Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/vino-3.22.0/common/vino-settings-enums.h Examining data/vino-3.22.0/server/vino-input.h Examining data/vino-3.22.0/server/vino-upnp.h Examining data/vino-3.22.0/server/vino-dbus-listener.c Examining data/vino-3.22.0/server/vino-prompt.c Examining data/vino-3.22.0/server/vino-types.h Examining data/vino-3.22.0/server/libvncserver/corre.c Examining data/vino-3.22.0/server/libvncserver/zrle.c Examining data/vino-3.22.0/server/libvncserver/zrleoutstream.h Examining data/vino-3.22.0/server/libvncserver/cutpaste.c Examining data/vino-3.22.0/server/libvncserver/tabletrans24template.c Examining data/vino-3.22.0/server/libvncserver/rfb/rfbregion.h Examining data/vino-3.22.0/server/libvncserver/rfb/rfb.h Examining data/vino-3.22.0/server/libvncserver/rfb/keysym.h Examining data/vino-3.22.0/server/libvncserver/rfb/rfbproto.h Examining data/vino-3.22.0/server/libvncserver/cursor.c Examining data/vino-3.22.0/server/libvncserver/tight.c Examining data/vino-3.22.0/server/libvncserver/tableinitcmtemplate.c Examining data/vino-3.22.0/server/libvncserver/d3des.c Examining data/vino-3.22.0/server/libvncserver/zrlepalettehelper.c Examining data/vino-3.22.0/server/libvncserver/zlib.c Examining data/vino-3.22.0/server/libvncserver/tabletranstemplate.c Examining data/vino-3.22.0/server/libvncserver/stats.c Examining data/vino-3.22.0/server/libvncserver/translate.c Examining data/vino-3.22.0/server/libvncserver/rre.c Examining data/vino-3.22.0/server/libvncserver/zrleoutstream.c Examining data/vino-3.22.0/server/libvncserver/vncauth.c Examining data/vino-3.22.0/server/libvncserver/rfbregion.c Examining data/vino-3.22.0/server/libvncserver/d3des.h Examining data/vino-3.22.0/server/libvncserver/auth.c Examining data/vino-3.22.0/server/libvncserver/zrletypes.h Examining data/vino-3.22.0/server/libvncserver/tableinittctemplate.c Examining data/vino-3.22.0/server/libvncserver/zrlepalettehelper.h Examining data/vino-3.22.0/server/libvncserver/hextile.c Examining data/vino-3.22.0/server/libvncserver/zrleencodetemplate.c Examining data/vino-3.22.0/server/libvncserver/main.c Examining data/vino-3.22.0/server/libvncserver/sockets.c Examining data/vino-3.22.0/server/libvncserver/tableinit24.c Examining data/vino-3.22.0/server/libvncserver/rfbserver.c Examining data/vino-3.22.0/server/vino-prefs.h Examining data/vino-3.22.0/server/vino-tube-servers-manager.h Examining data/vino-3.22.0/server/vino-input.c Examining data/vino-3.22.0/server/vino-tube-servers-manager.c Examining data/vino-3.22.0/server/vino-fb.c Examining data/vino-3.22.0/server/vino-status-tube-icon.h Examining data/vino-3.22.0/server/vino-status-icon.h Examining data/vino-3.22.0/server/vino-server.h Examining data/vino-3.22.0/server/vino-tube-server.c Examining data/vino-3.22.0/server/vino-fb.h Examining data/vino-3.22.0/server/vino-util.h Examining data/vino-3.22.0/server/vino-prompt.h Examining data/vino-3.22.0/server/vino-cursor.c Examining data/vino-3.22.0/server/vino-cursor.h Examining data/vino-3.22.0/server/vino-dbus-error.h Examining data/vino-3.22.0/server/vino-status-icon.c Examining data/vino-3.22.0/server/vino-tube-server.h Examining data/vino-3.22.0/server/vino-util.c Examining data/vino-3.22.0/server/vino-upnp.c Examining data/vino-3.22.0/server/vino-dbus.c Examining data/vino-3.22.0/server/vino-dbus-error.c Examining data/vino-3.22.0/server/vino-dbus-listener.h Examining data/vino-3.22.0/server/miniupnp/minisoap.h Examining data/vino-3.22.0/server/miniupnp/minisoap.c Examining data/vino-3.22.0/server/miniupnp/upnpcommands.h Examining data/vino-3.22.0/server/miniupnp/declspec.h Examining data/vino-3.22.0/server/miniupnp/codelength.h Examining data/vino-3.22.0/server/miniupnp/miniupnpc.h Examining data/vino-3.22.0/server/miniupnp/minissdpc.h Examining data/vino-3.22.0/server/miniupnp/bsdqueue.h Examining data/vino-3.22.0/server/miniupnp/upnpreplyparse.h Examining data/vino-3.22.0/server/miniupnp/upnpcommands.c Examining data/vino-3.22.0/server/miniupnp/minixml.c Examining data/vino-3.22.0/server/miniupnp/igd_desc_parse.h Examining data/vino-3.22.0/server/miniupnp/igd_desc_parse.c Examining data/vino-3.22.0/server/miniupnp/minixml.h Examining data/vino-3.22.0/server/miniupnp/upnpreplyparse.c Examining data/vino-3.22.0/server/miniupnp/miniwget.c Examining data/vino-3.22.0/server/miniupnp/miniwget.h Examining data/vino-3.22.0/server/miniupnp/minissdpc.c Examining data/vino-3.22.0/server/miniupnp/miniupnpc.c Examining data/vino-3.22.0/server/smclient/eggdesktopfile.c Examining data/vino-3.22.0/server/smclient/eggsmclient.h Examining data/vino-3.22.0/server/smclient/eggsmclient-private.h Examining data/vino-3.22.0/server/smclient/eggdesktopfile.h Examining data/vino-3.22.0/server/smclient/eggsmclient.c Examining data/vino-3.22.0/server/smclient/eggsmclient-xsmp.c Examining data/vino-3.22.0/server/vino-dbus.h Examining data/vino-3.22.0/server/vino-status-tube-icon.c Examining data/vino-3.22.0/server/vino-prefs.c Examining data/vino-3.22.0/server/vino-mdns.h Examining data/vino-3.22.0/server/vino-main.c Examining data/vino-3.22.0/server/vino-server.c Examining data/vino-3.22.0/server/vino-mdns.c FINAL RESULTS: data/vino-3.22.0/server/libvncserver/main.c:74:5: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vfprintf(stderr, format, args); data/vino-3.22.0/server/libvncserver/rfbserver.c:270:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(pv,rfbProtocolVersionFormat,rfbProtocolMajorVersion, data/vino-3.22.0/server/libvncserver/rfbserver.c:428:9: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. if (sscanf(pv,rfbProtocolVersionFormat,&major_,&minor_) != 2) { data/vino-3.22.0/server/miniupnp/minisoap.c:15:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/vino-3.22.0/server/miniupnp/minisoap.c:15:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/vino-3.22.0/server/miniupnp/miniupnpc.c:14:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/vino-3.22.0/server/miniupnp/miniupnpc.c:14:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/vino-3.22.0/server/miniupnp/miniupnpc.c:436:7: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. n = snprintf(bufr, sizeof(bufr), data/vino-3.22.0/server/miniupnp/miniwget.c:19:9: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/vino-3.22.0/server/miniupnp/miniwget.c:19:18: [4] (format) _snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. #define snprintf _snprintf data/vino-3.22.0/server/vino-util.h:61:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, __VA_ARGS__); \ data/vino-3.22.0/server/vino-util.h:66:17: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf (stderr, args); \ data/vino-3.22.0/server/libvncserver/vncauth.c:35:9: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define srandom srand data/vino-3.22.0/server/libvncserver/vncauth.c:35:17: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define srandom srand data/vino-3.22.0/server/libvncserver/vncauth.c:36:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random rand data/vino-3.22.0/server/libvncserver/vncauth.c:64:7: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom((unsigned int)time(0) ^ (unsigned int)getpid()); data/vino-3.22.0/server/libvncserver/vncauth.c:69:34: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. bytes[i] = (unsigned char)(random() & 255); data/vino-3.22.0/server/libvncserver/auth.c:158:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4 + CHALLENGESIZE]; data/vino-3.22.0/server/libvncserver/auth.c:176:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(auth.buf[4]), (char *)cl->authChallenge, CHALLENGESIZE); data/vino-3.22.0/server/libvncserver/corre.c:161:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], (char *)&rect, data/vino-3.22.0/server/libvncserver/corre.c:167:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], (char *)&hdr, sz_rfbRREHeader); data/vino-3.22.0/server/libvncserver/corre.c:178:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], &rreAfterBuf[i], bytesToCopy); data/vino-3.22.0/server/libvncserver/corre.c:282:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rreAfterBuf[rreAfterBufLen],&subrect,sz_rfbCoRRERectangle); \ data/vino-3.22.0/server/libvncserver/cursor.c:73:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], (char *)&rect, data/vino-3.22.0/server/libvncserver/cursor.c:116:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], (char *)&rect,sz_rfbFramebufferUpdateRectHeader); data/vino-3.22.0/server/libvncserver/cursor.c:130:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], (char *)&colors, sz_rfbXCursorColors); data/vino-3.22.0/server/libvncserver/cursor.c:196:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], (char *)&rect, data/vino-3.22.0/server/libvncserver/cursor.c:210:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rfbReverseByte[0x100] = { data/vino-3.22.0/server/libvncserver/cursor.c:382:40: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. if(cursor->source[j*w+i/8]&bit) memcpy(cp,fore,bpp); data/vino-3.22.0/server/libvncserver/cursor.c:383:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. else memcpy(cp,back,bpp); data/vino-3.22.0/server/libvncserver/cursor.c:448:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(screen->frameBuffer + (bounds->y1 + j) * rowstride + bounds->x1 * bpp, data/vino-3.22.0/server/libvncserver/cursor.c:492:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(screen->underCursorBuffer + j * (bounds->x2 - bounds->x1) * bpp, data/vino-3.22.0/server/libvncserver/cursor.c:505:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(screen->frameBuffer + (bounds->y1 + j) * rowstride + (bounds->x1 + i) * bpp, data/vino-3.22.0/server/libvncserver/d3des.c:59:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char pc1[56] = { data/vino-3.22.0/server/libvncserver/d3des.c:65:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char totrot[16] = { data/vino-3.22.0/server/libvncserver/d3des.c:68:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char pc2[48] = { data/vino-3.22.0/server/libvncserver/d3des.c:79:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pc1m[56], pcr[56]; data/vino-3.22.0/server/libvncserver/hextile.c:57:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], (char *)&rect, data/vino-3.22.0/server/libvncserver/hextile.c:181:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], (char *)clientPixelData, \ data/vino-3.22.0/server/libvncserver/main.c:61:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/vino-3.22.0/server/libvncserver/rfb/rfb.h:114:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char rfbThisHost[255]; data/vino-3.22.0/server/libvncserver/rfb/rfb.h:305:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char updateBuf[UPDATE_BUF_SIZE]; data/vino-3.22.0/server/libvncserver/rfb/rfb.h:531:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char rfbReverseByte[0x100]; data/vino-3.22.0/server/libvncserver/rfb/rfbproto.h:219:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef char rfbProtocolVersionMsg[13]; /* allow extra byte for null */ data/vino-3.22.0/server/libvncserver/rfbserver.c:155:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[NI_MAXHOST] = "(unresolved)"; data/vino-3.22.0/server/libvncserver/rfbserver.c:429:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[1024]; data/vino-3.22.0/server/libvncserver/rfbserver.c:483:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + 8, reason, len); data/vino-3.22.0/server/libvncserver/rfbserver.c:502:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/vino-3.22.0/server/libvncserver/rfbserver.c:1303:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], (char *)&rect, data/vino-3.22.0/server/libvncserver/rfbserver.c:1310:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], (char *)&cr, sz_rfbCopyRect); data/vino-3.22.0/server/libvncserver/rfbserver.c:1353:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], (char *)&rect,sz_rfbFramebufferUpdateRectHeader); data/vino-3.22.0/server/libvncserver/rfbserver.c:1419:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], (char *)&rect,sz_rfbFramebufferUpdateRectHeader); data/vino-3.22.0/server/libvncserver/rfbserver.c:1452:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], (char *)&rect, data/vino-3.22.0/server/libvncserver/rfbserver.c:1494:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[sz_rfbSetColourMapEntriesMsg + 256 * 3 * 2]; data/vino-3.22.0/server/libvncserver/rre.c:130:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], (char *)&rect, data/vino-3.22.0/server/libvncserver/rre.c:136:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], (char *)&hdr, sz_rfbRREHeader); data/vino-3.22.0/server/libvncserver/rre.c:147:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], &rreAfterBuf[i], bytesToCopy); data/vino-3.22.0/server/libvncserver/rre.c:251:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&rreAfterBuf[rreAfterBufLen],&subrect,sz_rfbRectangle); \ data/vino-3.22.0/server/libvncserver/sockets.c:311:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&fds, &rfbScreen->allFds, sizeof(fd_set)); data/vino-3.22.0/server/libvncserver/sockets.c:652:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64] = { 0, }; data/vino-3.22.0/server/libvncserver/tabletrans24template.c:113:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op,&outValue,3); data/vino-3.22.0/server/libvncserver/tabletrans24template.c:227:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op,&t[3*(*(ip++))],3); data/vino-3.22.0/server/libvncserver/tabletrans24template.c:265:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(op,&outValue,3); data/vino-3.22.0/server/libvncserver/tight.c:649:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], (char *)&rect, data/vino-3.22.0/server/libvncserver/tight.c:681:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&cl->updateBuf[cl->ublen], tightBeforeBuf, len); data/vino-3.22.0/server/libvncserver/tight.c:725:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], tightAfterBuf, paletteLen); data/vino-3.22.0/server/libvncserver/tight.c:736:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], tightAfterBuf, 4); data/vino-3.22.0/server/libvncserver/tight.c:790:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], tightAfterBuf, paletteNumColors * entryLen); data/vino-3.22.0/server/libvncserver/tight.c:803:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], tightAfterBuf, paletteNumColors * 2); data/vino-3.22.0/server/libvncserver/tight.c:892:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], tightBeforeBuf, dataLen); data/vino-3.22.0/server/libvncserver/tight.c:966:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], &tightAfterBuf[i], portionLen); data/vino-3.22.0/server/libvncserver/translate.c:205:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(optr, iptr, bytesPerOutputLine); data/vino-3.22.0/server/libvncserver/translate.c:334:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[sz_rfbSetColourMapEntriesMsg + 256 * 3 * 2]; data/vino-3.22.0/server/libvncserver/vncauth.c:82:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key[8]; data/vino-3.22.0/server/libvncserver/zlib.c:196:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], (char *)&rect, data/vino-3.22.0/server/libvncserver/zlib.c:202:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], (char *)&hdr, sz_rfbZlibHeader); data/vino-3.22.0/server/libvncserver/zlib.c:213:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&cl->updateBuf[cl->ublen], &zlibAfterBuf[i], bytesToCopy); data/vino-3.22.0/server/libvncserver/zrle.c:68:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char zrleBeforeBuf[rfbZRLETileWidth * rfbZRLETileHeight * 4 + 4]; data/vino-3.22.0/server/libvncserver/zrle.c:145:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cl->updateBuf+cl->ublen, (char *)&rect, data/vino-3.22.0/server/libvncserver/zrle.c:151:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cl->updateBuf+cl->ublen, (char *)&hdr, sz_rfbZRLEHeader); data/vino-3.22.0/server/libvncserver/zrle.c:164:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cl->updateBuf+cl->ublen, (uint8_t*)zos->out.start + i, bytesToCopy); data/vino-3.22.0/server/libvncserver/zrleoutstream.c:228:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(os->in.ptr, data, n); data/vino-3.22.0/server/miniupnp/igd_desc_parse.c:21:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy( datas->cureltname, name, l); data/vino-3.22.0/server/miniupnp/igd_desc_parse.c:51:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(datas->controlurl_CIF, datas->controlurl_tmp, MINIUPNPC_URL_MAXSIZE); data/vino-3.22.0/server/miniupnp/igd_desc_parse.c:52:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(datas->eventsuburl_CIF, datas->eventsuburl_tmp, MINIUPNPC_URL_MAXSIZE); data/vino-3.22.0/server/miniupnp/igd_desc_parse.c:53:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(datas->scpdurl_CIF, datas->scpdurl_tmp, MINIUPNPC_URL_MAXSIZE); data/vino-3.22.0/server/miniupnp/igd_desc_parse.c:54:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(datas->servicetype_CIF, datas->servicetype_tmp, MINIUPNPC_URL_MAXSIZE); data/vino-3.22.0/server/miniupnp/igd_desc_parse.c:59:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(datas->controlurl, datas->controlurl_tmp, MINIUPNPC_URL_MAXSIZE); data/vino-3.22.0/server/miniupnp/igd_desc_parse.c:60:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(datas->eventsuburl, datas->eventsuburl_tmp, MINIUPNPC_URL_MAXSIZE); data/vino-3.22.0/server/miniupnp/igd_desc_parse.c:61:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(datas->scpdurl, datas->scpdurl_tmp, MINIUPNPC_URL_MAXSIZE); data/vino-3.22.0/server/miniupnp/igd_desc_parse.c:62:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(datas->servicetype, datas->servicetype_tmp, MINIUPNPC_URL_MAXSIZE); data/vino-3.22.0/server/miniupnp/igd_desc_parse.c:91:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dstmember, data, l); data/vino-3.22.0/server/miniupnp/igd_desc_parse.h:16:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cureltname[MINIUPNPC_URL_MAXSIZE]; data/vino-3.22.0/server/miniupnp/igd_desc_parse.h:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char urlbase[MINIUPNPC_URL_MAXSIZE]; data/vino-3.22.0/server/miniupnp/igd_desc_parse.h:21:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char controlurl_CIF[MINIUPNPC_URL_MAXSIZE]; data/vino-3.22.0/server/miniupnp/igd_desc_parse.h:22:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eventsuburl_CIF[MINIUPNPC_URL_MAXSIZE]; data/vino-3.22.0/server/miniupnp/igd_desc_parse.h:23:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scpdurl_CIF[MINIUPNPC_URL_MAXSIZE]; data/vino-3.22.0/server/miniupnp/igd_desc_parse.h:24:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char servicetype_CIF[MINIUPNPC_URL_MAXSIZE]; data/vino-3.22.0/server/miniupnp/igd_desc_parse.h:28:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char controlurl[MINIUPNPC_URL_MAXSIZE]; data/vino-3.22.0/server/miniupnp/igd_desc_parse.h:29:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eventsuburl[MINIUPNPC_URL_MAXSIZE]; data/vino-3.22.0/server/miniupnp/igd_desc_parse.h:30:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scpdurl[MINIUPNPC_URL_MAXSIZE]; data/vino-3.22.0/server/miniupnp/igd_desc_parse.h:31:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char servicetype[MINIUPNPC_URL_MAXSIZE]; data/vino-3.22.0/server/miniupnp/igd_desc_parse.h:34:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char controlurl_tmp[MINIUPNPC_URL_MAXSIZE]; data/vino-3.22.0/server/miniupnp/igd_desc_parse.h:35:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eventsuburl_tmp[MINIUPNPC_URL_MAXSIZE]; data/vino-3.22.0/server/miniupnp/igd_desc_parse.h:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scpdurl_tmp[MINIUPNPC_URL_MAXSIZE]; data/vino-3.22.0/server/miniupnp/igd_desc_parse.h:37:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char servicetype_tmp[MINIUPNPC_URL_MAXSIZE]; data/vino-3.22.0/server/miniupnp/minisoap.c:49:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, headers, headerssize); data/vino-3.22.0/server/miniupnp/minisoap.c:50:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p+headerssize, body, bodysize); data/vino-3.22.0/server/miniupnp/minisoap.c:80:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char headerbuf[512]; data/vino-3.22.0/server/miniupnp/minisoap.c:82:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char portstr[8]; data/vino-3.22.0/server/miniupnp/minissdpc.c:26:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[2048]; data/vino-3.22.0/server/miniupnp/minissdpc.c:54:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, devtype, stsize); data/vino-3.22.0/server/miniupnp/minissdpc.c:87:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp->buffer, url, urlsize); data/vino-3.22.0/server/miniupnp/minissdpc.c:89:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp->buffer + urlsize + 1, p, stsize); data/vino-3.22.0/server/miniupnp/miniupnpc.c:137:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char soapact[128]; data/vino-3.22.0/server/miniupnp/miniupnpc.c:138:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char soapbody[2048]; data/vino-3.22.0/server/miniupnp/miniupnpc.c:358:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bufr[1536]; /* reception and emission buffer */ data/vino-3.22.0/server/miniupnp/miniupnpc.c:475:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp->buffer, descURL, urlsize); data/vino-3.22.0/server/miniupnp/miniupnpc.c:477:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmp->buffer + urlsize + 1, st, stsize); data/vino-3.22.0/server/miniupnp/miniupnpc.c:627:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char status[64]; data/vino-3.22.0/server/miniupnp/miniupnpc.h:29:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[2]; data/vino-3.22.0/server/miniupnp/miniwget.c:43:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/vino-3.22.0/server/miniupnp/miniwget.c:125:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(respbuffer+allreadyread, buf + i + 4, n-i-4); data/vino-3.22.0/server/miniupnp/miniwget.c:137:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(respbuffer+allreadyread, buf, n); data/vino-3.22.0/server/miniupnp/upnpcommands.c:27:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/vino-3.22.0/server/miniupnp/upnpcommands.c:47:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/vino-3.22.0/server/miniupnp/upnpcommands.c:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/vino-3.22.0/server/miniupnp/upnpcommands.c:87:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/vino-3.22.0/server/miniupnp/upnpcommands.c:109:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/vino-3.22.0/server/miniupnp/upnpcommands.c:167:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/vino-3.22.0/server/miniupnp/upnpcommands.c:204:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/vino-3.22.0/server/miniupnp/upnpcommands.c:270:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/vino-3.22.0/server/miniupnp/upnpcommands.c:309:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/vino-3.22.0/server/miniupnp/upnpcommands.c:358:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/vino-3.22.0/server/miniupnp/upnpcommands.c:404:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/vino-3.22.0/server/miniupnp/upnpcommands.c:482:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/vino-3.22.0/server/miniupnp/upnpcommands.c:522:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[4096]; data/vino-3.22.0/server/miniupnp/upnpreplyparse.c:21:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data->curelt, name, l); data/vino-3.22.0/server/miniupnp/upnpreplyparse.c:35:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(nv->value, datas, l); data/vino-3.22.0/server/miniupnp/upnpreplyparse.h:23:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[64]; data/vino-3.22.0/server/miniupnp/upnpreplyparse.h:24:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[64]; data/vino-3.22.0/server/miniupnp/upnpreplyparse.h:29:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char curelt[64]; data/vino-3.22.0/server/smclient/eggsmclient-xsmp.c:213:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pid_str[64]; data/vino-3.22.0/server/smclient/eggsmclient-xsmp.c:324:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_string_ret[256]; data/vino-3.22.0/server/smclient/eggsmclient-xsmp.c:883:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open (state_file_path, O_WRONLY | O_CREAT | O_EXCL, 0644); data/vino-3.22.0/server/vino-fb.c:187:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_text [64]; data/vino-3.22.0/server/vino-fb.c:350:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (dest, src, rect->width * bytes_per_pixel); data/vino-3.22.0/server/vino-fb.c:618:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char error_text [64]; data/vino-3.22.0/server/vino-server.c:687:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (client->auth_response, response, length); data/vino-3.22.0/server/vino-upnp.c:40:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lanaddr[16]; data/vino-3.22.0/server/vino-upnp.c:199:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char int_client_tmp[16], int_port_tmp[6]; data/vino-3.22.0/server/vino-util.c:164:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *retval, buf[INET6_ADDRSTRLEN]; data/vino-3.22.0/server/libvncserver/rfbserver.c:430:5: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if(sscanf(pv,"RFB %03d.%03d %1023s\n",&major_,&minor_,name) != 3) { data/vino-3.22.0/server/libvncserver/rfbserver.c:476:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int len = strlen(reason); data/vino-3.22.0/server/libvncserver/rfbserver.c:526:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf + sz_rfbServerInitMsg, cl->screen->desktopName, 127); data/vino-3.22.0/server/libvncserver/rfbserver.c:527:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(buf + sz_rfbServerInitMsg); data/vino-3.22.0/server/libvncserver/sockets.c:51:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). #define read(sock,buf,len) recv(sock,buf,len,0) data/vino-3.22.0/server/libvncserver/sockets.c:155:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(netIface != NULL && strlen(netIface) > 0) { data/vino-3.22.0/server/libvncserver/sockets.c:418:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = read(sock, buf, len); data/vino-3.22.0/server/libvncserver/sockets.c:602:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(netIface == NULL || strlen(netIface) == 0) data/vino-3.22.0/server/libvncserver/sockets.c:751:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(netIface != NULL && strlen(netIface) > 0) { data/vino-3.22.0/server/libvncserver/vncauth.c:88:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (i < strlen(passwd)) { data/vino-3.22.0/server/miniupnp/minisoap.c:83:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bodysize = (int)strlen(body); data/vino-3.22.0/server/miniupnp/minissdpc.c:43:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(addr.sun_path, socketpath, sizeof(addr.sun_path) - 1); data/vino-3.22.0/server/miniupnp/minissdpc.c:50:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stsize = strlen(devtype); data/vino-3.22.0/server/miniupnp/minissdpc.c:63:6: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = read(s, buffer, sizeof(buffer)); data/vino-3.22.0/server/miniupnp/miniupnpc.c:205:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(p, "></" SOAPPREFIX ":Body></" SOAPPREFIX ":Envelope>\r\n", data/vino-3.22.0/server/miniupnp/miniupnpc.c:509:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dst, src, n); data/vino-3.22.0/server/miniupnp/miniupnpc.c:513:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = strlen(dst); data/vino-3.22.0/server/miniupnp/miniupnpc.c:517:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dst + l, src, n - l); data/vino-3.22.0/server/miniupnp/miniupnpc.c:528:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n1 = strlen(data->urlbase); data/vino-3.22.0/server/miniupnp/miniupnpc.c:530:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n1 = strlen(descURL); data/vino-3.22.0/server/miniupnp/miniupnpc.c:533:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n1 += strlen(data->scpdurl); data/vino-3.22.0/server/miniupnp/miniupnpc.c:534:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n2 += strlen(data->controlurl); data/vino-3.22.0/server/miniupnp/miniupnpc.c:535:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n3 += strlen(data->controlurl_CIF); data/vino-3.22.0/server/miniupnp/miniupnpc.c:542:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(urls->ipcondescURL, data->urlbase, n1); data/vino-3.22.0/server/miniupnp/miniupnpc.c:544:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(urls->ipcondescURL, descURL, n1); data/vino-3.22.0/server/miniupnp/miniupnpc.c:547:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(urls->controlURL, urls->ipcondescURL, n2); data/vino-3.22.0/server/miniupnp/miniupnpc.c:548:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(urls->controlURL_CIF, urls->ipcondescURL, n3); data/vino-3.22.0/server/miniupnp/miniupnpc.c:558:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(urls->ipcondescURL), n1); data/vino-3.22.0/server/miniupnp/miniupnpc.c:560:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(urls->controlURL), n2); data/vino-3.22.0/server/miniupnp/miniupnpc.c:562:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(urls->controlURL_CIF), n3); data/vino-3.22.0/server/miniupnp/miniwget.c:90:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(addr_str, inet_ntoa(saddr.sin_addr), addr_str_len); data/vino-3.22.0/server/miniupnp/miniwget.c:104:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). send(s, buf, strlen(buf), 0); data/vino-3.22.0/server/miniupnp/miniwget.c:177:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*hostname, p1, (int)(p3-p1)); data/vino-3.22.0/server/miniupnp/miniwget.c:184:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(*hostname, p1, (int)(p2-p1)); data/vino-3.22.0/server/miniupnp/upnpcommands.c:130:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(status, p, 64 ); data/vino-3.22.0/server/miniupnp/upnpcommands.c:145:4: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(lastconnerror, err, 64 ); data/vino-3.22.0/server/miniupnp/upnpcommands.c:182:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(connectionType, p, 64 ); data/vino-3.22.0/server/miniupnp/upnpcommands.c:284:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(extIpAdd, p, 16 ); data/vino-3.22.0/server/miniupnp/upnpcommands.c:422:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rHost, p, 64); data/vino-3.22.0/server/miniupnp/upnpcommands.c:428:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(extPort, p, 6); data/vino-3.22.0/server/miniupnp/upnpcommands.c:435:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(protocol, p, 4); data/vino-3.22.0/server/miniupnp/upnpcommands.c:441:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(intClient, p, 16); data/vino-3.22.0/server/miniupnp/upnpcommands.c:448:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(intPort, p, 6); data/vino-3.22.0/server/miniupnp/upnpcommands.c:454:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(enabled, p, 4); data/vino-3.22.0/server/miniupnp/upnpcommands.c:460:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(desc, p, 80); data/vino-3.22.0/server/miniupnp/upnpcommands.c:466:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(duration, p, 16); data/vino-3.22.0/server/miniupnp/upnpcommands.c:545:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(intClient, p, 16); data/vino-3.22.0/server/miniupnp/upnpcommands.c:553:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(intPort, p, 6); data/vino-3.22.0/server/miniupnp/upnpreplyparse.c:33:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(nv->name, data->curelt, 64); data/vino-3.22.0/server/smclient/eggsmclient-xsmp.c:1161:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pv.length = strlen (value); data/vino-3.22.0/server/smclient/eggsmclient-xsmp.c:1195:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pv.length = strlen (values->pdata[i]); data/vino-3.22.0/server/smclient/eggsmclient-xsmp.c:1224:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prop->vals[0].length = strlen (value); data/vino-3.22.0/server/vino-server.c:747:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memset (password, 0, strlen (password)); data/vino-3.22.0/server/vino-server.c:953:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen (out)); data/vino-3.22.0/server/vino-server.c:1620:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(network_interface != NULL && strlen (network_interface) > 0) ANALYSIS SUMMARY: Hits = 207 Lines analyzed = 31053 in approximately 0.78 seconds (40030 lines/second) Physical Source Lines of Code (SLOC) = 21722 Hits@level = [0] 71 [1] 55 [2] 135 [3] 5 [4] 12 [5] 0 Hits@level+ = [0+] 278 [1+] 207 [2+] 152 [3+] 17 [4+] 12 [5+] 0 Hits/KSLOC@level+ = [0+] 12.7981 [1+] 9.52951 [2+] 6.99751 [3+] 0.782617 [4+] 0.552435 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.