stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/win32-loader-0.10.2/helpers/miniz/main.c
Examining data/win32-loader-0.10.2/helpers/miniz/miniz.c
Examining data/win32-loader-0.10.2/helpers/miniz/miniz.h
Examining data/win32-loader-0.10.2/helpers/miniz/miniz_common.h
Examining data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c
Examining data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.h
Examining data/win32-loader-0.10.2/helpers/miniz/miniz_tinfl.h
Examining data/win32-loader-0.10.2/helpers/sha256/sha256.c
Examining data/win32-loader-0.10.2/l10n/win32-loader.c

FINAL RESULTS:

data/win32-loader-0.10.2/helpers/miniz/miniz.c:29:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef unsigned char mz_validate_uint16[sizeof(mz_uint16) == 2 ? 1 : -1];
data/win32-loader-0.10.2/helpers/miniz/miniz.c:30:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef unsigned char mz_validate_uint32[sizeof(mz_uint32) == 4 ? 1 : -1];
data/win32-loader-0.10.2/helpers/miniz/miniz.c:31:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef unsigned char mz_validate_uint64[sizeof(mz_uint64) == 8 ? 1 : -1];
data/win32-loader-0.10.2/helpers/miniz/miniz.c:486:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n);
data/win32-loader-0.10.2/helpers/miniz/miniz.c:511:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n);
data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:359:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(code_sizes_to_pack, &d->m_huff_code_sizes[0][0], num_lit_codes);
data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:360:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(code_sizes_to_pack + num_lit_codes, &d->m_huff_code_sizes[1][0], num_dist_codes);
data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:722:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf, bytes_to_copy);
data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:744:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&ret, p, sizeof(mz_uint16));
data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:750:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&ret, p, sizeof(mz_uint16));
data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:860:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&ret, p, sizeof(mz_uint32));
data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:884:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(d->m_dict + dst_pos, d->m_pSrc, n);
data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:886:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(d->m_dict + TDEFL_LZ_DICT_SIZE + dst_pos, d->m_pSrc, MZ_MIN(n, (TDEFL_MAX_MATCH_LEN - 1) - dst_pos));
data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:936:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
					memcpy(&pLZ_code_buf[1], &cur_match_dist, sizeof(cur_match_dist));
data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:1238:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf + d->m_output_flush_ofs, n);
data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:1410:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((mz_uint8 *)p->m_pBuf + p->m_size, pBuf, len);
data/win32-loader-0.10.2/helpers/miniz/miniz_tdef.c:1534:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(out_buf.m_pBuf, pnghdr, 41);
data/win32-loader-0.10.2/helpers/sha256/sha256.c:68:5:  [2] (buffer) CopyMemory:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    CopyMemory(context->block + n, p, r);
data/win32-loader-0.10.2/helpers/sha256/sha256.c:99:5:  [2] (buffer) CopyMemory:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    CopyMemory(context->block, p, n);
data/win32-loader-0.10.2/helpers/sha256/sha256.c:121:3:  [2] (buffer) CopyMemory:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  CopyMemory(hash, context->hash, sizeof((*context).hash));

ANALYSIS SUMMARY:

Hits = 20
Lines analyzed = 3557 in approximately 0.15 seconds (24060 lines/second)
Physical Source Lines of Code (SLOC) = 2596
Hits@level = [0]   6 [1]   0 [2]  20 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  26 [1+]  20 [2+]  20 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 10.0154 [1+] 7.70416 [2+] 7.70416 [3+]   0 [4+]   0 [5+]   0
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.