Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/uthash-2.1.0/src/utarray.h
Examining data/uthash-2.1.0/src/uthash.h
Examining data/uthash-2.1.0/src/utlist.h
Examining data/uthash-2.1.0/src/utringbuffer.h
Examining data/uthash-2.1.0/src/utstack.h
Examining data/uthash-2.1.0/src/utstring.h
Examining data/uthash-2.1.0/tests/bloom_perf.c
Examining data/uthash-2.1.0/tests/emit_keys.c
Examining data/uthash-2.1.0/tests/example.c
Examining data/uthash-2.1.0/tests/hashscan.c
Examining data/uthash-2.1.0/tests/keystat.c
Examining data/uthash-2.1.0/tests/lru_cache/cache.c
Examining data/uthash-2.1.0/tests/lru_cache/cache.h
Examining data/uthash-2.1.0/tests/lru_cache/main.c
Examining data/uthash-2.1.0/tests/sleep_test.c
Examining data/uthash-2.1.0/tests/tdiff.cpp
Examining data/uthash-2.1.0/tests/test1.c
Examining data/uthash-2.1.0/tests/test10.c
Examining data/uthash-2.1.0/tests/test11.c
Examining data/uthash-2.1.0/tests/test12.c
Examining data/uthash-2.1.0/tests/test13.c
Examining data/uthash-2.1.0/tests/test14.c
Examining data/uthash-2.1.0/tests/test15.c
Examining data/uthash-2.1.0/tests/test16.c
Examining data/uthash-2.1.0/tests/test17.c
Examining data/uthash-2.1.0/tests/test18.c
Examining data/uthash-2.1.0/tests/test19.c
Examining data/uthash-2.1.0/tests/test2.c
Examining data/uthash-2.1.0/tests/test20.c
Examining data/uthash-2.1.0/tests/test21.c
Examining data/uthash-2.1.0/tests/test22.c
Examining data/uthash-2.1.0/tests/test23.c
Examining data/uthash-2.1.0/tests/test24.c
Examining data/uthash-2.1.0/tests/test25.c
Examining data/uthash-2.1.0/tests/test26.c
Examining data/uthash-2.1.0/tests/test27.c
Examining data/uthash-2.1.0/tests/test28.c
Examining data/uthash-2.1.0/tests/test29.c
Examining data/uthash-2.1.0/tests/test3.c
Examining data/uthash-2.1.0/tests/test30.c
Examining data/uthash-2.1.0/tests/test31.c
Examining data/uthash-2.1.0/tests/test32.c
Examining data/uthash-2.1.0/tests/test33.c
Examining data/uthash-2.1.0/tests/test34.c
Examining data/uthash-2.1.0/tests/test35.c
Examining data/uthash-2.1.0/tests/test36.c
Examining data/uthash-2.1.0/tests/test37.c
Examining data/uthash-2.1.0/tests/test38.c
Examining data/uthash-2.1.0/tests/test39.c
Examining data/uthash-2.1.0/tests/test4.c
Examining data/uthash-2.1.0/tests/test40.c
Examining data/uthash-2.1.0/tests/test41.c
Examining data/uthash-2.1.0/tests/test42.c
Examining data/uthash-2.1.0/tests/test43.c
Examining data/uthash-2.1.0/tests/test44.c
Examining data/uthash-2.1.0/tests/test45.c
Examining data/uthash-2.1.0/tests/test46.c
Examining data/uthash-2.1.0/tests/test47.c
Examining data/uthash-2.1.0/tests/test48.c
Examining data/uthash-2.1.0/tests/test49.c
Examining data/uthash-2.1.0/tests/test5.c
Examining data/uthash-2.1.0/tests/test50.c
Examining data/uthash-2.1.0/tests/test51.c
Examining data/uthash-2.1.0/tests/test52.c
Examining data/uthash-2.1.0/tests/test53.c
Examining data/uthash-2.1.0/tests/test54.c
Examining data/uthash-2.1.0/tests/test55.c
Examining data/uthash-2.1.0/tests/test56.c
Examining data/uthash-2.1.0/tests/test57.c
Examining data/uthash-2.1.0/tests/test58.c
Examining data/uthash-2.1.0/tests/test59.c
Examining data/uthash-2.1.0/tests/test6.c
Examining data/uthash-2.1.0/tests/test60.c
Examining data/uthash-2.1.0/tests/test61.c
Examining data/uthash-2.1.0/tests/test62.c
Examining data/uthash-2.1.0/tests/test63.c
Examining data/uthash-2.1.0/tests/test64.c
Examining data/uthash-2.1.0/tests/test65.c
Examining data/uthash-2.1.0/tests/test66.c
Examining data/uthash-2.1.0/tests/test67.c
Examining data/uthash-2.1.0/tests/test68.c
Examining data/uthash-2.1.0/tests/test69.c
Examining data/uthash-2.1.0/tests/test7.c
Examining data/uthash-2.1.0/tests/test70.c
Examining data/uthash-2.1.0/tests/test71.c
Examining data/uthash-2.1.0/tests/test72.c
Examining data/uthash-2.1.0/tests/test73.c
Examining data/uthash-2.1.0/tests/test74.c
Examining data/uthash-2.1.0/tests/test75.c
Examining data/uthash-2.1.0/tests/test76.c
Examining data/uthash-2.1.0/tests/test77.c
Examining data/uthash-2.1.0/tests/test78.c
Examining data/uthash-2.1.0/tests/test79.c
Examining data/uthash-2.1.0/tests/test8.c
Examining data/uthash-2.1.0/tests/test80.c
Examining data/uthash-2.1.0/tests/test81.c
Examining data/uthash-2.1.0/tests/test82.c
Examining data/uthash-2.1.0/tests/test83.c
Examining data/uthash-2.1.0/tests/test84.c
Examining data/uthash-2.1.0/tests/test85.c
Examining data/uthash-2.1.0/tests/test86.c
Examining data/uthash-2.1.0/tests/test87.c
Examining data/uthash-2.1.0/tests/test88.c
Examining data/uthash-2.1.0/tests/test89.c
Examining data/uthash-2.1.0/tests/test9.c
Examining data/uthash-2.1.0/tests/test90.c
Examining data/uthash-2.1.0/tests/test91.c
Examining data/uthash-2.1.0/tests/test92.c
Examining data/uthash-2.1.0/tests/test93.c
Examining data/uthash-2.1.0/tests/test94.c
Examining data/uthash-2.1.0/tests/test95.c
Examining data/uthash-2.1.0/tests/threads/test1.c
Examining data/uthash-2.1.0/tests/threads/test2.c
Examining data/uthash-2.1.0/libut/tests/test6.c
Examining data/uthash-2.1.0/libut/tests/test18.c
Examining data/uthash-2.1.0/libut/tests/test19.c
Examining data/uthash-2.1.0/libut/tests/test4.c
Examining data/uthash-2.1.0/libut/tests/test22.c
Examining data/uthash-2.1.0/libut/tests/test7.c
Examining data/uthash-2.1.0/libut/tests/test14.c
Examining data/uthash-2.1.0/libut/tests/test20.c
Examining data/uthash-2.1.0/libut/tests/test13.c
Examining data/uthash-2.1.0/libut/tests/test10.c
Examining data/uthash-2.1.0/libut/tests/test3.c
Examining data/uthash-2.1.0/libut/tests/test15.c
Examining data/uthash-2.1.0/libut/tests/test2.c
Examining data/uthash-2.1.0/libut/tests/test11.c
Examining data/uthash-2.1.0/libut/tests/test8.c
Examining data/uthash-2.1.0/libut/tests/test9.c
Examining data/uthash-2.1.0/libut/tests/test16.c
Examining data/uthash-2.1.0/libut/tests/test21.c
Examining data/uthash-2.1.0/libut/tests/test23.c
Examining data/uthash-2.1.0/libut/tests/test17.c
Examining data/uthash-2.1.0/libut/tests/test5.c
Examining data/uthash-2.1.0/libut/tests/test1.c
Examining data/uthash-2.1.0/libut/tests/test12.c
Examining data/uthash-2.1.0/libut/src/utvector.c
Examining data/uthash-2.1.0/libut/src/libut.c
Examining data/uthash-2.1.0/libut/src/ringbuf.c
Examining data/uthash-2.1.0/libut/src/utmm.c
Examining data/uthash-2.1.0/libut/include/ringbuf.h
Examining data/uthash-2.1.0/libut/include/utmm.h
Examining data/uthash-2.1.0/libut/include/libut.h
Examining data/uthash-2.1.0/libut/include/utvector.h
FINAL RESULTS:
data/uthash-2.1.0/tests/example.c:98:9: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(in);
data/uthash-2.1.0/tests/example.c:102:32: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
add_user(id++, gets(in));
data/uthash-2.1.0/tests/example.c:106:17: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
gets(in);
data/uthash-2.1.0/tests/example.c:109:30: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
add_user(id, gets(in));
data/uthash-2.1.0/tests/example.c:113:36: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
s = find_user(atoi(gets(in)));
data/uthash-2.1.0/tests/example.c:118:36: [5] (buffer) gets:
Does not check for buffer overflows (CWE-120, CWE-20). Use fgets() instead.
s = find_user(atoi(gets(in)));
data/uthash-2.1.0/src/uthash.h:522:29: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0)
data/uthash-2.1.0/src/utstring.h:133:11: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf (&s->d[s->i], s->n-s->i, fmt, cp);
data/uthash-2.1.0/src/utstring.h:149:28: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ (( format( printf, 2, 3) ));
data/uthash-2.1.0/tests/bloom_perf.c:40:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name->boy_name, linebuf);
data/uthash-2.1.0/tests/emit_keys.c:39:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name->boy_name, linebuf);
data/uthash-2.1.0/tests/example.c:24:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->name, name);
data/uthash-2.1.0/tests/hashscan.c:64:37: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define vv(...) do {if (verbose>0) printf(__VA_ARGS__);} while(0)
data/uthash-2.1.0/tests/hashscan.c:65:37: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define vvv(...) do {if (verbose>1) printf(__VA_ARGS__);} while(0)
data/uthash-2.1.0/tests/lru_cache/main.c:69:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buffer, "%s\n", key);
data/uthash-2.1.0/tests/test11.c:45:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name->boy_name, linebuf);
data/uthash-2.1.0/tests/test12.c:25:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(person->first_name, *name);
data/uthash-2.1.0/tests/test14.c:36:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name->boy_name, linebuf);
data/uthash-2.1.0/tests/test15.c:24:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s->name, *n);
data/uthash-2.1.0/tests/test26.c:39:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name->bname, linebuf);
data/uthash-2.1.0/tests/test29.c:39:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name->bname, linebuf);
data/uthash-2.1.0/tests/test30.c:39:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name->bname, linebuf);
data/uthash-2.1.0/tests/test31.c:39:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name->bname, linebuf);
data/uthash-2.1.0/tests/test32.c:32:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name->bname, linebuf);
data/uthash-2.1.0/tests/test33.c:39:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name->bname, linebuf);
data/uthash-2.1.0/tests/test34.c:32:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name->bname, linebuf);
data/uthash-2.1.0/tests/test56.c:52:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name->bname, linebuf);
data/uthash-2.1.0/tests/test66.c:25:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(person->first_name, *name);
data/uthash-2.1.0/tests/test83.c:25:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(person->first_name, *name);
data/uthash-2.1.0/tests/test84.c:29:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(person->first_name, *name);
data/uthash-2.1.0/tests/test84.c:50:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new_person->first_name, person->first_name);
data/uthash-2.1.0/tests/hashscan.c:658:20: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ( (opt = getopt(argc, argv, "kv")) != -1) {
data/uthash-2.1.0/libut/src/ringbuf.c:48:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&r->d[r->i], data, len);
data/uthash-2.1.0/libut/src/ringbuf.c:57:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&r->d[r->i], data, MIN(b, len));
data/uthash-2.1.0/libut/src/ringbuf.c:58:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (len > b) memcpy(r->d, &data[b], len-b);
data/uthash-2.1.0/libut/src/utmm.c:75:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst,src,n*mm->sz);
data/uthash-2.1.0/libut/tests/test20.c:17:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, "abcdefghik", 10);
data/uthash-2.1.0/libut/tests/test21.c:19:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, "abcde", 5);
data/uthash-2.1.0/libut/tests/test22.c:26:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, "abcde", 5);
data/uthash-2.1.0/libut/tests/test22.c:33:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, "fghij", 5);
data/uthash-2.1.0/libut/tests/test23.c:26:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, "a", 1);
data/uthash-2.1.0/libut/tests/test23.c:33:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, "bcdefghij", 9);
data/uthash-2.1.0/src/utarray.h:103:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
else { memcpy(_utarray_eltptr(a,(a)->i++), p, (a)->icd.sz); }; \
data/uthash-2.1.0/src/utarray.h:131:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
else { memcpy(_utarray_eltptr(a,j), p, (a)->icd.sz); }; \
data/uthash-2.1.0/src/utarray.h:150:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_utarray_eltptr(a,j), _utarray_eltptr(w,0), \
data/uthash-2.1.0/src/utringbuffer.h:87:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
else { memcpy(_utringbuffer_internalptr(a,(a)->i), p, (a)->icd.sz); }; \
data/uthash-2.1.0/src/utstring.h:107:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (l) memcpy(&(s)->d[(s)->i], b, l); \
data/uthash-2.1.0/src/utstring.h:115:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if ((src)->i) memcpy(&(dst)->d[(dst)->i], (src)->d, (src)->i); \
data/uthash-2.1.0/tests/bloom_perf.c:14:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boy_name[BUFLEN];
data/uthash-2.1.0/tests/bloom_perf.c:21:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[BUFLEN];
data/uthash-2.1.0/tests/bloom_perf.c:27:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nloops = atoi(argv[1]);
data/uthash-2.1.0/tests/bloom_perf.c:30:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (file = fopen( "test14.dat", "r" )) == NULL ) {
data/uthash-2.1.0/tests/emit_keys.c:13:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boy_name[BUFLEN];
data/uthash-2.1.0/tests/emit_keys.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[BUFLEN];
data/uthash-2.1.0/tests/emit_keys.c:29:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (file = fopen( argv[1], "r" )) == NULL ) {
data/uthash-2.1.0/tests/example.c:8:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/uthash-2.1.0/tests/example.c:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char in[10];
data/uthash-2.1.0/tests/example.c:99:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
switch(atoi(in)) {
data/uthash-2.1.0/tests/example.c:107:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(in);
data/uthash-2.1.0/tests/example.c:113:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s = find_user(atoi(gets(in)));
data/uthash-2.1.0/tests/example.c:118:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
s = find_user(atoi(gets(in)));
data/uthash-2.1.0/tests/hashscan.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char perms[4]; /* rwxp */
data/uthash-2.1.0/tests/hashscan.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[5]; /* fd:01 or 00:00 */
data/uthash-2.1.0/tests/hashscan.c:179:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyfile[50];
data/uthash-2.1.0/tests/hashscan.c:193:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (keyfd = open(keyfile, O_WRONLY|O_CREAT|O_TRUNC, mode)) == -1) {
data/uthash-2.1.0/tests/hashscan.c:497:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAXPATHLEN];
data/uthash-2.1.0/tests/hashscan.c:570:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapfile[30], memfile[30], line[100];
data/uthash-2.1.0/tests/hashscan.c:592:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (mapf = fopen(mapfile,"r")) == NULL) {
data/uthash-2.1.0/tests/hashscan.c:620:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ( (memfd=open(memfile,O_RDONLY)) == -1) {
data/uthash-2.1.0/tests/hashscan.c:672:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pid_t pid = atoi(argv[optind++]);
data/uthash-2.1.0/tests/keystat.c:107:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
percent = atoi(argv[2]);
data/uthash-2.1.0/tests/keystat.c:117:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd=open(filename,MODE);
data/uthash-2.1.0/tests/lru_cache/main.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[33];
data/uthash-2.1.0/tests/tdiff.cpp:17:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d1[256], d2[256];
data/uthash-2.1.0/tests/test11.c:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boy_name[BUFLEN];
data/uthash-2.1.0/tests/test11.c:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[BUFLEN];
data/uthash-2.1.0/tests/test11.c:34:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen( "test11.dat", "r" );
data/uthash-2.1.0/tests/test12.c:6:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first_name[10];
data/uthash-2.1.0/tests/test14.c:13:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char boy_name[BUFLEN];
data/uthash-2.1.0/tests/test14.c:20:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[BUFLEN];
data/uthash-2.1.0/tests/test14.c:24:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen( "test14.dat", "r" );
data/uthash-2.1.0/tests/test15.c:7:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10]; /* key */
data/uthash-2.1.0/tests/test20.c:7:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bkey[5]; /* "binary" key */
data/uthash-2.1.0/tests/test20.c:15:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binary[5] = {'\3','\1','\4','\1','\6'};
data/uthash-2.1.0/tests/test20.c:22:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->bkey, binary, sizeof(binary));
data/uthash-2.1.0/tests/test22.c:37:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(msg->text, beijing, sizeof(beijing));
data/uthash-2.1.0/tests/test22.c:56:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lookup_key->text, beijing, sizeof(beijing));
data/uthash-2.1.0/tests/test26.c:9:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bname[BUFLEN];
data/uthash-2.1.0/tests/test26.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[BUFLEN];
data/uthash-2.1.0/tests/test26.c:28:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen( "test11.dat", "r" );
data/uthash-2.1.0/tests/test26.c:47:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(etmp.bname, "WES\n", 5UL);
data/uthash-2.1.0/tests/test29.c:9:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bname[BUFLEN];
data/uthash-2.1.0/tests/test29.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[BUFLEN];
data/uthash-2.1.0/tests/test29.c:28:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen( "test11.dat", "r" );
data/uthash-2.1.0/tests/test30.c:9:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bname[BUFLEN];
data/uthash-2.1.0/tests/test30.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[BUFLEN];
data/uthash-2.1.0/tests/test30.c:28:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen( "test11.dat", "r" );
data/uthash-2.1.0/tests/test31.c:9:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bname[BUFLEN];
data/uthash-2.1.0/tests/test31.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[BUFLEN];
data/uthash-2.1.0/tests/test31.c:28:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen( "test11.dat", "r" );
data/uthash-2.1.0/tests/test32.c:9:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bname[BUFLEN];
data/uthash-2.1.0/tests/test32.c:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[BUFLEN];
data/uthash-2.1.0/tests/test32.c:21:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen( "test11.dat", "r" );
data/uthash-2.1.0/tests/test33.c:9:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bname[BUFLEN];
data/uthash-2.1.0/tests/test33.c:25:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[BUFLEN];
data/uthash-2.1.0/tests/test33.c:28:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen( "test11.dat", "r" );
data/uthash-2.1.0/tests/test34.c:9:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bname[BUFLEN];
data/uthash-2.1.0/tests/test34.c:18:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[BUFLEN];
data/uthash-2.1.0/tests/test34.c:21:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen( "test11.dat", "r" );
data/uthash-2.1.0/tests/test35.c:16:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char label[6] = "hello";
data/uthash-2.1.0/tests/test35.c:19:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(elts[i].s, "hello");
data/uthash-2.1.0/tests/test56.c:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bname[BUFLEN];
data/uthash-2.1.0/tests/test56.c:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[BUFLEN];
data/uthash-2.1.0/tests/test56.c:41:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen( "test11.dat", "r" );
data/uthash-2.1.0/tests/test56.c:60:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(etmp.bname, "WES\n", 5UL);
data/uthash-2.1.0/tests/test59.c:8:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/uthash-2.1.0/tests/test59.c:24:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(i->name, "bob");
data/uthash-2.1.0/tests/test59.c:34:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s->name, "age");
data/uthash-2.1.0/tests/test60.c:8:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/uthash-2.1.0/tests/test60.c:24:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(i->name, "bob");
data/uthash-2.1.0/tests/test60.c:34:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s->name, "age");
data/uthash-2.1.0/tests/test65.c:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[100];
data/uthash-2.1.0/tests/test65.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nbuf[11];
data/uthash-2.1.0/tests/test65.c:52:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen( "test65.dat", "r" );
data/uthash-2.1.0/tests/test66.c:6:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first_name[10];
data/uthash-2.1.0/tests/test83.c:6:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char first_name[10];
data/uthash-2.1.0/tests/test83.c:42:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_person, person, sizeof(person_t));
data/uthash-2.1.0/tests/test87.c:6:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/uthash-2.1.0/tests/test88.c:17:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[3];
data/uthash-2.1.0/tests/test88.c:45:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(user->id, "%d", i);
data/uthash-2.1.0/tests/test88.c:52:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[3];
data/uthash-2.1.0/tests/test88.c:53:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%d", i);
data/uthash-2.1.0/src/uthash.h:92:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define uthash_strlen(s) strlen(s)
data/uthash-2.1.0/tests/hashscan.c:147:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( len && ((rc=read(fd, (char*)dst+bytes_read, len)) > 0)) {
data/uthash-2.1.0/tests/hashscan.c:472:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( (rlen = read(fd,&u,sizeof(u))) == sizeof(u)) {
data/uthash-2.1.0/tests/keystat.c:129:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd,dst,want);
data/uthash-2.1.0/tests/keystat.c:171:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
rc = read(fd,dst,want);
data/uthash-2.1.0/tests/lru_cache/main.c:37:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int)strlen(entry->key));
data/uthash-2.1.0/tests/lru_cache/main.c:71:3: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/uthash-2.1.0/tests/lru_cache/main.c:78:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
printf("Got key %s (%d)\n", key, (int)strlen(key));
data/uthash-2.1.0/tests/tdiff.cpp:19:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is1.read(d1,sizeof(d1));
data/uthash-2.1.0/tests/tdiff.cpp:20:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
is2.read(d2,sizeof(d2));
data/uthash-2.1.0/tests/test39.c:24:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_ADD_KEYPTR(hh,head,nsp->name,strlen(nsp->name),nsp);
data/uthash-2.1.0/tests/test39.c:30:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_FIND(hh,head,keys[i],strlen(keys[i]),nsp);
data/uthash-2.1.0/tests/test40.c:26:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_ADD_KEYPTR( hh, users, s->name, strlen(s->name), s );
data/uthash-2.1.0/tests/test6.c:73:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#undef strlen
data/uthash-2.1.0/tests/test6.c:79:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define strlen ..fail_to_compile..
data/uthash-2.1.0/tests/test65.c:28:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_ADD_KEYPTR(hh, cache, entry->key, strlen(entry->key), entry);
data/uthash-2.1.0/tests/test87.c:59:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_ADD_INORDER(hh, hTable, name[0], strlen(tst[index].name), &tst[index], CMPFUNC);
data/uthash-2.1.0/tests/test87.c:63:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_VALUE(tst[11].name, strlen(tst[11].name), hashvalue);
data/uthash-2.1.0/tests/test87.c:64:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_ADD_BYHASHVALUE_INORDER(hh, hTable, name[0], strlen(tst[11].name), hashvalue, &tst[11], CMPFUNC);
data/uthash-2.1.0/tests/test87.c:69:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_REPLACE_INORDER(hh, hTable, name[0], strlen(tst[11].name), &tst[12], replaced, CMPFUNC);
data/uthash-2.1.0/tests/test87.c:76:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_REPLACE_INORDER(hh, hTable, name[0], strlen(tst[2].name), &tst[2], replaced, CMPFUNC);
data/uthash-2.1.0/tests/test87.c:83:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_VALUE(&tst[6].name[0], strlen(tst[6].name), hashvalue);
data/uthash-2.1.0/tests/test87.c:84:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_REPLACE_BYHASHVALUE_INORDER(hh, hTable, name[0], strlen(tst[6].name), hashvalue, &tst[6], replaced, CMPFUNC);
data/uthash-2.1.0/tests/test87.c:95:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_VALUE(tst[1].name, strlen(tst[1].name), hashvalue);
data/uthash-2.1.0/tests/test87.c:96:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HASH_ADD_KEYPTR_BYHASHVALUE_INORDER(hh, hTable, tst[1].name, strlen(tst[1].name), hashvalue, &tst[1], CMPFUNC);
data/uthash-2.1.0/tests/test88.c:31:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(s);
ANALYSIS SUMMARY:
Hits = 158
Lines analyzed = 12391 in approximately 0.39 seconds (32138 lines/second)
Physical Source Lines of Code (SLOC) = 9940
Hits@level = [0] 1088 [1] 26 [2] 100 [3] 1 [4] 25 [5] 6
Hits@level+ = [0+] 1246 [1+] 158 [2+] 132 [3+] 32 [4+] 31 [5+] 6
Hits/KSLOC@level+ = [0+] 125.352 [1+] 15.8954 [2+] 13.2797 [3+] 3.21932 [4+] 3.11871 [5+] 0.603622
Symlinks skipped = 6 (--allowlink overrides but see doc for security issue)
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.