Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/uriparser-0.9.4+dfsg/cmake/test_find_package/hello.c
Examining data/uriparser-0.9.4+dfsg/include/uriparser/Uri.h
Examining data/uriparser-0.9.4+dfsg/include/uriparser/UriBase.h
Examining data/uriparser-0.9.4+dfsg/include/uriparser/UriDefsAnsi.h
Examining data/uriparser-0.9.4+dfsg/include/uriparser/UriDefsConfig.h
Examining data/uriparser-0.9.4+dfsg/include/uriparser/UriDefsUnicode.h
Examining data/uriparser-0.9.4+dfsg/include/uriparser/UriIp4.h
Examining data/uriparser-0.9.4+dfsg/src/UriCommon.c
Examining data/uriparser-0.9.4+dfsg/src/UriCommon.h
Examining data/uriparser-0.9.4+dfsg/src/UriCompare.c
Examining data/uriparser-0.9.4+dfsg/src/UriEscape.c
Examining data/uriparser-0.9.4+dfsg/src/UriFile.c
Examining data/uriparser-0.9.4+dfsg/src/UriIp4.c
Examining data/uriparser-0.9.4+dfsg/src/UriIp4Base.c
Examining data/uriparser-0.9.4+dfsg/src/UriIp4Base.h
Examining data/uriparser-0.9.4+dfsg/src/UriMemory.c
Examining data/uriparser-0.9.4+dfsg/src/UriMemory.h
Examining data/uriparser-0.9.4+dfsg/src/UriNormalize.c
Examining data/uriparser-0.9.4+dfsg/src/UriNormalizeBase.c
Examining data/uriparser-0.9.4+dfsg/src/UriNormalizeBase.h
Examining data/uriparser-0.9.4+dfsg/src/UriParse.c
Examining data/uriparser-0.9.4+dfsg/src/UriParseBase.c
Examining data/uriparser-0.9.4+dfsg/src/UriParseBase.h
Examining data/uriparser-0.9.4+dfsg/src/UriQuery.c
Examining data/uriparser-0.9.4+dfsg/src/UriRecompose.c
Examining data/uriparser-0.9.4+dfsg/src/UriResolve.c
Examining data/uriparser-0.9.4+dfsg/src/UriShorten.c
Examining data/uriparser-0.9.4+dfsg/test/FourSuite.cpp
Examining data/uriparser-0.9.4+dfsg/test/MemoryManagerSuite.cpp
Examining data/uriparser-0.9.4+dfsg/test/VersionSuite.cpp
Examining data/uriparser-0.9.4+dfsg/test/test.cpp
Examining data/uriparser-0.9.4+dfsg/tool/uriparse.c
FINAL RESULTS:
data/uriparser-0.9.4+dfsg/include/uriparser/UriDefsAnsi.h:70:20: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define URI_STRCPY strcpy
data/uriparser-0.9.4+dfsg/include/uriparser/UriDefsAnsi.h:79:23: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define URI_SNPRINTF _snprintf
data/uriparser-0.9.4+dfsg/include/uriparser/UriDefsAnsi.h:81:23: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define URI_SNPRINTF snprintf
data/uriparser-0.9.4+dfsg/include/uriparser/UriDefsUnicode.h:70:20: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
#define URI_STRCPY wcscpy
data/uriparser-0.9.4+dfsg/include/uriparser/UriDefsUnicode.h:81:23: [4] (buffer) swprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
# define URI_SNPRINTF swprintf
data/uriparser-0.9.4+dfsg/test/VersionSuite.cpp:32:28: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
const int bytes_printed = sprintf(INSIDE_VERSION, "%d.%d.%d%s",
data/uriparser-0.9.4+dfsg/test/test.cpp:862:3: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(working, input);
data/uriparser-0.9.4+dfsg/include/uriparser/UriBase.h:169:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[4]; /**< Each octet in one byte */
data/uriparser-0.9.4+dfsg/include/uriparser/UriBase.h:178:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[16]; /**< Each quad in two bytes */
data/uriparser-0.9.4+dfsg/src/UriFile.c:102:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(uriString, prefix, prefixLen * sizeof(URI_CHAR));
data/uriparser-0.9.4+dfsg/src/UriFile.c:116:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(output, lastSep + 1, charsToCopy * sizeof(URI_CHAR));
data/uriparser-0.9.4+dfsg/src/UriFile.c:198:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(unescape_target, uriString + charsToSkip, charsToCopy * sizeof(URI_CHAR));
data/uriparser-0.9.4+dfsg/src/UriMemory.c:238:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newBuffer, ptr, prevSize);
data/uriparser-0.9.4+dfsg/src/UriNormalize.c:384:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dup, range->first, lenInBytes);
data/uriparser-0.9.4+dfsg/src/UriNormalize.c:502:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&writeableClone, uri, 1 * sizeof(URI_TYPE(Uri)));
data/uriparser-0.9.4+dfsg/src/UriParse.c:589:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char digitHistory[4];
data/uriparser-0.9.4+dfsg/src/UriParse.c:592:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char quadsAfterZipper[14];
data/uriparser-0.9.4+dfsg/src/UriParse.c:688:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->uri->hostData.ip6->data + 16 - 4 - 2 * quadsAfterZipperCount,
data/uriparser-0.9.4+dfsg/src/UriParse.c:863:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state->uri->hostData.ip6->data + 16 - 2 * quadsAfterZipperCount,
data/uriparser-0.9.4+dfsg/src/UriParse.c:2395:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char octets[4];
data/uriparser-0.9.4+dfsg/src/UriQuery.c:322:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, keyFirst, keyLen * sizeof(URI_CHAR));
data/uriparser-0.9.4+dfsg/src/UriQuery.c:343:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(value, valueFirst, valueLen * sizeof(URI_CHAR));
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:123:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, uri->scheme.first,
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:139:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, _UT(":"),
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:159:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, _UT("//"),
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:178:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, uri->userInfo.first,
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:190:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, _UT("@"),
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:226:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, text, charsToWrite * sizeof(URI_CHAR));
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:237:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, _UT("."),
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:257:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, _UT("["),
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:279:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, text, 2 * sizeof(URI_CHAR));
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:294:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, _UT(":"),
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:312:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, _UT("]"),
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:331:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, _UT("["),
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:343:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, uri->hostData.ipFuture.first, charsToWrite * sizeof(URI_CHAR));
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:354:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, _UT("]"),
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:372:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, uri->hostText.first,
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:393:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, _UT(":"),
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:406:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, uri->portText.first,
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:428:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, _UT("/"),
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:449:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, walker->text.first,
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:467:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, _UT("/"),
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:490:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, _UT("?"),
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:509:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, uri->query.first,
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:530:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, _UT("#"),
data/uriparser-0.9.4+dfsg/src/UriRecompose.c:549:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest + written, uri->fragment.first,
data/uriparser-0.9.4+dfsg/test/FourSuite.cpp:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char transformedUriText[1024 * 8];
data/uriparser-0.9.4+dfsg/test/FourSuite.cpp:85:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expectedUriText[1024 * 8];
data/uriparser-0.9.4+dfsg/test/MemoryManagerSuite.cpp:135:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&memory, &defaultMemoryManager, sizeof(UriMemoryManager));
data/uriparser-0.9.4+dfsg/test/MemoryManagerSuite.cpp:140:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&memory, &defaultMemoryManager, sizeof(UriMemoryManager));
data/uriparser-0.9.4+dfsg/test/MemoryManagerSuite.cpp:145:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&memory, &defaultMemoryManager, sizeof(UriMemoryManager));
data/uriparser-0.9.4+dfsg/test/MemoryManagerSuite.cpp:150:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&memory, &defaultMemoryManager, sizeof(UriMemoryManager));
data/uriparser-0.9.4+dfsg/test/MemoryManagerSuite.cpp:155:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&memory, &defaultMemoryManager, sizeof(UriMemoryManager));
data/uriparser-0.9.4+dfsg/test/MemoryManagerSuite.cpp:160:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&memory, &defaultMemoryManager, sizeof(UriMemoryManager));
data/uriparser-0.9.4+dfsg/test/MemoryManagerSuite.cpp:170:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&backend, &defaultMemoryManager, sizeof(UriMemoryManager));
data/uriparser-0.9.4+dfsg/test/MemoryManagerSuite.cpp:175:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&backend, &defaultMemoryManager, sizeof(UriMemoryManager));
data/uriparser-0.9.4+dfsg/test/MemoryManagerSuite.cpp:207:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&partialEmulationMemoryManager, &defaultMemoryManager,
data/uriparser-0.9.4+dfsg/test/MemoryManagerSuite.cpp:219:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&partialEmulationMemoryManager, &defaultMemoryManager,
data/uriparser-0.9.4+dfsg/test/MemoryManagerSuite.cpp:253:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&partialEmulationMemoryManager, &defaultMemoryManager,
data/uriparser-0.9.4+dfsg/test/VersionSuite.cpp:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char INSIDE_VERSION[256];
data/uriparser-0.9.4+dfsg/test/test.cpp:269:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uriText[2 + 3 + 2 + 1 + 1];
data/uriparser-0.9.4+dfsg/test/test.cpp:1012:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t transformedUriText[1024 * 8];
data/uriparser-0.9.4+dfsg/test/test.cpp:1013:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t expectedUriText[1024 * 8];
data/uriparser-0.9.4+dfsg/test/test.cpp:1116:3: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t shouldbeTheSame[1024 * 8];
data/uriparser-0.9.4+dfsg/test/test.cpp:1783:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[charsRequired + 1];
data/uriparser-0.9.4+dfsg/test/test.cpp:1794:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dest[charsRequired + 1 - 1];
data/uriparser-0.9.4+dfsg/test/test.cpp:2224:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char octetOutput[4];
data/uriparser-0.9.4+dfsg/tool/uriparse.c:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipstr[INET6_ADDRSTRLEN];
data/uriparser-0.9.4+dfsg/include/uriparser/UriDefsAnsi.h:68:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define URI_STRLEN strlen
data/uriparser-0.9.4+dfsg/include/uriparser/UriDefsUnicode.h:68:20: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define URI_STRLEN wcslen
data/uriparser-0.9.4+dfsg/src/UriEscape.c:94:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((inAfterLast != NULL) && (read >= inAfterLast)) {
data/uriparser-0.9.4+dfsg/src/UriEscape.c:99:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (read[0]) {
data/uriparser-0.9.4+dfsg/src/UriEscape.c:184:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
write[0] = read[0];
data/uriparser-0.9.4+dfsg/src/UriEscape.c:231:47: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char code = (unsigned char)read[0];
data/uriparser-0.9.4+dfsg/src/UriEscape.c:264:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (read[0]) {
data/uriparser-0.9.4+dfsg/src/UriEscape.c:266:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read > write) {
data/uriparser-0.9.4+dfsg/src/UriEscape.c:272:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (read[1]) {
data/uriparser-0.9.4+dfsg/src/UriEscape.c:295:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch (read[2]) {
data/uriparser-0.9.4+dfsg/src/UriEscape.c:320:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char left = URI_FUNC(HexdigToInt)(read[1]);
data/uriparser-0.9.4+dfsg/src/UriEscape.c:321:57: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char right = URI_FUNC(HexdigToInt)(read[2]);
data/uriparser-0.9.4+dfsg/src/UriEscape.c:398:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read > write) {
data/uriparser-0.9.4+dfsg/src/UriEscape.c:399:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
write[0] = read[0];
data/uriparser-0.9.4+dfsg/src/UriEscape.c:400:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
write[1] = read[1];
data/uriparser-0.9.4+dfsg/src/UriEscape.c:412:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read > write) {
data/uriparser-0.9.4+dfsg/src/UriEscape.c:413:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
write[0] = read[0];
data/uriparser-0.9.4+dfsg/src/UriEscape.c:428:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read > write) {
data/uriparser-0.9.4+dfsg/src/UriEscape.c:429:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
write[0] = read[0];
data/uriparser-0.9.4+dfsg/src/UriEscape.c:440:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read > write) {
data/uriparser-0.9.4+dfsg/src/UriEscape.c:441:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
write[0] = read[0];
data/uriparser-0.9.4+dfsg/test/FourSuite.cpp:83:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal) {
data/uriparser-0.9.4+dfsg/test/FourSuite.cpp:95:9: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal;
data/uriparser-0.9.4+dfsg/test/MemoryManagerSuite.cpp:121:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char * const afterLast = first + strlen(first);
data/uriparser-0.9.4+dfsg/test/MemoryManagerSuite.cpp:301:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char * const afterLast = first + strlen(first);
data/uriparser-0.9.4+dfsg/test/MemoryManagerSuite.cpp:355:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char * const afterLast = first + strlen(first);
data/uriparser-0.9.4+dfsg/test/VersionSuite.cpp:37:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (! equal) {
data/uriparser-0.9.4+dfsg/test/VersionSuite.cpp:42:14: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
ASSERT_TRUE(equal);
data/uriparser-0.9.4+dfsg/test/test.cpp:270:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(uriText, "//[::44.1", sizeof(uriText));
data/uriparser-0.9.4+dfsg/test/test.cpp:800:7: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
* wcslen(in) + 1];
data/uriparser-0.9.4+dfsg/test/test.cpp:802:16: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!= buffer + wcslen(expectedOut)) {
data/uriparser-0.9.4+dfsg/test/test.cpp:809:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal;
data/uriparser-0.9.4+dfsg/test/test.cpp:865:51: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const bool success = ((newTermZero == working + wcslen(output))
data/uriparser-0.9.4+dfsg/test/test.cpp:1011:8: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal) {
data/uriparser-0.9.4+dfsg/test/test.cpp:1025:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return equal;
data/uriparser-0.9.4+dfsg/test/test.cpp:1132:36: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int len = static_cast<int>(wcslen(text));
data/uriparser-0.9.4+dfsg/test/test.cpp:1249:28: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EXPECT_EQ(charsRequired, wcslen(text));
data/uriparser-0.9.4+dfsg/test/test.cpp:1512:47: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t uriBufferLen = prefixLen + 3 * wcslen(filename) + 1;
data/uriparser-0.9.4+dfsg/test/test.cpp:1526:36: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t filenameBufferLen = wcslen(uriString) + 1;
data/uriparser-0.9.4+dfsg/test/test.cpp:1593:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
queryString, queryString + strlen(queryString));
data/uriparser-0.9.4+dfsg/test/test.cpp:1655:20: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
input, input + wcslen(input), spacePlusConversion, breakConversion);
data/uriparser-0.9.4+dfsg/test/test.cpp:1666:38: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_TRUE(charsRequired >= (int)wcslen(input));
data/uriparser-0.9.4+dfsg/test/test.cpp:1674:37: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_TRUE(charsWritten == (int)wcslen(input) + 1);
data/uriparser-0.9.4+dfsg/test/test.cpp:1682:37: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_TRUE(charsWritten == (int)wcslen(input) + 1);
data/uriparser-0.9.4+dfsg/test/test.cpp:1707:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = uriDissectQueryMallocA(&queryList, &itemCount, pair, pair + strlen(pair));
data/uriparser-0.9.4+dfsg/test/test.cpp:1736:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
res = uriDissectQueryMallocA(&queryList, &itemCount, pair, pair + strlen(pair));
data/uriparser-0.9.4+dfsg/test/test.cpp:1765:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FACTOR * strlen(first.key) + 1 + FACTOR * strlen(first.value)
data/uriparser-0.9.4+dfsg/test/test.cpp:1765:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FACTOR * strlen(first.key) + 1 + FACTOR * strlen(first.value)
data/uriparser-0.9.4+dfsg/test/test.cpp:1767:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ FACTOR * strlen(second.key) + 1 + FACTOR * strlen(second.value)
data/uriparser-0.9.4+dfsg/test/test.cpp:1767:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ FACTOR * strlen(second.key) + 1 + FACTOR * strlen(second.value)
data/uriparser-0.9.4+dfsg/test/test.cpp:1789:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_TRUE(charsWritten == strlen(expected) + 1);
data/uriparser-0.9.4+dfsg/test/test.cpp:1883:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_TRUE(uri.hostText.first == emptyHostWithPortUri + strlen("//"));
data/uriparser-0.9.4+dfsg/test/test.cpp:1886:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen("//:"));
data/uriparser-0.9.4+dfsg/test/test.cpp:1888:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen("123"));
data/uriparser-0.9.4+dfsg/test/test.cpp:1894:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_TRUE(uri.hostText.first == hostWithPortUri + strlen("//"));
data/uriparser-0.9.4+dfsg/test/test.cpp:1896:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen("h"));
data/uriparser-0.9.4+dfsg/test/test.cpp:1897:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_TRUE(uri.portText.first == hostWithPortUri + strlen("//h:"));
data/uriparser-0.9.4+dfsg/test/test.cpp:1899:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen("123"));
data/uriparser-0.9.4+dfsg/test/test.cpp:1907:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen("//"));
data/uriparser-0.9.4+dfsg/test/test.cpp:1910:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen("//@"));
data/uriparser-0.9.4+dfsg/test/test.cpp:1917:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_TRUE(uri.userInfo.first == hostEmptyUserInfoUri + strlen("//"));
data/uriparser-0.9.4+dfsg/test/test.cpp:1920:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen("//@"));
data/uriparser-0.9.4+dfsg/test/test.cpp:1922:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen("h"));
data/uriparser-0.9.4+dfsg/test/test.cpp:1930:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen("//"));
data/uriparser-0.9.4+dfsg/test/test.cpp:1933:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen("//:@"));
data/uriparser-0.9.4+dfsg/test/test.cpp:1940:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_TRUE(uri.userInfo.first == issue15Uri + strlen("//"));
data/uriparser-0.9.4+dfsg/test/test.cpp:1942:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen(":%aa"));
data/uriparser-0.9.4+dfsg/test/test.cpp:1943:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT_TRUE(uri.hostText.first == issue15Uri + strlen("//:%aa@"));
data/uriparser-0.9.4+dfsg/test/test.cpp:1955:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ra.afterLast = a + strlen(a);
data/uriparser-0.9.4+dfsg/test/test.cpp:1963:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
rb.afterLast = b + strlen(b);
data/uriparser-0.9.4+dfsg/test/test.cpp:2094:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EXPECT_EQ(errorPos, uriText + strlen(uriText));
data/uriparser-0.9.4+dfsg/test/test.cpp:2113:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
EXPECT_EQ(errorPos, uriString + strlen("abc"));
data/uriparser-0.9.4+dfsg/test/test.cpp:2141:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uriString + strlen(uriString),
data/uriparser-0.9.4+dfsg/test/test.cpp:2168:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t uriLen = strlen(uriFirst);
data/uriparser-0.9.4+dfsg/test/test.cpp:2227:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ipAddressText + strlen(ipAddressText));
data/uriparser-0.9.4+dfsg/tool/uriparse.c:130:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("%*s%s\n", (int)strlen(absolutePathLabel), "",
ANALYSIS SUMMARY:
Hits = 144
Lines analyzed = 13192 in approximately 0.37 seconds (36035 lines/second)
Physical Source Lines of Code (SLOC) = 8219
Hits@level = [0] 25 [1] 76 [2] 61 [3] 0 [4] 7 [5] 0
Hits@level+ = [0+] 169 [1+] 144 [2+] 68 [3+] 7 [4+] 7 [5+] 0
Hits/KSLOC@level+ = [0+] 20.5621 [1+] 17.5204 [2+] 8.27351 [3+] 0.851685 [4+] 0.851685 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.