-7.0.0/corelib/fsys.cpp:926:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
switch(access)
data/ucommon-7.0.0/corelib/fsys.cpp:1028:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(::access(path, F_OK))
data/ucommon-7.0.0/corelib/fsys.cpp:1036:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(::access(path, R_OK))
data/ucommon-7.0.0/corelib/fsys.cpp:1044:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(::access(path, W_OK))
data/ucommon-7.0.0/corelib/fsys.cpp:1055:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(::access(path, X_OK))
data/ucommon-7.0.0/corelib/fsys.cpp:1184:39: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
fsys::fsys(const char *path, access_t access)
data/ucommon-7.0.0/corelib/fsys.cpp:1187:16: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
open(path, access);
data/ucommon-7.0.0/corelib/fsys.cpp:1190:55: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
fsys::fsys(const char *path, unsigned fmode, access_t access)
data/ucommon-7.0.0/corelib/fsys.cpp:1193:23: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
open(path, fmode, access);
data/ucommon-7.0.0/corelib/mapref.cpp:120:28: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
LinkedObject *MapRef::Map::access(size_t key)
data/ucommon-7.0.0/corelib/mapref.cpp:122:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
lock.access();
data/ucommon-7.0.0/corelib/mapref.cpp:165:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
map->lock.access();
data/ucommon-7.0.0/corelib/mapref.cpp:176:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
map->lock.access();
data/ucommon-7.0.0/corelib/mapref.cpp:196:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
map->lock.access();
data/ucommon-7.0.0/corelib/mapref.cpp:226:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
map->lock.access();
data/ucommon-7.0.0/corelib/mapref.cpp:237:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
map->lock.access();
data/ucommon-7.0.0/corelib/mapref.cpp:413:39: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
linked_pointer<MapRef::Index> MapRef::access(size_t key)
data/ucommon-7.0.0/corelib/mapref.cpp:421:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ip = m->access(key);
data/ucommon-7.0.0/corelib/memory.cpp:615:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, text);
data/ucommon-7.0.0/corelib/memory.cpp:676:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, text);
data/ucommon-7.0.0/corelib/memory.cpp:731:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, text);
data/ucommon-7.0.0/corelib/shared.cpp:86:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
LinkedObject *MappedPointer::access(size_t path)
data/ucommon-7.0.0/corelib/shared.cpp:88:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
lock->access();
data/ucommon-7.0.0/corelib/shell.cpp:546:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), format, args);
data/ucommon-7.0.0/corelib/shell.cpp:549:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return system(buffer);
data/ucommon-7.0.0/corelib/shell.cpp:807:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, args);
data/ucommon-7.0.0/corelib/shell.cpp:851:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, args);
data/ucommon-7.0.0/corelib/shell.cpp:874:15: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
size_t shell::printf(const char *format, ...)
data/ucommon-7.0.0/corelib/shell.cpp:878:21: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
size_t result = vprintf(format, args);
data/ucommon-7.0.0/corelib/shell.cpp:1050:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int shell::system(const char *cmd, const char **envp)
data/ucommon-7.0.0/corelib/shell.cpp:1354:14: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
char *shell::getpass(const char *prompt, char *buffer, size_t size)
data/ucommon-7.0.0/corelib/shell.cpp:1483:14: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
char *shell::getpass(const char *prompt, char *buffer, size_t size)
data/ucommon-7.0.0/corelib/shell.cpp:1674:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int shell::system(const char *cmd, const char **envp)
data/ucommon-7.0.0/corelib/shell.cpp:1724:7: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
::execlp("/bin/sh", "sh", "-c", cmd, NULL);
data/ucommon-7.0.0/corelib/shell.cpp:2005:9: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(path, argv);
data/ucommon-7.0.0/corelib/shell.cpp:2007:9: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(path, argv);
data/ucommon-7.0.0/corelib/shell.cpp:2064:9: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(path, argv);
data/ucommon-7.0.0/corelib/shell.cpp:2066:9: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(path, argv);
data/ucommon-7.0.0/corelib/shell.cpp:2186:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, args);
data/ucommon-7.0.0/corelib/shell.cpp:2241:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, args);
data/ucommon-7.0.0/corelib/shell.cpp:2282:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, args);
data/ucommon-7.0.0/corelib/shell.cpp:2355:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, args);
data/ucommon-7.0.0/corelib/shell.cpp:2378:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, args);
data/ucommon-7.0.0/corelib/shell.cpp:2420:5: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(*list, newargs);
data/ucommon-7.0.0/corelib/socket.cpp:3382:16: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
size_t Socket::printf(const char *format, ...)
data/ucommon-7.0.0/corelib/socket.cpp:3390:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), format, args);
data/ucommon-7.0.0/corelib/socket.cpp:3396:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
ssize_t Socket::printf(socket_t so, const char *format, ...)
data/ucommon-7.0.0/corelib/socket.cpp:3404:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), format, args);
data/ucommon-7.0.0/corelib/stream.cpp:410:50: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
pipestream::pipestream(const char *cmd, access_t access, char **args, char **envp, size_t size) :
data/ucommon-7.0.0/corelib/stream.cpp:413:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
open(cmd, access, args, envp, size);
data/ucommon-7.0.0/corelib/stream.cpp:640:76: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
filestream::filestream(const char *filename, unsigned mode, fsys::access_t access, size_t size) :
data/ucommon-7.0.0/corelib/stream.cpp:643:26: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
open(filename, mode, access, size);
data/ucommon-7.0.0/corelib/stream.cpp:737:73: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void filestream::open(const char *fname, unsigned fmode, fsys::access_t access, size_t size)
data/ucommon-7.0.0/corelib/stream.cpp:740:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
fd.open(fname, fmode, access);
data/ucommon-7.0.0/corelib/stream.cpp:742:24: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
allocate(size, access);
data/ucommon-7.0.0/corelib/stream.cpp:745:57: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void filestream::open(const char *fname, fsys::access_t access, size_t size)
data/ucommon-7.0.0/corelib/stream.cpp:748:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
fd.open(fname, access);
data/ucommon-7.0.0/corelib/stream.cpp:750:24: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
allocate(size, access);
data/ucommon-7.0.0/corelib/string.cpp:225:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(str->text, size + 1, format, args);
data/ucommon-7.0.0/corelib/string.cpp:633:16: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
size_t String::printf(const char *format, ...)
data/ucommon-7.0.0/corelib/string.cpp:640:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(str->text, str->max + 1, format, args);
data/ucommon-7.0.0/corelib/string.cpp:648:16: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
size_t String::vprintf(const char *format, va_list args)
data/ucommon-7.0.0/corelib/string.cpp:653:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(str->text, str->max + 1, format, args);
data/ucommon-7.0.0/corelib/string.cpp:661:13: [4] (buffer) vscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
int String::vscanf(const char *format, va_list args)
data/ucommon-7.0.0/corelib/string.cpp:666:16: [4] (buffer) vsscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
return vsscanf(str->text, format, args);
data/ucommon-7.0.0/corelib/string.cpp:670:13: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
int String::scanf(const char *format, ...)
data/ucommon-7.0.0/corelib/string.cpp:679:15: [4] (buffer) vsscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
rtn = vsscanf(str->text, format, args);
data/ucommon-7.0.0/corelib/string.cpp:684:13: [4] (buffer) vscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
int String::vscanf(const char *format, va_list args)
data/ucommon-7.0.0/corelib/string.cpp:689:13: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
int String::scanf(const char *format, ...)
data/ucommon-7.0.0/corelib/thread.cpp:368:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
bool RWLock::access(timeout_t timeout)
data/ucommon-7.0.0/corelib/thread.cpp:579:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(entry->access(timeout))
data/ucommon-7.0.0/corelib/thread.cpp:631:5: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
access();
data/ucommon-7.0.0/inc/commoncpp/file.h:402:12: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
Access access;
data/ucommon-7.0.0/inc/commoncpp/slog.h:136:11: [4] (format) syslog:
If syslog's format strings can be influenced by an attacker, they can be
exploited (CWE-134). Use a constant format string for syslog.
FILE *syslog;
data/ucommon-7.0.0/inc/commoncpp/tcp.h:522:12: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
size_t printf(const char *format, ...);
data/ucommon-7.0.0/inc/commoncpp/thread.h:188:26: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ucommon::RWLock::access();
data/ucommon-7.0.0/inc/commoncpp/thread.h:196:26: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ucommon::RWLock::access(0);
data/ucommon-7.0.0/inc/ucommon/condition.h:472:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void access(void);
data/ucommon-7.0.0/inc/ucommon/condition.h:557:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void access(void);
data/ucommon-7.0.0/inc/ucommon/fsys.h:204:37: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
fsys(const char *path, access_t access);
data/ucommon-7.0.0/inc/ucommon/fsys.h:212:58: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
fsys(const char *path, unsigned permission, access_t access);
data/ucommon-7.0.0/inc/ucommon/fsys.h:485:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void open(const char *path, access_t access);
data/ucommon-7.0.0/inc/ucommon/fsys.h:512:57: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void open(const char *path, unsigned mode, access_t access);
data/ucommon-7.0.0/inc/ucommon/mapref.h:111:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
LinkedObject *access(size_t key = 0);
data/ucommon-7.0.0/inc/ucommon/mapref.h:167:24: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
linked_pointer<Index> access(size_t keyvalue = 0);
data/ucommon-7.0.0/inc/ucommon/mapref.h:298:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
linked_pointer<Index> ip = access(mapkeypath<K>(key));
data/ucommon-7.0.0/inc/ucommon/mapref.h:458:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
linked_pointer<Index> ip = access();
data/ucommon-7.0.0/inc/ucommon/platform.h:138:49: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define __PRINTF(x,y) __attribute__ ((format (printf, x, y)))
data/ucommon-7.0.0/inc/ucommon/platform.h:139:47: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
#define __SCANF(x, y) __attribute__ ((format (scanf, x, y)))
data/ucommon-7.0.0/inc/ucommon/platform.h:434:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf(p, s, f, ...) _snprintf_s(p, s, _TRUNCATE, f, __VA_ARGS__)
data/ucommon-7.0.0/inc/ucommon/platform.h:435:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf(p, s, f, a) _vsnprintf_s(p, s, _TRUNCATE, f, a)
data/ucommon-7.0.0/inc/ucommon/shared.h:139:16: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
LinkedObject *access(size_t path);
data/ucommon-7.0.0/inc/ucommon/shared.h:231:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
linked_pointer<Index> ip = access(mapped_keypath<K>(key));
data/ucommon-7.0.0/inc/ucommon/shell.h:520:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
static int system(const char *command, const char **env = NULL);
data/ucommon-7.0.0/inc/ucommon/shell.h:725:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static size_t printf(const char *format, ...) __PRINTF(1, 2);
data/ucommon-7.0.0/inc/ucommon/shell.h:881:18: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
static char *getpass(const char *prompt, char *buffer, size_t size);
data/ucommon-7.0.0/inc/ucommon/socket.h:1227:12: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
size_t printf(const char *format, ...) __PRINTF(2,3);
data/ucommon-7.0.0/inc/ucommon/socket.h:1263:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
static ssize_t printf(socket_t socket, const char *format, ...) __PRINTF(2,3);
data/ucommon-7.0.0/inc/ucommon/stream.h:291:46: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
pipestream(const char *command, access_t access, char **args, char **env = NULL, size_t size = 512);
data/ucommon-7.0.0/inc/ucommon/stream.h:322:42: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void open(const char *path, access_t access, char **args, char **env = NULL, size_t buffering = 512);
data/ucommon-7.0.0/inc/ucommon/stream.h:394:64: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
filestream(const char *path, unsigned mode, fsys::access_t access, size_t bufsize = 512);
data/ucommon-7.0.0/inc/ucommon/stream.h:399:49: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
filestream(const char *path, fsys::access_t access, size_t bufsize = 512);
data/ucommon-7.0.0/inc/ucommon/stream.h:425:52: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void open(const char *filename, fsys::access_t access, size_t buffering = 512);
data/ucommon-7.0.0/inc/ucommon/stream.h:430:67: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
void open(const char *filename, unsigned mode, fsys::access_t access, size_t buffering = 512);
data/ucommon-7.0.0/inc/ucommon/string.h:337:9: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
int scanf(const char *format, ...) __SCANF(2, 3);
data/ucommon-7.0.0/inc/ucommon/string.h:345:9: [4] (buffer) vscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
int vscanf(const char *format, va_list args) __SCANF(2, 0);
data/ucommon-7.0.0/inc/ucommon/string.h:352:12: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
size_t printf(const char *format, ...) __PRINTF(2, 3);
data/ucommon-7.0.0/inc/ucommon/string.h:360:12: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
size_t vprintf(const char *format, va_list args) __PRINTF(2, 0);
data/ucommon-7.0.0/inc/ucommon/thread.h:248:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
bool access(timeout_t timeout = Timer::inf);
data/ucommon-7.0.0/nossl/common.cpp:246:15: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
if(shell::getpass(prompt, *buffer, size))
data/ucommon-7.0.0/utils/car.cpp:448:12: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
shell::getpass("passphrase: ", passphrase, sizeof(passphrase));
data/ucommon-7.0.0/utils/car.cpp:449:12: [4] (misc) getpass:
This function is obsolete and not portable. It was in SUSv2 but removed by
POSIX.2. What it does exactly varies considerably between systems,
particularly in where its prompt is displayed and where it gets its data
(e.g., /dev/tty, stdin, stderr, etc.). In addition, some implementations
overflow buffers. (CWE-676, CWE-120, CWE-20). Make the specific calls to do
exactly what you want. If you continue to use it, or write your own, be
sure to zero the password as soon as possible to avoid leaving the
cleartext password visible in the process' address space.
shell::getpass("confirm: ", confirm, sizeof(confirm));
data/ucommon-7.0.0/commoncpp/dso.cpp:154:13: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
image = LoadLibrary(filename);
data/ucommon-7.0.0/commoncpp/file.cpp:1458:9: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if(!realpath(path, temp))
data/ucommon-7.0.0/commoncpp/process.cpp:657:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if(getenv(strbuf))
data/ucommon-7.0.0/commoncpp/process.cpp:666:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
return ::getenv(name);
data/ucommon-7.0.0/corelib/condition.cpp:68:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&mutex);
data/ucommon-7.0.0/corelib/fsys.cpp:1530:11: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
ptr = LoadLibrary(path);
data/ucommon-7.0.0/corelib/shell.cpp:1018:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *shell::getenv(const char *id, const char *value)
data/ucommon-7.0.0/corelib/shell.cpp:1523:19: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
char *path0 = realpath(argv0, NULL);
data/ucommon-7.0.0/corelib/shell.cpp:1543:24: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *id = ::getenv("LOGNAME");
data/ucommon-7.0.0/corelib/shell.cpp:1562:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = ::getenv("HOME");
data/ucommon-7.0.0/corelib/shell.cpp:1568:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = ::getenv("HOME");
data/ucommon-7.0.0/corelib/shell.cpp:1577:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = ::getenv("HOME");
data/ucommon-7.0.0/corelib/shell.cpp:1587:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = ::getenv("HOME");
data/ucommon-7.0.0/corelib/shell.cpp:1598:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = ::getenv("HOME");
data/ucommon-7.0.0/corelib/shell.cpp:1618:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = ::getenv("HOME");
data/ucommon-7.0.0/corelib/shell.cpp:1665:20: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *shell::getenv(const char *id, const char *value)
data/ucommon-7.0.0/corelib/shell.cpp:1667:23: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *v = ::getenv(id);
data/ucommon-7.0.0/corelib/shell.cpp:2465:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
return shell::getenv(name, value);
data/ucommon-7.0.0/corelib/thread.cpp:749:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection((LPCRITICAL_SECTION)&mutex);
data/ucommon-7.0.0/corelib/thread.cpp:766:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection((LPCRITICAL_SECTION)&mutex);
data/ucommon-7.0.0/corelib/thread.cpp:773:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection((LPCRITICAL_SECTION)&mutex);
data/ucommon-7.0.0/corelib/thread.cpp:798:5: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection((LPCRITICAL_SECTION)&mutex);
data/ucommon-7.0.0/inc/ucommon/condition.h:89:9: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&mutex);
data/ucommon-7.0.0/inc/ucommon/condition.h:126:13: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(mutex);
data/ucommon-7.0.0/inc/ucommon/condition.h:395:9: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&mutex);
data/ucommon-7.0.0/inc/ucommon/platform.h:350:10: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
{InitializeCriticalSection(mutex); return 0;}
data/ucommon-7.0.0/inc/ucommon/platform.h:356:10: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
{EnterCriticalSection(mutex);}
data/ucommon-7.0.0/inc/ucommon/shell.h:613:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
const char *getenv(const char *name, const char *value = NULL);
data/ucommon-7.0.0/nossl/random.cpp:32:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((int)now);
data/ucommon-7.0.0/commoncpp/address.cpp:127:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipaddr, rhs.ipaddr, sizeof(struct in_addr) * addr_count);
data/ucommon-7.0.0/commoncpp/address.cpp:203:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipaddr, &aptr.in4, sizeof(struct in_addr));
data/ucommon-7.0.0/commoncpp/address.cpp:218:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipaddr, rhs.ipaddr, sizeof(struct in_addr) * addr_count);
data/ucommon-7.0.0/commoncpp/address.cpp:281:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[256];
data/ucommon-7.0.0/commoncpp/address.cpp:342:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[8192];
data/ucommon-7.0.0/commoncpp/address.cpp:349:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[8192];
data/ucommon-7.0.0/commoncpp/address.cpp:399:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int l = 32 - atoi(mask);
data/ucommon-7.0.0/commoncpp/address.cpp:434:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[8192];
data/ucommon-7.0.0/commoncpp/address.cpp:440:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[8192];
data/ucommon-7.0.0/commoncpp/address.cpp:504:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipaddr, &in6addr_any, sizeof(struct in6_addr));
data/ucommon-7.0.0/commoncpp/address.cpp:524:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipaddr, &addr, sizeof(struct in6_addr));
data/ucommon-7.0.0/commoncpp/address.cpp:530:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipaddr, rhs.ipaddr, sizeof(struct in6_addr) * addr_count);
data/ucommon-7.0.0/commoncpp/address.cpp:599:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ipaddr, rhs.ipaddr, sizeof(struct in6_addr) * addr_count);
data/ucommon-7.0.0/commoncpp/address.cpp:662:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[256];
data/ucommon-7.0.0/commoncpp/address.cpp:774:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[8192];
data/ucommon-7.0.0/commoncpp/address.cpp:781:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[8192];
data/ucommon-7.0.0/commoncpp/address.cpp:843:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char strbuf[64];
data/ucommon-7.0.0/commoncpp/address.cpp:853:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[8192];
data/ucommon-7.0.0/commoncpp/address.cpp:859:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[8192];
data/ucommon-7.0.0/commoncpp/address.cpp:1008:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bcast, &network, sizeof(network));
data/ucommon-7.0.0/commoncpp/address.cpp:1027:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(mp);
data/ucommon-7.0.0/commoncpp/address.cpp:1034:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dots[0] = atoi(cp);
data/ucommon-7.0.0/commoncpp/address.cpp:1037:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dots[++dcount] = atoi(gp);
data/ucommon-7.0.0/commoncpp/address.cpp:1054:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[INET_IPV4_ADDRESS_SIZE];
data/ucommon-7.0.0/commoncpp/address.cpp:1140:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bcast, &network, sizeof(network));
data/ucommon-7.0.0/commoncpp/address.cpp:1152:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(++sp);
data/ucommon-7.0.0/commoncpp/address.cpp:1188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[INET_IPV6_ADDRESS_SIZE];
data/ucommon-7.0.0/commoncpp/applog.cpp:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _msgbuf[BUFF_SIZE];
data/ucommon-7.0.0/commoncpp/applog.cpp:341:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_logfs.open(_nomeFile.c_str(), std::ofstream::out | std::ofstream::app | std::ofstream::ate);
data/ucommon-7.0.0/commoncpp/applog.cpp:351:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
_logfs.open(_nomeFile.c_str(), std::fstream::in | std::fstream::out);
data/ucommon-7.0.0/commoncpp/applog.cpp:471:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d->_logfs.open(d->_nomeFile.c_str(), std::fstream::in | std::fstream::out);
data/ucommon-7.0.0/commoncpp/applog.cpp:475:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d->_logfs.open(d->_nomeFile.c_str(), std::fstream::out | std::fstream::app);
data/ucommon-7.0.0/commoncpp/applog.cpp:489:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d->_logfs.open(d->_nomeFile.c_str(), std::fstream::in | std::fstream::out);
data/ucommon-7.0.0/commoncpp/applog.cpp:584:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d->_logfs.open(d->_nomeFile.c_str(), std::fstream::out | std::fstream::app);
data/ucommon-7.0.0/commoncpp/applog.cpp:594:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d->_logfs.open(d->_nomeFile.c_str(), std::fstream::in | std::fstream::out);
data/ucommon-7.0.0/commoncpp/applog.cpp:635:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/ucommon-7.0.0/commoncpp/applog.cpp:759:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void AppLog::open(const char *ident)
data/ucommon-7.0.0/commoncpp/applog.cpp:780:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d->_logfs.open(d->_nomeFile.c_str(), std::fstream::out | std::fstream::app);
data/ucommon-7.0.0/commoncpp/applog.cpp:1205:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(ident);
data/ucommon-7.0.0/commoncpp/dccp.cpp:135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[128], *cp;
data/ucommon-7.0.0/commoncpp/dccp.cpp:197:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[128], *cp;
data/ucommon-7.0.0/commoncpp/dccp.cpp:225:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr.sin_port = htons(atoi(cp));
data/ucommon-7.0.0/commoncpp/dccp.cpp:390:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[128];
data/ucommon-7.0.0/commoncpp/dccp.cpp:440:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[128];
data/ucommon-7.0.0/commoncpp/dccp.cpp:458:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(cp);
data/ucommon-7.0.0/commoncpp/dccp.cpp:575:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.sin6_addr, &in6addr_loopback, sizeof(in6addr_loopback));
data/ucommon-7.0.0/commoncpp/dir.cpp:86:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(fname);
data/ucommon-7.0.0/commoncpp/dir.cpp:160:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Dir::open(const char *fname)
data/ucommon-7.0.0/commoncpp/dir.cpp:199:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&data, &fdata, sizeof(fdata));
data/ucommon-7.0.0/commoncpp/dir.cpp:314:2: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(prefix);
data/ucommon-7.0.0/commoncpp/dir.cpp:324:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void DirTree::open(const char *prefix)
data/ucommon-7.0.0/commoncpp/dir.cpp:342:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dir[current++].open(prefix);
data/ucommon-7.0.0/commoncpp/dir.cpp:359:2: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(prefix);
data/ucommon-7.0.0/commoncpp/dir.cpp:432:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dir[current++].open(path);
data/ucommon-7.0.0/commoncpp/file.cpp:401:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(path);
data/ucommon-7.0.0/commoncpp/file.cpp:414:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SharedFile::Error SharedFile::open(const char *path)
data/ucommon-7.0.0/commoncpp/file.cpp:443:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open(pathname, O_RDWR);
data/ucommon-7.0.0/commoncpp/file.cpp:446:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open(pathname, O_CREAT | O_RDWR | O_TRUNC,
data/ucommon-7.0.0/commoncpp/file.cpp:955:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(fname, (int)mode);
data/ucommon-7.0.0/commoncpp/file.cpp:957:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open(pathname, O_CREAT | O_RDWR | O_TRUNC,
data/ucommon-7.0.0/commoncpp/file.cpp:980:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(fname, (int)mode | O_CREAT, 0660);
data/ucommon-7.0.0/commoncpp/file.cpp:1014:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(fname, (int)mode);
data/ucommon-7.0.0/commoncpp/file.cpp:1456:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[PATH_MAX];
data/ucommon-7.0.0/commoncpp/file.cpp:1494:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char left[PATH_MAX];
data/ucommon-7.0.0/commoncpp/file.cpp:1496:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char left[size];
data/ucommon-7.0.0/commoncpp/file.cpp:1533:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char next_token[PATH_MAX];
data/ucommon-7.0.0/commoncpp/file.cpp:1535:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char next_token[size];
data/ucommon-7.0.0/commoncpp/file.cpp:1594:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symlink[size];
data/ucommon-7.0.0/commoncpp/process.cpp:106:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char userid[65];
data/ucommon-7.0.0/commoncpp/process.cpp:242:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/ucommon-7.0.0/commoncpp/process.cpp:309:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/ucommon-7.0.0/commoncpp/process.cpp:338:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/ucommon-7.0.0/commoncpp/process.cpp:510:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = open(_PATH_TTY, O_RDWR)) >= 0) {
data/ucommon-7.0.0/commoncpp/process.cpp:533:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
::open(dev, O_RDWR);
data/ucommon-7.0.0/commoncpp/process.cpp:534:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
::open(dev, O_RDWR);
data/ucommon-7.0.0/commoncpp/process.cpp:535:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
::open(dev, O_RDWR);
data/ucommon-7.0.0/commoncpp/process.cpp:653:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strbuf[256];
data/ucommon-7.0.0/commoncpp/process.cpp:721:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mname[65];
data/ucommon-7.0.0/commoncpp/process.cpp:778:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/ucommon-7.0.0/commoncpp/process.cpp:818:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open(_path, O_WRONLY | O_CREAT | O_EXCL, 0660);
data/ucommon-7.0.0/commoncpp/process.cpp:832:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open(_path, O_RDONLY);
data/ucommon-7.0.0/commoncpp/process.cpp:850:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid = atoi(buffer);
data/ucommon-7.0.0/commoncpp/serial.cpp:127:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(fname);
data/ucommon-7.0.0/commoncpp/serial.cpp:249:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current, original, sizeof(DCB));
data/ucommon-7.0.0/commoncpp/serial.cpp:252:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current, original, sizeof(struct termios));
data/ucommon-7.0.0/commoncpp/serial.cpp:421:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current, ser.current, sizeof(DCB));
data/ucommon-7.0.0/commoncpp/serial.cpp:422:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(original, ser.original, sizeof(DCB));
data/ucommon-7.0.0/commoncpp/serial.cpp:427:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(current, ser.current, sizeof(struct termios));
data/ucommon-7.0.0/commoncpp/serial.cpp:428:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(original, ser.original, sizeof(struct termios));
data/ucommon-7.0.0/commoncpp/serial.cpp:434:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Serial::open(const char * fname)
data/ucommon-7.0.0/commoncpp/serial.cpp:439:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dev = ::open(fname, cflags);
data/ucommon-7.0.0/commoncpp/serial.cpp:1274:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(name);
data/ucommon-7.0.0/commoncpp/serial.cpp:1291:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void ttystream::open(const char *name)
data/ucommon-7.0.0/commoncpp/serial.cpp:1295:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathname[256];
data/ucommon-7.0.0/commoncpp/serial.cpp:1330:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Serial::open(pathname);
data/ucommon-7.0.0/commoncpp/serial.cpp:1383:19: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
opt = atol(cp);
data/ucommon-7.0.0/commoncpp/slog.cpp:98:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Slog::open(const char *ident, Class grp)
data/ucommon-7.0.0/commoncpp/slog.cpp:179:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
syslog = fopen(cp, "a");
data/ucommon-7.0.0/commoncpp/slog.cpp:344:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ucommon-7.0.0/commoncpp/slog.cpp:410:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(ident, grp);
data/ucommon-7.0.0/commoncpp/tcp.cpp:115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[128], *cp;
data/ucommon-7.0.0/commoncpp/tcp.cpp:178:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[128], *cp;
data/ucommon-7.0.0/commoncpp/tcp.cpp:199:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr.sin_port = htons(atoi(cp));
data/ucommon-7.0.0/commoncpp/tcp.cpp:293:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[128], *cp;
data/ucommon-7.0.0/commoncpp/tcp.cpp:496:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[128];
data/ucommon-7.0.0/commoncpp/tcp.cpp:556:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[128];
data/ucommon-7.0.0/commoncpp/tcp.cpp:575:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(cp);
data/ucommon-7.0.0/commoncpp/tcp.cpp:706:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.sin6_addr, &in6addr_loopback, sizeof(in6addr_loopback));
data/ucommon-7.0.0/commoncpp/tcp.cpp:1165:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&addr.sin6_addr, &in6addr_loopback, sizeof(in6addr_loopback));
data/ucommon-7.0.0/commoncpp/thread.cpp:329:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret, &temp, sizeof(time_t));
data/ucommon-7.0.0/commoncpp/thread.cpp:331:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tloc, &ret, sizeof(time_t));
data/ucommon-7.0.0/commoncpp/thread.cpp:350:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tp, &temp, sizeof(struct timeval));
data/ucommon-7.0.0/commoncpp/thread.cpp:354:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tp, &temp, sizeof(struct timeval));
data/ucommon-7.0.0/commoncpp/thread.cpp:365:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, temp, sizeof(struct tm));
data/ucommon-7.0.0/commoncpp/thread.cpp:374:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result, temp, sizeof(struct tm));
data/ucommon-7.0.0/commoncpp/thread.cpp:810:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, head, objsize);
data/ucommon-7.0.0/commoncpp/thread.cpp:818:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tail, data, objsize);
data/ucommon-7.0.0/commoncpp/thread.cpp:826:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, head, objsize);
data/ucommon-7.0.0/commoncpp/thread.cpp:907:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->data, dp, len);
data/ucommon-7.0.0/commoncpp/udp.cpp:102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[128], *cp;
data/ucommon-7.0.0/commoncpp/udp.cpp:166:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[128], *cp;
data/ucommon-7.0.0/commoncpp/xml.cpp:89:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cp = atoi(buffer + 1);
data/ucommon-7.0.0/commoncpp/xml.cpp:202:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cp = atoi(buffer + 1);
data/ucommon-7.0.0/commoncpp/xml.cpp:311:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cp = atoi(buffer + 1);
data/ucommon-7.0.0/corelib/cpr.cpp:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/ucommon-7.0.0/corelib/cpr.cpp:200:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, s1, size);
data/ucommon-7.0.0/corelib/cpr.cpp:201:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s1, s2, size);
data/ucommon-7.0.0/corelib/cpr.cpp:202:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s2, buf, size);
data/ucommon-7.0.0/corelib/datetime.cpp:255:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[11];
data/ucommon-7.0.0/corelib/datetime.cpp:272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[11];
data/ucommon-7.0.0/corelib/datetime.cpp:280:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[11];
data/ucommon-7.0.0/corelib/datetime.cpp:288:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[11];
data/ucommon-7.0.0/corelib/datetime.cpp:301:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[11];
data/ucommon-7.0.0/corelib/datetime.cpp:309:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[11];
data/ucommon-7.0.0/corelib/datetime.cpp:311:12: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atol(buf) * 10000 + atol(buf + 5) * 100 + atol(buf + 8);
data/ucommon-7.0.0/corelib/datetime.cpp:311:32: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atol(buf) * 10000 + atol(buf + 5) * 100 + atol(buf + 8);
data/ucommon-7.0.0/corelib/datetime.cpp:311:54: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atol(buf) * 10000 + atol(buf + 5) * 100 + atol(buf + 8);
data/ucommon-7.0.0/corelib/datetime.cpp:546:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[9];
data/ucommon-7.0.0/corelib/datetime.cpp:763:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[11];
data/ucommon-7.0.0/corelib/datetime.cpp:873:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/ucommon-7.0.0/corelib/fsys.cpp:459:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void dir::open(const char *path)
data/ucommon-7.0.0/corelib/fsys.cpp:464:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tpath[256];
data/ucommon-7.0.0/corelib/fsys.cpp:483:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void fsys::open(const char *path, access_t access)
data/ucommon-7.0.0/corelib/fsys.cpp:489:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/ucommon-7.0.0/corelib/fsys.cpp:566:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void fsys::open(const char *path, unsigned fmode, access_t access)
data/ucommon-7.0.0/corelib/fsys.cpp:780:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return ::open("/dev/null", O_RDWR);
data/ucommon-7.0.0/corelib/fsys.cpp:836:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return ::open(path, O_RDONLY);
data/ucommon-7.0.0/corelib/fsys.cpp:841:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return ::open(path, O_WRONLY | O_CREAT | O_TRUNC, EVERYONE);
data/ucommon-7.0.0/corelib/fsys.cpp:846:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return ::open(path, O_WRONLY | O_CREAT | O_APPEND, EVERYONE);
data/ucommon-7.0.0/corelib/fsys.cpp:854:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void fsys::open(const char *path, unsigned fmode, access_t access)
data/ucommon-7.0.0/corelib/fsys.cpp:884:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open(path, flags, fmode);
data/ucommon-7.0.0/corelib/fsys.cpp:909:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void dir::open(const char *path)
data/ucommon-7.0.0/corelib/fsys.cpp:919:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void fsys::open(const char *path, access_t access)
data/ucommon-7.0.0/corelib/fsys.cpp:950:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open(path, flags);
data/ucommon-7.0.0/corelib/fsys.cpp:1181:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(path);
data/ucommon-7.0.0/corelib/fsys.cpp:1187:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(path, access);
data/ucommon-7.0.0/corelib/fsys.cpp:1193:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(path, fmode, access);
data/ucommon-7.0.0/corelib/fsys.cpp:1268:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR dest[512];
data/ucommon-7.0.0/corelib/fsys.cpp:1277:5: [2] (buffer) lstrcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
lstrcpy(dest, "\\??\\");
data/ucommon-7.0.0/corelib/fsys.cpp:1285:9: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
if(!MultiByteToWideChar(CP_THREAD_ACP, MB_PRECOMPOSED, dest, lstrlenA(dest) + 1, rb->PathBuffer, lstrlenA(dest) + 1))
data/ucommon-7.0.0/corelib/fsys.cpp:1388:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
src.open(oldpath, fsys::STREAM);
data/ucommon-7.0.0/corelib/fsys.cpp:1392:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dest.open(newpath, GROUP_PUBLIC, fsys::STREAM);
data/ucommon-7.0.0/corelib/keydata.cpp:217:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR keyvalue[256];
data/ucommon-7.0.0/corelib/keydata.cpp:218:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR keyname[4096];
data/ucommon-7.0.0/corelib/keydata.cpp:319:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(path, "w");
data/ucommon-7.0.0/corelib/keydata.cpp:376:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[1024];
data/ucommon-7.0.0/corelib/keydata.cpp:380:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(path, "r");
data/ucommon-7.0.0/corelib/linked.cpp:501:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65];
data/ucommon-7.0.0/corelib/mapped.cpp:89:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_str[11];
data/ucommon-7.0.0/corelib/mapped.cpp:91:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(ASHMEM_DEVICE, O_RDWR);
data/ucommon-7.0.0/corelib/mapped.cpp:95:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(key_str, "%d", key);
data/ucommon-7.0.0/corelib/mapped.cpp:164:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65];
data/ucommon-7.0.0/corelib/mapped.cpp:168:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = ::open(buf, O_CREAT | O_EXCL | O_WRONLY, 0664);
data/ucommon-7.0.0/corelib/mapped.cpp:178:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65];
data/ucommon-7.0.0/corelib/mapped.cpp:307:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fbuf[80];
data/ucommon-7.0.0/corelib/mapped.cpp:364:20: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
size = atol(map);
data/ucommon-7.0.0/corelib/mapped.cpp:397:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fbuf[80];
data/ucommon-7.0.0/corelib/mapped.cpp:529:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, member, bufsize);
data/ucommon-7.0.0/corelib/memory.cpp:852:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/ucommon-7.0.0/corelib/memory.cpp:858:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ds.open(path);
data/ucommon-7.0.0/corelib/protocols.cpp:58:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, obj, size);
data/ucommon-7.0.0/corelib/protocols.cpp:139:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/ucommon-7.0.0/corelib/protocols.cpp:153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[60];
data/ucommon-7.0.0/corelib/shell.cpp:293:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[256];
data/ucommon-7.0.0/corelib/shell.cpp:543:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/ucommon-7.0.0/corelib/shell.cpp:594:33: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
numeric_value = atol(opt);
data/ucommon-7.0.0/corelib/shell.cpp:609:33: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
numeric_value = atol(++opt);
data/ucommon-7.0.0/corelib/shell.cpp:721:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[128];
data/ucommon-7.0.0/corelib/shell.cpp:790:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ucommon-7.0.0/corelib/shell.cpp:834:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ucommon-7.0.0/corelib/shell.cpp:890:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[512];
data/ucommon-7.0.0/corelib/shell.cpp:926:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/ucommon-7.0.0/corelib/shell.cpp:936:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/ucommon-7.0.0/corelib/shell.cpp:1020:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/ucommon-7.0.0/corelib/shell.cpp:1021:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[255];
data/ucommon-7.0.0/corelib/shell.cpp:1052:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdspec[128];
data/ucommon-7.0.0/corelib/shell.cpp:1101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[128];
data/ucommon-7.0.0/corelib/shell.cpp:1255:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[128];
data/ucommon-7.0.0/corelib/shell.cpp:1486:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = ::open("/dev/tty", O_RDONLY);
data/ucommon-7.0.0/corelib/shell.cpp:1555:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[65];
data/ucommon-7.0.0/corelib/shell.cpp:1678:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symname[129];
data/ucommon-7.0.0/corelib/shell.cpp:1815:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = open(_PATH_TTY, O_RDWR)) >= 0) {
data/ucommon-7.0.0/corelib/shell.cpp:1833:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(dev, O_RDWR);
data/ucommon-7.0.0/corelib/shell.cpp:1873:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = open(_PATH_TTY, O_RDWR)) >= 0) {
data/ucommon-7.0.0/corelib/shell.cpp:1891:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(dev, O_RDWR);
data/ucommon-7.0.0/corelib/shell.cpp:1905:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symname[129];
data/ucommon-7.0.0/corelib/shell.cpp:1959:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((fd = open("/dev/tty", O_RDWR)) >= 0) {
data/ucommon-7.0.0/corelib/shell.cpp:1984:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd_t tmp = ::open("/dev/null", O_RDWR);
data/ucommon-7.0.0/corelib/shell.cpp:2014:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symname[129];
data/ucommon-7.0.0/corelib/shell.cpp:2177:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ucommon-7.0.0/corelib/shell.cpp:2233:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ucommon-7.0.0/corelib/shell.cpp:2274:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ucommon-7.0.0/corelib/shell.cpp:2348:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ucommon-7.0.0/corelib/shell.cpp:2371:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/ucommon-7.0.0/corelib/shell.cpp:2414:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newargs, list, head * sizeof(char **));
data/ucommon-7.0.0/corelib/shell.cpp:2417:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&newargs[head], argv, args * sizeof(char **));
data/ucommon-7.0.0/corelib/socket.cpp:274:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = htons(atoi(servname));
data/ucommon-7.0.0/corelib/socket.cpp:362:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ipv6->sin6_addr, *np, sizeof(&ipv6->sin6_addr));
data/ucommon-7.0.0/corelib/socket.cpp:375:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ipv4->sin_addr, *np, sizeof(&ipv4->sin_addr));
data/ucommon-7.0.0/corelib/socket.cpp:403:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(addr->sun_path, path, slen);
data/ucommon-7.0.0/corelib/socket.cpp:691:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bcast.ipv4, &Network.ipv4, sizeof(Network.ipv4));
data/ucommon-7.0.0/corelib/socket.cpp:696:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&bcast.ipv6, &Network.ipv6, sizeof(Network.ipv6));
data/ucommon-7.0.0/corelib/socket.cpp:721:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(++sp);
data/ucommon-7.0.0/corelib/socket.cpp:754:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(sp);
data/ucommon-7.0.0/corelib/socket.cpp:759:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dots[0] = atoi(cp);
data/ucommon-7.0.0/corelib/socket.cpp:762:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dots[++dcount] = atoi(gp);
data/ucommon-7.0.0/corelib/socket.cpp:783:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cbuf[128];
data/ucommon-7.0.0/corelib/socket.cpp:961:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostbuf[256];
data/ucommon-7.0.0/corelib/socket.cpp:1020:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(svc && atoi(svc) > 0)
data/ucommon-7.0.0/corelib/socket.cpp:1050:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/ucommon-7.0.0/corelib/socket.cpp:1267:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256], svc[16];
data/ucommon-7.0.0/corelib/socket.cpp:1379:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(
data/ucommon-7.0.0/corelib/socket.cpp:1433:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(node, addr, slen);
data/ucommon-7.0.0/corelib/socket.cpp:1441:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/ucommon-7.0.0/corelib/socket.cpp:1442:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char svc[8];
data/ucommon-7.0.0/corelib/socket.cpp:1512:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&in.sin_addr, &reinterpret_cast<const struct sockaddr_in*>(addr)->sin_addr, sizeof(struct in_addr));
data/ucommon-7.0.0/corelib/socket.cpp:1523:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&in6.sin6_addr, &reinterpret_cast<const struct sockaddr_in6*>(addr)->sin6_addr, sizeof(struct in_addr6));
data/ucommon-7.0.0/corelib/socket.cpp:2389:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mcast.ipv6.ipv6mr_multiaddr, &target->ipv6.sin6_addr, sizeof(target->ipv6.sin6_addr));
data/ucommon-7.0.0/corelib/socket.cpp:2396:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mcast.ipv4.imr_multiaddr, &target->ipv4.sin_addr, sizeof(target->ipv4.sin_addr));
data/ucommon-7.0.0/corelib/socket.cpp:2439:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mcast.ipv6.ipv6mr_multiaddr, &target->ipv6.sin6_addr, sizeof(target->ipv6.sin6_addr));
data/ucommon-7.0.0/corelib/socket.cpp:2446:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&mcast.ipv4.imr_multiaddr, &target->ipv4.sin_addr, sizeof(target->ipv4.sin_addr));
data/ucommon-7.0.0/corelib/socket.cpp:2972:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sa, res->ai_addr, res->ai_addrlen);
data/ucommon-7.0.0/corelib/socket.cpp:3292:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(storage, address, slen);
data/ucommon-7.0.0/corelib/socket.cpp:3303:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s1, s2, slen);
data/ucommon-7.0.0/corelib/socket.cpp:3386:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/ucommon-7.0.0/corelib/socket.cpp:3400:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[536];
data/ucommon-7.0.0/corelib/stream.cpp:145:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(list);
data/ucommon-7.0.0/corelib/stream.cpp:288:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void tcpstream::open(Socket::address& list, unsigned mss)
data/ucommon-7.0.0/corelib/stream.cpp:299:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void tcpstream::open(const char *host, const char *service, unsigned mss)
data/ucommon-7.0.0/corelib/stream.cpp:413:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(cmd, access, args, envp, size);
data/ucommon-7.0.0/corelib/stream.cpp:561:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void pipestream::open(const char *path, access_t mode, char **args, char **envp, size_t size)
data/ucommon-7.0.0/corelib/stream.cpp:637:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(filename, mode, size);
data/ucommon-7.0.0/corelib/stream.cpp:643:5: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(filename, mode, access, size);
data/ucommon-7.0.0/corelib/stream.cpp:737:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void filestream::open(const char *fname, unsigned fmode, fsys::access_t access, size_t size)
data/ucommon-7.0.0/corelib/stream.cpp:740:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd.open(fname, fmode, access);
data/ucommon-7.0.0/corelib/stream.cpp:745:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void filestream::open(const char *fname, fsys::access_t access, size_t size)
data/ucommon-7.0.0/corelib/stream.cpp:748:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd.open(fname, access);
data/ucommon-7.0.0/corelib/string.cpp:99:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(text + len, str, size);
data/ucommon-7.0.0/corelib/string.cpp:162:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(text, str, size);
data/ucommon-7.0.0/corelib/string.cpp:975:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2];
data/ucommon-7.0.0/corelib/string.cpp:2182:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char decoder[256];
data/ucommon-7.0.0/corelib/string.cpp:2228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char decoder[256];
data/ucommon-7.0.0/corelib/thread.cpp:1325:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("/sys/devices/system/cpu/cpu0/cache/index0/coherency_line_size", "r");
data/ucommon-7.0.0/corelib/typeref.cpp:384:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mem, str, objsize);
data/ucommon-7.0.0/corelib/typeref.cpp:584:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, b1, s1);
data/ucommon-7.0.0/corelib/typeref.cpp:586:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out + s1, b2, s2);
data/ucommon-7.0.0/gnutls/cipher.cpp:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char algoname[64];
data/ucommon-7.0.0/gnutls/cipher.cpp:85:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(fpart) == 128)
data/ucommon-7.0.0/gnutls/cipher.cpp:87:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(fpart) == 192)
data/ucommon-7.0.0/gnutls/cipher.cpp:89:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(fpart) == 256)
data/ucommon-7.0.0/gnutls/cipher.cpp:109:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(fpart) == 128)
data/ucommon-7.0.0/gnutls/cipher.cpp:111:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(fpart) == 192)
data/ucommon-7.0.0/gnutls/cipher.cpp:113:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(fpart) == 256)
data/ucommon-7.0.0/gnutls/cipher.cpp:118:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(fpart) == 128)
data/ucommon-7.0.0/gnutls/cipher.cpp:120:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(fpart) == 256)
data/ucommon-7.0.0/gnutls/cipher.cpp:133:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(fpart) == 40)
data/ucommon-7.0.0/gnutls/cipher.cpp:135:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(atoi(fpart) == 128)
data/ucommon-7.0.0/gnutls/cipher.cpp:158:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char previous[MAX_DIGEST_HASHSIZE / 8];
data/ucommon-7.0.0/gnutls/cipher.cpp:185:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, previous, mdlen);
data/ucommon-7.0.0/gnutls/cipher.cpp:323:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(padbuf, data + size - padsz, padsz);
data/ucommon-7.0.0/gnutls/sstream.cpp:61:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void sstream::open(const char *host, const char *service, size_t bufsize)
data/ucommon-7.0.0/gnutls/sstream.cpp:67:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tcpstream::open(host, service, bufsize);
data/ucommon-7.0.0/inc/commoncpp/applog.h:318:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char *ident);
data/ucommon-7.0.0/inc/commoncpp/applog.h:394:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(ident.c_str());
data/ucommon-7.0.0/inc/commoncpp/applog.h:431:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open(ident.c_str());
data/ucommon-7.0.0/inc/commoncpp/file.h:247:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char save_space[sizeof(struct dirent) + PATH_MAX + 1];
data/ucommon-7.0.0/inc/commoncpp/file.h:265:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char *name);
data/ucommon-7.0.0/inc/commoncpp/file.h:312:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[PATH_MAX + 1];
data/ucommon-7.0.0/inc/commoncpp/file.h:354:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char *prefix);
data/ucommon-7.0.0/inc/commoncpp/file.h:567:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Error open(const char *path);
data/ucommon-7.0.0/inc/commoncpp/file.h:597:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(pathname);
data/ucommon-7.0.0/inc/commoncpp/file.h:670:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapname[64];
data/ucommon-7.0.0/inc/commoncpp/mime.h:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boundry[8];
data/ucommon-7.0.0/inc/commoncpp/mime.h:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtype[80];
data/ucommon-7.0.0/inc/commoncpp/mime.h:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *header[16];
data/ucommon-7.0.0/inc/commoncpp/serial.h:160:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char *fname);
data/ucommon-7.0.0/inc/commoncpp/serial.h:567:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char *name);
data/ucommon-7.0.0/inc/commoncpp/slog.h:171:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char *ident, Class grp = classUser);
data/ucommon-7.0.0/inc/commoncpp/thread.h:425:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[128];
data/ucommon-7.0.0/inc/commoncpp/thread.h:896:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[1];
data/ucommon-7.0.0/inc/ucommon/datetime.h:881:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[DATETIME_BUFFER_SIZE];
data/ucommon-7.0.0/inc/ucommon/datetime.h:1004:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/ucommon-7.0.0/inc/ucommon/fsys.h:485:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char *path, access_t access);
data/ucommon-7.0.0/inc/ucommon/fsys.h:512:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char *path, unsigned mode, access_t access);
data/ucommon-7.0.0/inc/ucommon/fsys.h:789:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char *path);
data/ucommon-7.0.0/inc/ucommon/generics.h:368:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)target, (void *)source, sizeof(T));
data/ucommon-7.0.0/inc/ucommon/generics.h:378:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&target, (void *)source, sizeof(T));
data/ucommon-7.0.0/inc/ucommon/generics.h:410:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((void *)&to, (void *)&src, sizeof(T));
data/ucommon-7.0.0/inc/ucommon/mapped.h:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idname[65];
data/ucommon-7.0.0/inc/ucommon/secure.h:521:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textbuf[MAX_DIGEST_HASHSIZE / 8 + 1];
data/ucommon-7.0.0/inc/ucommon/secure.h:668:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textbuf[MAX_DIGEST_HASHSIZE / 8 + 1];
data/ucommon-7.0.0/inc/ucommon/secure.h:954:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char *host, const char *service, size_t size = 536);
data/ucommon-7.0.0/inc/ucommon/socket.h:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa_data[128];
data/ucommon-7.0.0/inc/ucommon/socket.h:134:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sa_data[sizeof(struct sockaddr_in)];
data/ucommon-7.0.0/inc/ucommon/socket.h:172:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Name[16];
data/ucommon-7.0.0/inc/ucommon/socket.h:2149:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&storage, addr, sizeof(struct hostaddr_internet));
data/ucommon-7.0.0/inc/ucommon/socket.h:2154:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&storage, addr, sizeof(struct in_addr));
data/ucommon-7.0.0/inc/ucommon/socket.h:2160:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&storage, addr, sizeof(struct in6_addr));
data/ucommon-7.0.0/inc/ucommon/socket.h:2182:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&storage, host, sizeof(struct hostaddr_internet));
data/ucommon-7.0.0/inc/ucommon/stream.h:213:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(Socket::address& address, unsigned segment = 536);
data/ucommon-7.0.0/inc/ucommon/stream.h:221:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char *host, const char *service, unsigned segment = 536);
data/ucommon-7.0.0/inc/ucommon/stream.h:322:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char *path, access_t access, char **args, char **env = NULL, size_t buffering = 512);
data/ucommon-7.0.0/inc/ucommon/stream.h:425:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char *filename, fsys::access_t access, size_t buffering = 512);
data/ucommon-7.0.0/inc/ucommon/stream.h:430:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const char *filename, unsigned mode, fsys::access_t access, size_t buffering = 512);
data/ucommon-7.0.0/inc/ucommon/stream.h:587:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET6_ADDRSTRLEN];
data/ucommon-7.0.0/inc/ucommon/stream.h:589:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[INET_ADDRSTRLEN];
data/ucommon-7.0.0/inc/ucommon/string.h:146:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1]; /**< Null terminated text, in overdraft space */
data/ucommon-7.0.0/inc/ucommon/string.h:1462:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[S];
data/ucommon-7.0.0/inc/ucommon/string.h:1597:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[sizeof(cstring) + S];
data/ucommon-7.0.0/inc/ucommon/typeref.h:448:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mem[1];
data/ucommon-7.0.0/nossl/common.cpp:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[40];
data/ucommon-7.0.0/nossl/common.cpp:223:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/ucommon-7.0.0/nossl/common.cpp:272:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(*target, "wt");
data/ucommon-7.0.0/nossl/common.cpp:370:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[38];
data/ucommon-7.0.0/nossl/common.cpp:505:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keybuf, key, size);
data/ucommon-7.0.0/nossl/common.cpp:517:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ivbuf, iv, ivsize);
data/ucommon-7.0.0/nossl/common.cpp:525:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(keyout, keybuf, keysize);
data/ucommon-7.0.0/nossl/common.cpp:527:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ivout, ivbuf, blksize);
data/ucommon-7.0.0/nossl/common.cpp:616:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padbuf[64];
data/ucommon-7.0.0/nossl/common.cpp:625:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(padbuf, text + len - pad, pad);
data/ucommon-7.0.0/nossl/common.cpp:706:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[38];
data/ucommon-7.0.0/nossl/hmac.cpp:84:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localKey, key, kLength);
data/ucommon-7.0.0/nossl/hmac.cpp:101:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->ctx, &ctx->innerCtx, sizeof(sha256_ctx));
data/ucommon-7.0.0/nossl/hmac.cpp:122:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->ctx, &ctx->outerCtx, sizeof(sha256_ctx));
data/ucommon-7.0.0/nossl/hmac.cpp:194:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(localKey, key, kLength);
data/ucommon-7.0.0/nossl/hmac.cpp:211:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->ctx, &ctx->innerCtx, sizeof(sha384_ctx));
data/ucommon-7.0.0/nossl/hmac.cpp:232:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ctx->ctx, &ctx->outerCtx, sizeof(sha384_ctx));
data/ucommon-7.0.0/nossl/md5.cpp:77:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer + have, input, need);
data/ucommon-7.0.0/nossl/md5.cpp:94:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->buffer + have, input, len);
data/ucommon-7.0.0/nossl/random.cpp:43:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/random", O_WRONLY);
data/ucommon-7.0.0/nossl/random.cpp:62:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/hwrng", O_RDONLY);
data/ucommon-7.0.0/nossl/random.cpp:64:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open("/dev/random", O_RDONLY);
data/ucommon-7.0.0/nossl/random.cpp:85:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open("/dev/urandom", O_RDONLY);
data/ucommon-7.0.0/nossl/sha1.cpp:112:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(block, buffer, SHA1_BLOCK_LENGTH);
data/ucommon-7.0.0/nossl/sha1.cpp:190:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&context->buffer[j], data, (i = 64-j));
data/ucommon-7.0.0/nossl/sha1.cpp:198:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy(&context->buffer[j], &data[i], len - i);
data/ucommon-7.0.0/nossl/sha2.cpp:92:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#pragma intrinsic(memcpy)
data/ucommon-7.0.0/nossl/sha2.cpp:198:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v, ctx->hash, 8 * sizeof(uint_32t));
data/ucommon-7.0.0/nossl/sha2.cpp:314:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space);
data/ucommon-7.0.0/nossl/sha2.cpp:320:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len);
data/ucommon-7.0.0/nossl/sha2.cpp:382:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->hash, i224, 8 * sizeof(uint_32t));
data/ucommon-7.0.0/nossl/sha2.cpp:411:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->hash, i256, 8 * sizeof(uint_32t));
data/ucommon-7.0.0/nossl/sha2.cpp:518:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(v, ctx->hash, 8 * sizeof(uint_64t));
data/ucommon-7.0.0/nossl/sha2.cpp:555:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((unsigned char*)ctx->wbuf) + pos, sp, space);
data/ucommon-7.0.0/nossl/sha2.cpp:561:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(((unsigned char*)ctx->wbuf) + pos, sp, len);
data/ucommon-7.0.0/nossl/sha2.cpp:627:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->hash, i384, 8 * sizeof(uint_64t));
data/ucommon-7.0.0/nossl/sha2.cpp:660:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ctx->hash, i512, 8 * sizeof(uint_64t));
data/ucommon-7.0.0/nossl/sha2.cpp:694:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CTX_256(ctx)->hash, i224, 32);
data/ucommon-7.0.0/nossl/sha2.cpp:700:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CTX_256(ctx)->hash, i256, 32);
data/ucommon-7.0.0/nossl/sha2.cpp:706:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CTX_384(ctx)->hash, i384, 64);
data/ucommon-7.0.0/nossl/sha2.cpp:712:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(CTX_512(ctx)->hash, i512, 64);
data/ucommon-7.0.0/nossl/sstream.cpp:49:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void sstream::open(const char *host, const char *service, size_t bufsize)
data/ucommon-7.0.0/nossl/sstream.cpp:54:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tcpstream::open(host, service, (unsigned)bufsize);
data/ucommon-7.0.0/openssl/cipher.cpp:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char algoname[64];
data/ucommon-7.0.0/openssl/cipher.cpp:91:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char algoname[64];
data/ucommon-7.0.0/openssl/cipher.cpp:187:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(padbuf, data + size - padsize, padsize);
data/ucommon-7.0.0/openssl/sstream.cpp:83:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void sstream::open(const char *host, const char *service, size_t size)
data/ucommon-7.0.0/openssl/sstream.cpp:89:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tcpstream::open(host, service, (unsigned)size);
data/ucommon-7.0.0/test/datetime.cpp:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/ucommon-7.0.0/test/memory.cpp:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[12];
data/ucommon-7.0.0/test/shell.cpp:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *test_argv[6];
data/ucommon-7.0.0/test/socket.cpp:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[128];
data/ucommon-7.0.0/test/stdcpp.cpp:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[33];
data/ucommon-7.0.0/test/stream.cpp:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[200];
data/ucommon-7.0.0/test/string.cpp:33:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[33];
data/ucommon-7.0.0/test/string.cpp:37:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *array[5];
data/ucommon-7.0.0/test/string.cpp:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexbuf[12];
data/ucommon-7.0.0/utils/args.cpp:33:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char prefix[80] = {0, 0};
data/ucommon-7.0.0/utils/args.cpp:34:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char suffix[80] = {0, 0};
data/ucommon-7.0.0/utils/args.cpp:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[128];
data/ucommon-7.0.0/utils/car.cpp:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/ucommon-7.0.0/utils/car.cpp:175:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/ucommon-7.0.0/utils/car.cpp:181:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(path, "r");
data/ucommon-7.0.0/utils/car.cpp:283:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen(*path, "w");
data/ucommon-7.0.0/utils/car.cpp:304:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[48];
data/ucommon-7.0.0/utils/car.cpp:337:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/ucommon-7.0.0/utils/car.cpp:386:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[128];
data/ucommon-7.0.0/utils/car.cpp:422:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passphrase[256];
data/ucommon-7.0.0/utils/car.cpp:423:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char confirm[256];
data/ucommon-7.0.0/utils/car.cpp:475:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(args[0], "r");
data/ucommon-7.0.0/utils/car.cpp:490:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
output = fopen(*out, "w");
data/ucommon-7.0.0/utils/mdsum.cpp:116:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fs.open(path, fsys::STREAM);
data/ucommon-7.0.0/utils/mdsum.cpp:140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[128];
data/ucommon-7.0.0/utils/scrub.cpp:144:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fs.open(path, fsys::REWRITE);
data/ucommon-7.0.0/utils/scrub.cpp:212:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[128];
data/ucommon-7.0.0/utils/sockaddr.cpp:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/ucommon-7.0.0/utils/urlout.cpp:65:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
web.open(host, svc);
data/ucommon-7.0.0/utils/zerofill.cpp:49:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fs.open("zerofill.tmp", 0666, fsys::STREAM);
data/ucommon-7.0.0/utils/zerofill.cpp:98:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fs.open(devname, fsys::WRONLY);
data/ucommon-7.0.0/commoncpp/dir.cpp:163:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(fname) + 4;
data/ucommon-7.0.0/commoncpp/dir.cpp:334:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefixpos = (unsigned)strlen(path) - 1;
data/ucommon-7.0.0/commoncpp/dir.cpp:413:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(cp + 1, sizeof(path) - strlen(path) - 2, "%s", name);
data/ucommon-7.0.0/commoncpp/dir.cpp:434:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), sizeof(path) - strlen(path), "/");
data/ucommon-7.0.0/commoncpp/dir.cpp:434:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(path + strlen(path), sizeof(path) - strlen(path), "/");
data/ucommon-7.0.0/commoncpp/file.cpp:507:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int io = ::read(fd, fcb.address, fcb.len);
data/ucommon-7.0.0/commoncpp/file.cpp:1460:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(temp) >= size)
data/ucommon-7.0.0/commoncpp/file.cpp:1513:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
left_len = strlen(left);
data/ucommon-7.0.0/commoncpp/file.cpp:1520:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_len = strlen(buffer);
data/ucommon-7.0.0/commoncpp/file.cpp:1522:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
left_len = strlen(left);
data/ucommon-7.0.0/commoncpp/file.cpp:1576:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer_len = strlen(buffer);
data/ucommon-7.0.0/commoncpp/file.cpp:1626:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
left_len = strlen(symlink);
data/ucommon-7.0.0/commoncpp/file.cpp:1631:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
left_len = strlen(left);
data/ucommon-7.0.0/commoncpp/misc.cpp:60:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str) + 1;
data/ucommon-7.0.0/commoncpp/misc.cpp:86:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(id) + 1;
data/ucommon-7.0.0/commoncpp/persist.cpp:67:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool PersistObject::read(PersistEngine& archive)
data/ucommon-7.0.0/commoncpp/persist.cpp:140:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
myUnderlyingStream.read((char *)data,size);
data/ucommon-7.0.0/commoncpp/persist.cpp:184:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void PersistEngine::read(PersistObject &object) throw(PersistException)
data/ucommon-7.0.0/commoncpp/persist.cpp:187:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(id);
data/ucommon-7.0.0/commoncpp/persist.cpp:205:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void PersistEngine::read(PersistObject *&object) throw(PersistException)
data/ucommon-7.0.0/commoncpp/persist.cpp:208:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(id);
data/ucommon-7.0.0/commoncpp/persist.cpp:245:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(majik);
data/ucommon-7.0.0/commoncpp/persist.cpp:248:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
object->read(*this);
data/ucommon-7.0.0/commoncpp/persist.cpp:249:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(majik);
data/ucommon-7.0.0/commoncpp/persist.cpp:258:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(classId);
data/ucommon-7.0.0/commoncpp/persist.cpp:265:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(className);
data/ucommon-7.0.0/commoncpp/persist.cpp:279:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void PersistEngine::read(std::string& str) throw(PersistException)
data/ucommon-7.0.0/commoncpp/persist.cpp:282:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(len);
data/ucommon-7.0.0/commoncpp/process.cpp:791:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(name) + 1;
data/ucommon-7.0.0/commoncpp/process.cpp:800:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(buffer) + 1;
data/ucommon-7.0.0/commoncpp/process.cpp:812:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(buffer) + 1;
data/ucommon-7.0.0/commoncpp/process.cpp:822:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(::write(fd, buffer, strlen(buffer)))
data/ucommon-7.0.0/commoncpp/process.cpp:841:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
status = ::read(fd, buffer, sizeof(buffer) - 1);
data/ucommon-7.0.0/commoncpp/serial.cpp:529:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return ::read(dev, Data, Length);
data/ucommon-7.0.0/commoncpp/serial.cpp:1308:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
namelen = strlen(name);
data/ucommon-7.0.0/commoncpp/serial.cpp:1677:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(1 == ::read(iosync[0], (char *)&buf, 1)) {
data/ucommon-7.0.0/commoncpp/slog.cpp:169:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(ident) + 1;
data/ucommon-7.0.0/commoncpp/slog.cpp:199:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
thread->msgpos = strlen(thread->msgbuf);
data/ucommon-7.0.0/commoncpp/slog.cpp:216:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
thread->msgpos = strlen(thread->msgbuf);
data/ucommon-7.0.0/commoncpp/slog.cpp:233:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
thread->msgpos = strlen(thread->msgbuf);
data/ucommon-7.0.0/commoncpp/slog.cpp:250:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
thread->msgpos = strlen(thread->msgbuf);
data/ucommon-7.0.0/commoncpp/slog.cpp:267:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
thread->msgpos = strlen(thread->msgbuf);
data/ucommon-7.0.0/commoncpp/slog.cpp:284:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
thread->msgpos = strlen(thread->msgbuf);
data/ucommon-7.0.0/commoncpp/slog.cpp:301:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
thread->msgpos = strlen(thread->msgbuf);
data/ucommon-7.0.0/commoncpp/slog.cpp:318:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
thread->msgpos = strlen(thread->msgbuf);
data/ucommon-7.0.0/commoncpp/strchar.cpp:54:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(src) + 1;
data/ucommon-7.0.0/commoncpp/strchar.cpp:70:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(string);
data/ucommon-7.0.0/commoncpp/strchar.cpp:86:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(string);
data/ucommon-7.0.0/commoncpp/strchar.cpp:102:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(src);
data/ucommon-7.0.0/commoncpp/strchar.cpp:121:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(src);
data/ucommon-7.0.0/commoncpp/tcp.cpp:960:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = ::read((int)so, (char *)&ch, 1);
data/ucommon-7.0.0/commoncpp/tcp.cpp:986:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = ::read((int)so, (char *)eback(), _IOLEN64 rlen);
data/ucommon-7.0.0/commoncpp/tcp.cpp:1039:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/ucommon-7.0.0/commoncpp/thread.cpp:162:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(equal(tid, self))
data/ucommon-7.0.0/commoncpp/thread.cpp:172:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(detached && equal(tid, self))
data/ucommon-7.0.0/commoncpp/thread.cpp:182:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(detached && equal(tid, self)) {
data/ucommon-7.0.0/commoncpp/xml.cpp:78:17: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((ch = fgetc(fp)) != EOF) {
data/ucommon-7.0.0/corelib/condition.cpp:413:33: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(cp->count && Thread::equal(cp->thread, tid))
data/ucommon-7.0.0/corelib/datetime.cpp:184:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(str);
data/ucommon-7.0.0/corelib/datetime.cpp:523:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(str);
data/ucommon-7.0.0/corelib/datetime.cpp:691:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(a_str);
data/ucommon-7.0.0/corelib/datetime.cpp:694:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(str, a_str, size);
data/ucommon-7.0.0/corelib/fsys.cpp:372:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t dir::read(char *buf, size_t len)
data/ucommon-7.0.0/corelib/fsys.cpp:377:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rtn = (ssize_t)strlen(ptr->cFileName);
data/ucommon-7.0.0/corelib/fsys.cpp:385:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t fsys::read(void *buf, size_t len)
data/ucommon-7.0.0/corelib/fsys.cpp:736:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t dir::read(char *buf, size_t len)
data/ucommon-7.0.0/corelib/fsys.cpp:745:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(entry->d_name);
data/ucommon-7.0.0/corelib/fsys.cpp:750:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t fsys::read(void *buf, size_t len)
data/ucommon-7.0.0/corelib/fsys.cpp:752:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int rtn = ::read(fd, buf, len);
data/ucommon-7.0.0/corelib/fsys.cpp:1397:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = src.read(buffer, size);
data/ucommon-7.0.0/corelib/keydata.cpp:208:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
RegSetValueEx(keys, kv->id, 0L, REG_SZ, (const BYTE *)value, (DWORD)strlen(value) + 1);
data/ucommon-7.0.0/corelib/keydata.cpp:405:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ep = lp + strlen(lp);
data/ucommon-7.0.0/corelib/linked.cpp:110:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(node->equal(nid)) {
data/ucommon-7.0.0/corelib/linked.cpp:163:26: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(node && node->equal(nid)) {
data/ucommon-7.0.0/corelib/linked.cpp:389:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(root->equal(id))
data/ucommon-7.0.0/corelib/linked.cpp:405:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(node->equal(id))
data/ucommon-7.0.0/corelib/memory.cpp:560:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t tcl = strlen(text);
data/ucommon-7.0.0/corelib/memory.cpp:610:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(text) + 1;
data/ucommon-7.0.0/corelib/memory.cpp:669:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(text) + 1;
data/ucommon-7.0.0/corelib/memory.cpp:724:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(text) + 1;
data/ucommon-7.0.0/corelib/memory.cpp:862:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(ds.read(buffer, sizeof(buffer)) > 0) {
data/ucommon-7.0.0/corelib/protocols.cpp:31:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#undef getc
data/ucommon-7.0.0/corelib/protocols.cpp:42:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(str) + 1;
data/ucommon-7.0.0/corelib/protocols.cpp:114:19: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool KeyProtocol::equal(const KeyProtocol& key) const
data/ucommon-7.0.0/corelib/regex.cpp:185:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cpl = strlen(cp);
data/ucommon-7.0.0/corelib/regex.cpp:227:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t tcl = strlen(string);
data/ucommon-7.0.0/corelib/shell.cpp:431:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hp = 5 + strlen(op->uses_option);
data/ucommon-7.0.0/corelib/shell.cpp:450:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hp += strlen(op->long_option) + strlen(op->uses_option) + 3;
data/ucommon-7.0.0/corelib/shell.cpp:450:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hp += strlen(op->long_option) + strlen(op->uses_option) + 3;
data/ucommon-7.0.0/corelib/shell.cpp:454:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
hp += strlen(op->long_option) + 2;
data/ucommon-7.0.0/corelib/shell.cpp:642:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(op->long_option);
data/ucommon-7.0.0/corelib/shell.cpp:744:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(*fn != '*' && fn[strlen(fn) - 1] != '*' && !strchr(fn, '?'))
data/ucommon-7.0.0/corelib/shell.cpp:755:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dirname);
data/ucommon-7.0.0/corelib/shell.cpp:793:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(buf);
data/ucommon-7.0.0/corelib/shell.cpp:837:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(buf);
data/ucommon-7.0.0/corelib/shell.cpp:1062:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(*(envp++)) + 1;
data/ucommon-7.0.0/corelib/shell.cpp:1119:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(*(envp++)) + 1;
data/ucommon-7.0.0/corelib/shell.cpp:1274:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(*(envp++)) + 1;
data/ucommon-7.0.0/corelib/shell.cpp:1462:23: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
buffer[pos] = getc(stdin);
data/ucommon-7.0.0/corelib/shell.cpp:1492:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = ::read(fd, buffer, size);
data/ucommon-7.0.0/corelib/shell.cpp:1514:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int ch = getc(stdin);
data/ucommon-7.0.0/corelib/shell.cpp:2189:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(fmt[strlen(fmt) - 1] == '\n')
data/ucommon-7.0.0/corelib/shell.cpp:2292:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(fmt[strlen(fmt) - 1] == '\n')
data/ucommon-7.0.0/corelib/shell.cpp:2321:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(fmt[strlen(fmt) - 1] == '\n')
data/ucommon-7.0.0/corelib/shell.cpp:2358:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(fmt[strlen(fmt) - 1] == '\n')
data/ucommon-7.0.0/corelib/shell.cpp:2387:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(fmt[strlen(fmt) - 1] == '\n')
data/ucommon-7.0.0/corelib/shell.cpp:2394:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(fmt[strlen(fmt) - 1] == '\n')
data/ucommon-7.0.0/corelib/socket.cpp:250:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(hostname) >= sizeof(unp->sun_path))
data/ucommon-7.0.0/corelib/socket.cpp:257:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = sizeof(unp->sun_len) + strlen(unp->sun_path) +
data/ucommon-7.0.0/corelib/socket.cpp:261:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(unp->sun_path) + sizeof(unp->sun_family) + 1;
data/ucommon-7.0.0/corelib/socket.cpp:396:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned slen = strlen(path);
data/ucommon-7.0.0/corelib/socket.cpp:406:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = sizeof(addr->sun_len) + strlen(addr->sun_path) +
data/ucommon-7.0.0/corelib/socket.cpp:410:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(addr->sun_path) + sizeof(addr->sun_family) + 1;
data/ucommon-7.0.0/corelib/socket.cpp:1036:13: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(!equal(node->ai_addr, node_o->ai_addr))
data/ucommon-7.0.0/corelib/socket.cpp:1214:29: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(node->ai_addr && equal(addr, node->ai_addr))
data/ucommon-7.0.0/corelib/socket.cpp:1262:29: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(node->ai_addr && equal(addr, node->ai_addr))
data/ucommon-7.0.0/corelib/socket.cpp:1483:12: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(equal(addr, node->ai_addr))
data/ucommon-7.0.0/corelib/socket.cpp:1551:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t addr_len = strlen(res);
data/ucommon-7.0.0/corelib/socket.cpp:1567:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(ret);
data/ucommon-7.0.0/corelib/socket.cpp:1956:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return writeto(str, strlen(str), NULL);
data/ucommon-7.0.0/corelib/socket.cpp:2930:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, un->sun_path, max);
data/ucommon-7.0.0/corelib/socket.cpp:3030:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ifr.ifr_ifrn.ifrn_name, host, IFNAMSIZ);
data/ucommon-7.0.0/corelib/socket.cpp:3340:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool Socket::equal(const struct sockaddr *s1, const struct sockaddr *s2)
data/ucommon-7.0.0/corelib/socket.cpp:3407:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return sendto(so, buf, strlen(buf), 0, NULL);
data/ucommon-7.0.0/corelib/stream.cpp:480:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = rd.read(&ch, 1);
data/ucommon-7.0.0/corelib/stream.cpp:496:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = rd.read(eback(), rlen);
data/ucommon-7.0.0/corelib/stream.cpp:767:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rlen = fd.read(eback(), rlen);
data/ucommon-7.0.0/corelib/stream.cpp:855:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
count = strlen(str);
data/ucommon-7.0.0/corelib/stream.cpp:928:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out.write(cp, strlen(cp));
data/ucommon-7.0.0/corelib/stream.cpp:966:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(cp);
data/ucommon-7.0.0/corelib/string.cpp:88:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(str);
data/ucommon-7.0.0/corelib/string.cpp:157:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size = strlen(str);
data/ucommon-7.0.0/corelib/string.cpp:181:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(s);
data/ucommon-7.0.0/corelib/string.cpp:204:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(s);
data/ucommon-7.0.0/corelib/string.cpp:297:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool String::equal(const char *s) const
data/ucommon-7.0.0/corelib/string.cpp:484:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cpl = strlen(cp);
data/ucommon-7.0.0/corelib/string.cpp:491:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t tcl = strlen(substring);
data/ucommon-7.0.0/corelib/string.cpp:547:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text = result + strlen(result);
data/ucommon-7.0.0/corelib/string.cpp:641:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str->len = strlen(str->text);
data/ucommon-7.0.0/corelib/string.cpp:654:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str->len = strlen(str->text);
data/ucommon-7.0.0/corelib/string.cpp:752:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(s);
data/ucommon-7.0.0/corelib/string.cpp:810:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/ucommon-7.0.0/corelib/string.cpp:824:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(cp);
data/ucommon-7.0.0/corelib/string.cpp:874:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(cp);
data/ucommon-7.0.0/corelib/string.cpp:879:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(text);
data/ucommon-7.0.0/corelib/string.cpp:899:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(text);
data/ucommon-7.0.0/corelib/string.cpp:1002:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cow(strlen(s));
data/ucommon-7.0.0/corelib/string.cpp:1030:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(cp);
data/ucommon-7.0.0/corelib/string.cpp:1349:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*token = result + strlen(result);
data/ucommon-7.0.0/corelib/string.cpp:1378:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s.str->len = strlen(s.str->text);
data/ucommon-7.0.0/corelib/string.cpp:1397:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(cp) + 1;
data/ucommon-7.0.0/corelib/string.cpp:1413:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(cp);
data/ucommon-7.0.0/corelib/string.cpp:1427:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(cp);
data/ucommon-7.0.0/corelib/string.cpp:1449:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(cp);
data/ucommon-7.0.0/corelib/string.cpp:1454:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l1 = strlen(str);
data/ucommon-7.0.0/corelib/string.cpp:1455:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l2 = strlen(key);
data/ucommon-7.0.0/corelib/string.cpp:1484:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l1 = strlen(str);
data/ucommon-7.0.0/corelib/string.cpp:1485:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l2 = strlen(key);
data/ucommon-7.0.0/corelib/string.cpp:1523:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(s);
data/ucommon-7.0.0/corelib/string.cpp:1559:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(s);
data/ucommon-7.0.0/corelib/string.cpp:1582:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(s);
data/ucommon-7.0.0/corelib/string.cpp:1583:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t o = strlen(str);
data/ucommon-7.0.0/corelib/string.cpp:1599:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t o = strlen(str);
data/ucommon-7.0.0/corelib/string.cpp:1630:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t offset = strlen(str);
data/ucommon-7.0.0/corelib/string.cpp:1681:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(str, 0, strlen(str));
data/ucommon-7.0.0/corelib/string.cpp:1730:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(str);
data/ucommon-7.0.0/corelib/string.cpp:1761:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return str + strlen(str);
data/ucommon-7.0.0/corelib/string.cpp:1763:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *s = str + strlen(str);
data/ucommon-7.0.0/corelib/string.cpp:1802:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool String::equal(const char *s1, const char *s2)
data/ucommon-7.0.0/corelib/string.cpp:1812:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool String::equal(const char *s1, const char *s2, size_t size)
data/ucommon-7.0.0/corelib/string.cpp:2100:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(get);
data/ucommon-7.0.0/corelib/thread.cpp:228:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool Thread::equal(pthread_t t1, pthread_t t2)
data/ucommon-7.0.0/corelib/thread.cpp:236:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool Thread::equal(pthread_t t1, pthread_t t2)
data/ucommon-7.0.0/corelib/thread.cpp:288:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(Thread::equal(locker, pthread_self()))
data/ucommon-7.0.0/corelib/thread.cpp:309:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(Thread::equal(locker, pthread_self()))
data/ucommon-7.0.0/corelib/thread.cpp:347:31: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(writers && Thread::equal(writeid, pthread_self()))
data/ucommon-7.0.0/corelib/thread.cpp:1053:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(timeout * 1000);
data/ucommon-7.0.0/corelib/thread.cpp:1156:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(equal(tid, self)) {
data/ucommon-7.0.0/corelib/thread.cpp:1236:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if(equal(tid, self)) {
data/ucommon-7.0.0/corelib/timer.cpp:409:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(t.get());
data/ucommon-7.0.0/corelib/typeref.cpp:175:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(str);
data/ucommon-7.0.0/corelib/typeref.cpp:238:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t ss = strlen(str1);
data/ucommon-7.0.0/corelib/typeref.cpp:239:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ss += strlen(str2);
data/ucommon-7.0.0/corelib/typeref.cpp:265:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(str);
data/ucommon-7.0.0/corelib/typeref.cpp:300:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
chars->size = strlen(chars->mem);
data/ucommon-7.0.0/gnutls/cipher.cpp:151:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t tlen = strlen(text);
data/ucommon-7.0.0/inc/commoncpp/persist.h:183:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual bool read(PersistEngine& archive);
data/ucommon-7.0.0/inc/commoncpp/persist.h:254:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(PersistObject &object) throw(PersistException);
data/ucommon-7.0.0/inc/commoncpp/persist.h:259:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(PersistObject *&object) throw(PersistException);
data/ucommon-7.0.0/inc/commoncpp/persist.h:264:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline void read(int8_t& i) throw(PersistException) { CCXX_ENGINEREAD_REF(i); }
data/ucommon-7.0.0/inc/commoncpp/persist.h:265:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline void read(uint8_t& i) throw(PersistException) { CCXX_ENGINEREAD_REF(i); }
data/ucommon-7.0.0/inc/commoncpp/persist.h:266:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline void read(int16_t& i) throw(PersistException) { CCXX_ENGINEREAD_REF(i); }
data/ucommon-7.0.0/inc/commoncpp/persist.h:267:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline void read(uint16_t& i) throw(PersistException) { CCXX_ENGINEREAD_REF(i); }
data/ucommon-7.0.0/inc/commoncpp/persist.h:268:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline void read(int32_t& i) throw(PersistException) { CCXX_ENGINEREAD_REF(i); }
data/ucommon-7.0.0/inc/commoncpp/persist.h:269:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline void read(uint32_t& i) throw(PersistException) { CCXX_ENGINEREAD_REF(i); }
data/ucommon-7.0.0/inc/commoncpp/persist.h:270:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline void read(float& i) throw(PersistException) { CCXX_ENGINEREAD_REF(i); }
data/ucommon-7.0.0/inc/commoncpp/persist.h:271:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline void read(double& i) throw(PersistException) { CCXX_ENGINEREAD_REF(i); }
data/ucommon-7.0.0/inc/commoncpp/persist.h:272:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline void read(bool &i) throw(PersistException) { CCXX_ENGINEREAD_REF(i); }
data/ucommon-7.0.0/inc/commoncpp/persist.h:275:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(std::string& str) throw(PersistException);
data/ucommon-7.0.0/inc/commoncpp/persist.h:317:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define CCXX_RE(ar,ob) ar.read(ob); return ar
data/ucommon-7.0.0/inc/ucommon/fsys.h:329:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read(void *buffer, size_t count);
data/ucommon-7.0.0/inc/ucommon/fsys.h:797:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t read(char *buffer, size_t count);
data/ucommon-7.0.0/inc/ucommon/linked.h:545:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
inline bool equal(const char *name) const {
data/ucommon-7.0.0/inc/ucommon/memory.h:72:19: [1] (free) memalign:
On some systems (though not Linux-based systems) an attempt to free()
results from memalign() may fail. This may, on a few systems, be
exploitable. Also note that memalign() may not check that the boundary
parameter is correct (CWE-676). Use posix_memalign instead (defined in
POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD
4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases,
malloc()'s alignment may be sufficient.
void *memalign;
data/ucommon-7.0.0/inc/ucommon/platform.h:447:9: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#undef getchar
data/ucommon-7.0.0/inc/ucommon/protocols.h:229:18: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
virtual bool equal(const KeyProtocol& compare) const;
data/ucommon-7.0.0/inc/ucommon/protocols.h:232:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return !equal(compare);
data/ucommon-7.0.0/inc/ucommon/secure.h:538:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return put(str, strlen(str));
data/ucommon-7.0.0/inc/ucommon/secure.h:685:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return put(str, strlen(str));
data/ucommon-7.0.0/inc/ucommon/shared.h:178:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return MappedPointer::keypath((const uint8_t *)addr, strlen(addr));
data/ucommon-7.0.0/inc/ucommon/shared.h:204:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return Socket::equal(s1, s2);
data/ucommon-7.0.0/inc/ucommon/socket.h:1632:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static bool equal(const struct sockaddr *address1, const struct sockaddr *address2);
data/ucommon-7.0.0/inc/ucommon/socket.h:1675:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal((const struct sockaddr *)address1, (const struct sockaddr *)address2);
data/ucommon-7.0.0/inc/ucommon/socket.h:1686:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal((const struct sockaddr *)address1, (const struct sockaddr *)address2);
data/ucommon-7.0.0/inc/ucommon/socket.h:2101:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return Socket::equal(s1, s2);
data/ucommon-7.0.0/inc/ucommon/socket.h:2112:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return Socket::equal((const struct sockaddr *)s1, (const struct sockaddr *)s2);
data/ucommon-7.0.0/inc/ucommon/socket.h:2248:28: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return Socket::equal(get(), check.get());
data/ucommon-7.0.0/inc/ucommon/socket.h:2252:29: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return !Socket::equal(get(), check.get());
data/ucommon-7.0.0/inc/ucommon/socket.h:2256:28: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return Socket::equal(get(), check);
data/ucommon-7.0.0/inc/ucommon/socket.h:2260:29: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return !Socket::equal(get(), check);
data/ucommon-7.0.0/inc/ucommon/socket.h:2309:28: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return Socket::equal(get(), check.get());
data/ucommon-7.0.0/inc/ucommon/socket.h:2313:29: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return !Socket::equal(get(), check.get());
data/ucommon-7.0.0/inc/ucommon/socket.h:2317:28: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return Socket::equal(get(), check);
data/ucommon-7.0.0/inc/ucommon/socket.h:2321:29: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return !Socket::equal(get(), check);
data/ucommon-7.0.0/inc/ucommon/string.h:234:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
bool equal(const char *string) const;
data/ucommon-7.0.0/inc/ucommon/string.h:1109:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static bool equal(const char *text1, const char *text2);
data/ucommon-7.0.0/inc/ucommon/string.h:1127:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static bool equal(const char *text1, const char *text2, size_t size);
data/ucommon-7.0.0/inc/ucommon/string.h:1572:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buffer);
data/ucommon-7.0.0/inc/ucommon/string.h:1637:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return String::equal(s1, s2);
data/ucommon-7.0.0/inc/ucommon/string.h:1641:21: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return !String::equal(s1, s2);
data/ucommon-7.0.0/inc/ucommon/string.h:1652:20: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return String::equal(s1, s2, size);
data/ucommon-7.0.0/inc/ucommon/string.h:1656:21: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return !String::equal(s1, s2, size);
data/ucommon-7.0.0/inc/ucommon/temporary.h:183:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline size_t read(FILE *fp) {
data/ucommon-7.0.0/inc/ucommon/temporary.h:256:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline size_t read(FILE *fp) {
data/ucommon-7.0.0/inc/ucommon/temporary.h:322:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline size_t read(FILE *fp) {
data/ucommon-7.0.0/inc/ucommon/temporary.h:337:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
inline size_t read(fsys& fs) {
data/ucommon-7.0.0/inc/ucommon/temporary.h:339:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!object || (result = fs.read(object, used)) < 0)
data/ucommon-7.0.0/inc/ucommon/thread.h:790:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static bool equal(pthread_t thread1, pthread_t thread2);
data/ucommon-7.0.0/inc/ucommon/typeref.h:460:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(mem);
data/ucommon-7.0.0/nossl/common.cpp:620:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(text) + 1;
data/ucommon-7.0.0/nossl/random.cpp:69:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(fd, buf, size);
data/ucommon-7.0.0/nossl/random.cpp:89:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(fd, buf, size);
data/ucommon-7.0.0/openssl/cipher.cpp:43:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen((const char *)text);
data/ucommon-7.0.0/test/cipher.cpp:48:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(!eq(STR, (char *)ebuf, strlen(STR)));
data/ucommon-7.0.0/test/socket.cpp:55:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(len == strlen(addrbuf));
data/ucommon-7.0.0/test/socket.cpp:96:24: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
assert(Socket::equal((struct sockaddr *)&addr, localhost6.get(AF_INET6)));
data/ucommon-7.0.0/utils/args.cpp:53:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(is(dir) && dir.read(filename, sizeof(filename))) {
data/ucommon-7.0.0/utils/car.cpp:392:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(is(dir) && dir.read(filename, sizeof(filename))) {
data/ucommon-7.0.0/utils/keywait.cpp:71:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(::read(0, &ch, 1) < 1)
data/ucommon-7.0.0/utils/mdsum.cpp:127:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ssize_t size = fs.read(buffer, sizeof(buffer));
data/ucommon-7.0.0/utils/mdsum.cpp:144:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(is(dir) && dir.read(filename, sizeof(filename))) {
data/ucommon-7.0.0/utils/scrub.cpp:216:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(is(dir) && dir.read(filename, sizeof(filename))) {
ANALYSIS SUMMARY:
Hits = 847
Lines analyzed = 75929 in approximately 1.62 seconds (46828 lines/second)
Physical Source Lines of Code (SLOC) = 46604
Hits@level = [0] 207 [1] 252 [2] 409 [3] 29 [4] 153 [5] 4
Hits@level+ = [0+] 1054 [1+] 847 [2+] 595 [3+] 186 [4+] 157 [5+] 4
Hits/KSLOC@level+ = [0+] 22.6161 [1+] 18.1744 [2+] 12.7671 [3+] 3.99107 [4+] 3.36881 [5+] 0.0858295
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.