Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/acorn-fdisk-3.0.6/lib/blkio/close.c
Examining data/acorn-fdisk-3.0.6/lib/blkio/getgeo.c
Examining data/acorn-fdisk-3.0.6/lib/blkio/setblocksz.c
Examining data/acorn-fdisk-3.0.6/lib/blkio/filecore.h
Examining data/acorn-fdisk-3.0.6/lib/blkio/read.c
Examining data/acorn-fdisk-3.0.6/lib/blkio/write.c
Examining data/acorn-fdisk-3.0.6/lib/blkio/blkio.h
Examining data/acorn-fdisk-3.0.6/lib/blkio/setgeo.c
Examining data/acorn-fdisk-3.0.6/lib/blkio/open.c
Examining data/acorn-fdisk-3.0.6/lib/part/close.c
Examining data/acorn-fdisk-3.0.6/lib/part/delete.c
Examining data/acorn-fdisk-3.0.6/lib/part/getgeo.c
Examining data/acorn-fdisk-3.0.6/lib/part/getscheme.c
Examining data/acorn-fdisk-3.0.6/lib/part/open.c
Examining data/acorn-fdisk-3.0.6/lib/part/read.c
Examining data/acorn-fdisk-3.0.6/lib/part/setgeo.c
Examining data/acorn-fdisk-3.0.6/lib/part/setpinfo.c
Examining data/acorn-fdisk-3.0.6/lib/part/sync.c
Examining data/acorn-fdisk-3.0.6/lib/part/validops.c
Examining data/acorn-fdisk-3.0.6/lib/part/write.c
Examining data/acorn-fdisk-3.0.6/lib/part/part.h
Examining data/acorn-fdisk-3.0.6/lib/part/scheme.h
Examining data/acorn-fdisk-3.0.6/lib/part/schemedata.h
Examining data/acorn-fdisk-3.0.6/lib/part/utils.h
Examining data/acorn-fdisk-3.0.6/lib/part/allocate.c
Examining data/acorn-fdisk-3.0.6/lib/part/create.c
Examining data/acorn-fdisk-3.0.6/lib/part/getpinfo.c
Examining data/acorn-fdisk-3.0.6/lib/part/types.c
Examining data/acorn-fdisk-3.0.6/lib/scheme/add.c
Examining data/acorn-fdisk-3.0.6/lib/scheme/chs.c
Examining data/acorn-fdisk-3.0.6/lib/scheme/filecore.c
Examining data/acorn-fdisk-3.0.6/lib/scheme/overlap.c
Examining data/acorn-fdisk-3.0.6/lib/scheme/powertec.c
Examining data/acorn-fdisk-3.0.6/lib/scheme/filecore.h
Examining data/acorn-fdisk-3.0.6/lib/scheme/icside.h
Examining data/acorn-fdisk-3.0.6/lib/scheme/linux.h
Examining data/acorn-fdisk-3.0.6/lib/scheme/pcbios.h
Examining data/acorn-fdisk-3.0.6/lib/scheme/powertec.h
Examining data/acorn-fdisk-3.0.6/lib/scheme/riscix.h
Examining data/acorn-fdisk-3.0.6/lib/scheme/eesox.c
Examining data/acorn-fdisk-3.0.6/lib/scheme/eesox.h
Examining data/acorn-fdisk-3.0.6/lib/scheme/riscix.c
Examining data/acorn-fdisk-3.0.6/lib/scheme/linux.c
Examining data/acorn-fdisk-3.0.6/lib/scheme/icside.c
Examining data/acorn-fdisk-3.0.6/lib/scheme/pcbios.c
Examining data/acorn-fdisk-3.0.6/lib/util/debug.c
Examining data/acorn-fdisk-3.0.6/lib/util/error.c
Examining data/acorn-fdisk-3.0.6/lib/util/strcscmp.c
Examining data/acorn-fdisk-3.0.6/lib/util/strncscmp.c
Examining data/acorn-fdisk-3.0.6/lib/util/zmalloc.c
Examining data/acorn-fdisk-3.0.6/lib/util/debug.h
Examining data/acorn-fdisk-3.0.6/lib/util/types.h
Examining data/acorn-fdisk-3.0.6/lib/util/error.h
Examining data/acorn-fdisk-3.0.6/lib/util/zmalloc.h
Examining data/acorn-fdisk-3.0.6/lib/util/warning.c
Examining data/acorn-fdisk-3.0.6/lib/util/warning.h
Examining data/acorn-fdisk-3.0.6/lib/partdmp.c
Examining data/acorn-fdisk-3.0.6/fdisk.c
FINAL RESULTS:
data/acorn-fdisk-3.0.6/fdisk.c:118:3: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(msg, ap);
data/acorn-fdisk-3.0.6/fdisk.c:939:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, message, ap);
data/acorn-fdisk-3.0.6/fdisk.c:998:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ms, "%s ([%d]-%d): ", mesg, low, high);
data/acorn-fdisk-3.0.6/fdisk.c:1001:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ms, "%s (%d-[%d]): ", mesg, low, high);
data/acorn-fdisk-3.0.6/fdisk.c:1004:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ms, "%s: (%d-[%d]-%d): ", mesg, low, dflt, high);
data/acorn-fdisk-3.0.6/fdisk.c:1007:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (ms, "%s: (%d-%d): ", mesg, low, high);
data/acorn-fdisk-3.0.6/fdisk.c:1334:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (mesg, "First %s", unit_flag ? "cylinder" : "sector");
data/acorn-fdisk-3.0.6/fdisk.c:1379:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (mesg, "Last %s or +size or +sizeM or +sizeK",
data/acorn-fdisk-3.0.6/lib/util/debug.c:40:3: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf (buffer, fmt, ap);
data/acorn-fdisk-3.0.6/lib/util/error.c:24:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf (errmsg, fmt, ap);
data/acorn-fdisk-3.0.6/lib/util/warning.c:29:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf (p, fmt, ap);
data/acorn-fdisk-3.0.6/fdisk.c:67:9: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
opt = getopt_long(argc, argv, "hls:t:v", options, NULL);
data/acorn-fdisk-3.0.6/fdisk.c:26:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *part_devs[NR_DEVICES] = {
data/acorn-fdisk-3.0.6/fdisk.c:106:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[16];
data/acorn-fdisk-3.0.6/fdisk.c:200:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(buf);
data/acorn-fdisk-3.0.6/fdisk.c:553:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dev_nam[16], *p;
data/acorn-fdisk-3.0.6/fdisk.c:562:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
partition = atoi(p);
data/acorn-fdisk-3.0.6/fdisk.c:912:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *default_devs[NR_DEF_DEVS] = {
data/acorn-fdisk-3.0.6/fdisk.c:944:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line_buffer[LINE_LENGTH];
data/acorn-fdisk-3.0.6/fdisk.c:994:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ms[70];
data/acorn-fdisk-3.0.6/fdisk.c:1017:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi (line_ptr);
data/acorn-fdisk-3.0.6/fdisk.c:1049:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi (line_ptr);
data/acorn-fdisk-3.0.6/fdisk.c:1303:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mesg[48];
data/acorn-fdisk-3.0.6/fdisk.c:1615:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device[9];
data/acorn-fdisk-3.0.6/fdisk.c:1620:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (strlen (dev) <= 8 || (!(part_no = atoi (dev + 8))))
data/acorn-fdisk-3.0.6/fdisk.c:1857:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (device, O_RDWR);
data/acorn-fdisk-3.0.6/fdisk.c:1860:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (device, O_RDONLY);
data/acorn-fdisk-3.0.6/fdisk.c:1870:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open (default_devs[i], open_mode == READ_WRITE ? O_RDWR : O_RDONLY);
data/acorn-fdisk-3.0.6/lib/blkio/open.c:48:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char serial_no[20];
data/acorn-fdisk-3.0.6/lib/blkio/open.c:52:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fw_rev[8];
data/acorn-fdisk-3.0.6/lib/blkio/open.c:53:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char model[40];
data/acorn-fdisk-3.0.6/lib/blkio/open.c:226:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs_name[MAX_FS_NAME], drive_name[MAX_DRIVE_NAME];
data/acorn-fdisk-3.0.6/lib/blkio/open.c:345:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
blkio->fd = open(dev_name, O_RDWR);
data/acorn-fdisk-3.0.6/lib/blkio/open.c:347:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
blkio->fd = open(dev_name, O_RDONLY);
data/acorn-fdisk-3.0.6/lib/part/allocate.c:51:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, part->partinfo, part->nr_partitions * sizeof(*p));
data/acorn-fdisk-3.0.6/lib/part/create.c:58:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, part->partinfo, part->nr_partitions * sizeof(*p));
data/acorn-fdisk-3.0.6/lib/part/types.c:79:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/acorn-fdisk-3.0.6/lib/part/types.c:95:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Unknown type %d", type);
data/acorn-fdisk-3.0.6/lib/scheme/add.c:40:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, part->partinfo, part->nr_partitions * sizeof (*p));
data/acorn-fdisk-3.0.6/lib/scheme/eesox.c:26:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[6];
data/acorn-fdisk-3.0.6/lib/scheme/eesox.c:27:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char discname[10];
data/acorn-fdisk-3.0.6/lib/scheme/icside.c:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_sector[512];
data/acorn-fdisk-3.0.6/lib/scheme/icside.c:240:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(§or.sector[508], &csum, sizeof(csum));
data/acorn-fdisk-3.0.6/lib/scheme/icside.c:271:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sector.sector, id, strlen(id));
data/acorn-fdisk-3.0.6/lib/scheme/powertec.c:43:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[8];
data/acorn-fdisk-3.0.6/lib/scheme/powertec.c:54:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char name[9];
data/acorn-fdisk-3.0.6/lib/scheme/powertec.c:92:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, pe->type, len);
data/acorn-fdisk-3.0.6/lib/scheme/powertec.c:107:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pe->type, str, strlen(str));
data/acorn-fdisk-3.0.6/lib/scheme/powertec.c:152:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pe->type, powertec_ptypes[i].name, powertec_ptypes[i].len);
data/acorn-fdisk-3.0.6/lib/scheme/riscix.c:32:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_RISCIX_NAME_LEN];
data/acorn-fdisk-3.0.6/lib/scheme/riscix.c:301:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sector.p.p[i].name, "LNative");
data/acorn-fdisk-3.0.6/lib/scheme/riscix.c:305:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sector.p.p[i].name, "LSwap");
data/acorn-fdisk-3.0.6/lib/util/debug.c:36:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[2048];
data/acorn-fdisk-3.0.6/lib/util/debug.c:44:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
debug_file = fopen("/tmp/part.debug", "w+");
data/acorn-fdisk-3.0.6/lib/util/error.c:11:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char errmsg[2048];
data/acorn-fdisk-3.0.6/lib/util/warning.c:12:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char warning_message[2048];
data/acorn-fdisk-3.0.6/lib/util/warning.c:28:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
p += sprintf(p, "Warning: ");
data/acorn-fdisk-3.0.6/fdisk.c:501:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
w = strlen(device) + 1;
data/acorn-fdisk-3.0.6/fdisk.c:557:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dev_nam, device, 15);
data/acorn-fdisk-3.0.6/fdisk.c:1304:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read, i;
data/acorn-fdisk-3.0.6/fdisk.c:1345:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (start != temp && read) {
data/acorn-fdisk-3.0.6/fdisk.c:1350:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!read && start == temp) {
data/acorn-fdisk-3.0.6/fdisk.c:1365:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} while (start != temp || !read);
data/acorn-fdisk-3.0.6/fdisk.c:1620:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (dev) <= 8 || (!(part_no = atoi (dev + 8))))
data/acorn-fdisk-3.0.6/fdisk.c:1623:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (device, dev, 8);
data/acorn-fdisk-3.0.6/lib/blkio/read.c:107:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(blkio->fd, data, len) != len)
data/acorn-fdisk-3.0.6/lib/part/open.c:73:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
u_int scheme_len = strlen (part_scheme);
data/acorn-fdisk-3.0.6/lib/scheme/icside.c:271:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(sector.sector, id, strlen(id));
data/acorn-fdisk-3.0.6/lib/scheme/powertec.c:107:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(pe->type, str, strlen(str));
ANALYSIS SUMMARY:
Hits = 69
Lines analyzed = 8096 in approximately 0.22 seconds (36793 lines/second)
Physical Source Lines of Code (SLOC) = 5422
Hits@level = [0] 128 [1] 12 [2] 45 [3] 1 [4] 11 [5] 0
Hits@level+ = [0+] 197 [1+] 69 [2+] 57 [3+] 12 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 36.3335 [1+] 12.7259 [2+] 10.5127 [3+] 2.21321 [4+] 2.02877 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.