Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/aseba-1.6.99+dfsg/tests/vm/aseba-test-natives-count.cpp
Examining data/aseba-1.6.99+dfsg/tests/msg/aseba-test-msg.cpp
Examining data/aseba-1.6.99+dfsg/tests/common/utf8.cpp
Examining data/aseba-1.6.99+dfsg/tests/common/aseba-test-invalid-utf8.cpp
Examining data/aseba-1.6.99+dfsg/tests/test-http.cpp
Examining data/aseba-1.6.99+dfsg/tests/simulator/aseba-test-simulator.cpp
Examining data/aseba-1.6.99+dfsg/tests/compiler/asebavmdummycallbacks.cpp
Examining data/aseba-1.6.99+dfsg/tests/compiler/asebatest.cpp
Examining data/aseba-1.6.99+dfsg/examples/zeroconf/targetlist-qt.h
Examining data/aseba-1.6.99+dfsg/examples/zeroconf/targetlist-thread.cpp
Examining data/aseba-1.6.99+dfsg/examples/zeroconf/targetadvertise.cpp
Examining data/aseba-1.6.99+dfsg/examples/zeroconf/targetlist-dashelhub.cpp
Examining data/aseba-1.6.99+dfsg/examples/zeroconf/targetlist-qt.cpp
Examining data/aseba-1.6.99+dfsg/examples/switches/botspeak/botspeak.cpp
Examining data/aseba-1.6.99+dfsg/examples/switches/botspeak/botspeak.h
Examining data/aseba-1.6.99+dfsg/examples/clients/cpp-qt-dbus/dbusinterface.h
Examining data/aseba-1.6.99+dfsg/examples/clients/cpp-qt-dbus/dbusinterface.cpp
Examining data/aseba-1.6.99+dfsg/examples/clients/cpp-qt-dbus/main.cpp
Examining data/aseba-1.6.99+dfsg/examples/clients/cpp-qt-gui/dashelinterface.cpp
Examining data/aseba-1.6.99+dfsg/examples/clients/cpp-qt-gui/mainwindow.h
Examining data/aseba-1.6.99+dfsg/examples/clients/cpp-qt-gui/dashelinterface.h
Examining data/aseba-1.6.99+dfsg/examples/clients/cpp-qt-gui/mainwindow.cpp
Examining data/aseba-1.6.99+dfsg/examples/clients/cpp-qt-gui/main.cpp
Examining data/aseba-1.6.99+dfsg/examples/clients/cpp-shell/shell.cpp
Examining data/aseba-1.6.99+dfsg/examples/clients/cpp-shell/shell.h
Examining data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp
Examining data/aseba-1.6.99+dfsg/third_party/avahi-compat-libdns_sd/compat.c
Examining data/aseba-1.6.99+dfsg/third_party/avahi-compat-libdns_sd/warn.h
Examining data/aseba-1.6.99+dfsg/aseba/vm/vm.h
Examining data/aseba-1.6.99+dfsg/aseba/vm/vm.c
Examining data/aseba-1.6.99+dfsg/aseba/vm/natives.c
Examining data/aseba-1.6.99+dfsg/aseba/vm/natives.h
Examining data/aseba-1.6.99+dfsg/aseba/transport/microchip_usb/usb-buffer.h
Examining data/aseba-1.6.99+dfsg/aseba/transport/microchip_usb/usb-buffer.c
Examining data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/none.cpp
Examining data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/android.h
Examining data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/socketcan.cpp
Examining data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/dashel-plugins.h
Examining data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/android.cpp
Examining data/aseba-1.6.99+dfsg/aseba/transport/buffer/vm-buffer.h
Examining data/aseba-1.6.99+dfsg/aseba/transport/buffer/vm-buffer.c
Examining data/aseba-1.6.99+dfsg/aseba/transport/can/can-net.c
Examining data/aseba-1.6.99+dfsg/aseba/transport/can/can-net.h
Examining data/aseba-1.6.99+dfsg/aseba/transport/can/can-buffer.c
Examining data/aseba-1.6.99+dfsg/aseba/common/msg/NodesManager.h
Examining data/aseba-1.6.99+dfsg/aseba/common/msg/endian.h
Examining data/aseba-1.6.99+dfsg/aseba/common/msg/TargetDescription.h
Examining data/aseba-1.6.99+dfsg/aseba/common/msg/NodesManager.cpp
Examining data/aseba-1.6.99+dfsg/aseba/common/msg/msg.h
Examining data/aseba-1.6.99+dfsg/aseba/common/msg/TargetDescription.cpp
Examining data/aseba-1.6.99+dfsg/aseba/common/msg/msg.cpp
Examining data/aseba-1.6.99+dfsg/aseba/common/zeroconf/zeroconf.h
Examining data/aseba-1.6.99+dfsg/aseba/common/zeroconf/zeroconf-thread.cpp
Examining data/aseba-1.6.99+dfsg/aseba/common/zeroconf/txtrecord.cpp
Examining data/aseba-1.6.99+dfsg/aseba/common/zeroconf/target.cpp
Examining data/aseba-1.6.99+dfsg/aseba/common/zeroconf/zeroconf-qt.cpp
Examining data/aseba-1.6.99+dfsg/aseba/common/zeroconf/zeroconf.cpp
Examining data/aseba-1.6.99+dfsg/aseba/common/zeroconf/zeroconf-dashelhub.h
Examining data/aseba-1.6.99+dfsg/aseba/common/zeroconf/zeroconf-thread.h
Examining data/aseba-1.6.99+dfsg/aseba/common/zeroconf/zeroconf-dashelhub.cpp
Examining data/aseba-1.6.99+dfsg/aseba/common/zeroconf/zeroconf-qt.h
Examining data/aseba-1.6.99+dfsg/aseba/common/types.h
Examining data/aseba-1.6.99+dfsg/aseba/common/utils/HexFile.h
Examining data/aseba-1.6.99+dfsg/aseba/common/utils/BootloaderInterface.cpp
Examining data/aseba-1.6.99+dfsg/aseba/common/utils/BootloaderInterface.h
Examining data/aseba-1.6.99+dfsg/aseba/common/utils/HexFile.cpp
Examining data/aseba-1.6.99+dfsg/aseba/common/utils/FormatableString.cpp
Examining data/aseba-1.6.99+dfsg/aseba/common/utils/FormatableString.h
Examining data/aseba-1.6.99+dfsg/aseba/common/utils/utils.cpp
Examining data/aseba-1.6.99+dfsg/aseba/common/utils/utils.h
Examining data/aseba-1.6.99+dfsg/aseba/common/consts.h
Examining data/aseba-1.6.99+dfsg/aseba/common/authors.h
Examining data/aseba-1.6.99+dfsg/aseba/common/about/AboutDialog.h
Examining data/aseba-1.6.99+dfsg/aseba/common/about/AboutDialog.cpp
Examining data/aseba-1.6.99+dfsg/aseba/common/productids.h
Examining data/aseba-1.6.99+dfsg/aseba/targets/dummy/dummynode_description.c
Examining data/aseba-1.6.99+dfsg/aseba/targets/dummy/dummynode.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel-user.h
Examining data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel-user.c
Examining data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.h
Examining data/aseba-1.6.99+dfsg/aseba/targets/dspic33/main.c
Examining data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c
Examining data/aseba-1.6.99+dfsg/aseba/targets/enki-marxbot/AsebaMarxbot-vm-descriptions.c
Examining data/aseba-1.6.99+dfsg/aseba/targets/enki-marxbot/AsebaMarxbot.h
Examining data/aseba-1.6.99+dfsg/aseba/targets/enki-marxbot/AsebaMarxbot.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/enki-marxbot/EnkiMarxbot.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/challenge/objects/food_charge3.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/challenge/objects/food_charge0.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/challenge/objects/food_charge2.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/challenge/objects/food_base.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/challenge/objects/food_charge1.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/challenge/objects/food_ring.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/challenge/challenge.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/challenge/challenge-vm-description.c
Examining data/aseba-1.6.99+dfsg/aseba/targets/challenge/challenge.h
Examining data/aseba-1.6.99+dfsg/aseba/targets/can-translator/morse.h
Examining data/aseba-1.6.99+dfsg/aseba/targets/can-translator/main.c
Examining data/aseba-1.6.99+dfsg/aseba/targets/can-translator/hardware.h
Examining data/aseba-1.6.99+dfsg/aseba/targets/can-translator/morse.c
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/PlaygroundDBusAdaptors.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/EnkiGlue.h
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/playground.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/DirectAsebaGlue.h
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/Door.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/DashelAsebaGlue.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/AsebaGlue.h
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/DirectAsebaGlue.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/Parameters.h
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/DashelAsebaGlue.h
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/EnkiGlue.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/AsebaGlue.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/robots/e-puck/EPuck.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/robots/e-puck/EPuck.h
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/robots/e-puck/EPuck-descriptions.c
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/robots/thymio2/Thymio2-descriptions.c
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/robots/thymio2/Thymio2.h
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/robots/thymio2/Thymio2.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/robots/thymio2/Thymio2-natives.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/robots/thymio2/Thymio2-natives.h
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/PlaygroundViewer.cpp
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/Door.h
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/Robots.h
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/PlaygroundDBusAdaptors.h
Examining data/aseba-1.6.99+dfsg/aseba/targets/playground/PlaygroundViewer.h
Examining data/aseba-1.6.99+dfsg/aseba/switches/http/http.h
Examining data/aseba-1.6.99+dfsg/aseba/switches/http/http.cpp
Examining data/aseba-1.6.99+dfsg/aseba/switches/http/main.cpp
Examining data/aseba-1.6.99+dfsg/aseba/switches/http2/HttpInterface.cpp
Examining data/aseba-1.6.99+dfsg/aseba/switches/http2/AeslProgram.cpp
Examining data/aseba-1.6.99+dfsg/aseba/switches/http2/HttpHandler.h
Examining data/aseba-1.6.99+dfsg/aseba/switches/http2/HttpResponse.cpp
Examining data/aseba-1.6.99+dfsg/aseba/switches/http2/HttpDashelTarget.cpp
Examining data/aseba-1.6.99+dfsg/aseba/switches/http2/HttpResponse.h
Examining data/aseba-1.6.99+dfsg/aseba/switches/http2/AeslProgram.h
Examining data/aseba-1.6.99+dfsg/aseba/switches/http2/HttpInterfaceHandlers.cpp
Examining data/aseba-1.6.99+dfsg/aseba/switches/http2/HttpDashelTarget.h
Examining data/aseba-1.6.99+dfsg/aseba/switches/http2/main.cpp
Examining data/aseba-1.6.99+dfsg/aseba/switches/http2/HttpRequest.h
Examining data/aseba-1.6.99+dfsg/aseba/switches/http2/HttpInterfaceHandlers.h
Examining data/aseba-1.6.99+dfsg/aseba/switches/http2/HttpRequest.cpp
Examining data/aseba-1.6.99+dfsg/aseba/switches/http2/HttpInterface.h
Examining data/aseba-1.6.99+dfsg/aseba/switches/medulla/medulla.h
Examining data/aseba-1.6.99+dfsg/aseba/switches/medulla/medulla.cpp
Examining data/aseba-1.6.99+dfsg/aseba/switches/switch/switch.h
Examining data/aseba-1.6.99+dfsg/aseba/switches/switch/switch.cpp
Examining data/aseba-1.6.99+dfsg/aseba/compiler/errors.cpp
Examining data/aseba-1.6.99+dfsg/aseba/compiler/tree-emit.cpp
Examining data/aseba-1.6.99+dfsg/aseba/compiler/tree-build.cpp
Examining data/aseba-1.6.99+dfsg/aseba/compiler/analysis.cpp
Examining data/aseba-1.6.99+dfsg/aseba/compiler/tree.h
Examining data/aseba-1.6.99+dfsg/aseba/compiler/compiler.h
Examining data/aseba-1.6.99+dfsg/aseba/compiler/tree-expand.cpp
Examining data/aseba-1.6.99+dfsg/aseba/compiler/errors_code.h
Examining data/aseba-1.6.99+dfsg/aseba/compiler/identifier-lookup.cpp
Examining data/aseba-1.6.99+dfsg/aseba/compiler/tree-typecheck.cpp
Examining data/aseba-1.6.99+dfsg/aseba/compiler/power-of-two.h
Examining data/aseba-1.6.99+dfsg/aseba/compiler/tree-optimize.cpp
Examining data/aseba-1.6.99+dfsg/aseba/compiler/tree-dump.cpp
Examining data/aseba-1.6.99+dfsg/aseba/compiler/lexer.cpp
Examining data/aseba-1.6.99+dfsg/aseba/compiler/parser.cpp
Examining data/aseba-1.6.99+dfsg/aseba/compiler/compiler.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/dump/dump.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/thymioupgrader/ThymioUpgrader.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/thymioupgrader/ThymioUpgrader.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/joy/asebajoy.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/massloader/massloader.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/eventlogger/eventlogger.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/ThymioVPLStandalone.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/HelpViewer.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/CustomDelegate.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/FindDialog.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/DashelTarget.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/ConfigDialog.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/AeslEditor.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/ModelAggregator.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/TargetModels.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/Plugin.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/thymiovpl.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/rendervplblocks.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/PluginRegistry.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/Target.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/StudioAeslEditor.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/MainWindow.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/AeslEditor.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/FindDialog.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/CustomDelegate.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/CustomWidgets.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/ThymioVPLStandalone.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/translations/CompilerTranslator.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/translations/CompilerTranslator.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/TargetModels.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/EventViewer.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/EventViewer.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/VariablesViewPlugin.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/StopThymioPlugin.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/StopThymioPlugin.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/VariablesViewPlugin.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/Style.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/ResizingView.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/Utils.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/Scene.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/ActionBlocks.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/UsageLogger.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/EventBlocks.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/Buttons.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/Scene.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/UsageLogger.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/Utils.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/EventActionsSet.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/Block.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/ActionBlocks.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/StateBlocks.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/LogSignalMapper.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/Buttons.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/ResizingView.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/StateBlocks.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/Style.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/Compiler.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/ThymioVisualProgramming.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/Block.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/Compiler.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/ThymioVisualProgramming.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/LogSignalMapper.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/CompilerVisitors.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/EventActionsSet.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/EventBlocks.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/CustomWidgets.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/StudioAeslEditor.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/Plugin.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/NamedValuesVectorModel.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/NamedValuesVectorModel.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/ClickableLabel.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/HelpViewer.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/main.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/DashelTarget.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/MainWindow.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/ConfigDialog.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/ClickableLabel.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/ModelAggregator.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/PluginRegistry.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/studio/Target.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/replay/play.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/replay/rec.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/cmd/cmd.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/exec/exec.cpp
Examining data/aseba-1.6.99+dfsg/aseba/clients/thymiownetconfig/thymiownetconfig-cli.c
Examining data/aseba-1.6.99+dfsg/aseba/clients/thymiownetconfig/ThymioWNetConfig.h
Examining data/aseba-1.6.99+dfsg/aseba/clients/thymiownetconfig/ThymioWNetConfig.cpp
FINAL RESULTS:
data/aseba-1.6.99+dfsg/aseba/clients/exec/exec.cpp:61:19: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const int ret(system(programName));
data/aseba-1.6.99+dfsg/aseba/clients/studio/DashelTarget.cpp:124:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (QLocale::system().name().startsWith(languageSelectionBox->itemData(i).toString()))
data/aseba-1.6.99+dfsg/aseba/clients/studio/DashelTarget.cpp:358:40: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const QString& systemLocale(QLocale::system().name());
data/aseba-1.6.99+dfsg/aseba/clients/studio/main.cpp:106:35: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const QString language(QLocale::system().name());
data/aseba-1.6.99+dfsg/aseba/clients/thymioupgrader/ThymioUpgrader.cpp:494:46: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
qtTranslator.load(QString("qt_") + QLocale::system().name(), QLibraryInfo::location(QLibraryInfo::TranslationsPath));
data/aseba-1.6.99+dfsg/aseba/clients/thymioupgrader/ThymioUpgrader.cpp:495:58: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
translator.load(QString(":/thymioupgrader_") + QLocale::system().name());
data/aseba-1.6.99+dfsg/aseba/clients/thymiownetconfig/ThymioWNetConfig.cpp:252:46: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
qtTranslator.load(QString("qt_") + QLocale::system().name(), QLibraryInfo::location(QLibraryInfo::TranslationsPath));
data/aseba-1.6.99+dfsg/aseba/clients/thymiownetconfig/ThymioWNetConfig.cpp:253:60: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
translator.load(QString(":/thymiownetconfig_") + QLocale::system().name());
data/aseba-1.6.99+dfsg/aseba/targets/challenge/challenge.cpp:1117:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (QLocale::system().name().startsWith(languageSelectionBox->itemData(i).toString()))
data/aseba-1.6.99+dfsg/aseba/targets/challenge/challenge.cpp:1139:37: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
qtTranslator.load("qt_" + QLocale::system().name(), QLibraryInfo::location(QLibraryInfo::TranslationsPath));
data/aseba-1.6.99+dfsg/aseba/targets/challenge/challenge.cpp:1144:58: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
translator.load(QString(":/asebachallenge_") + QLocale::system().name());
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:464:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(error_string, number);
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:469:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(error_string, number);
data/aseba-1.6.99+dfsg/aseba/targets/playground/playground.cpp:140:37: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
qtTranslator.load("qt_" + QLocale::system().name());
data/aseba-1.6.99+dfsg/aseba/targets/playground/playground.cpp:144:59: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
translator.load(QString(":/asebaplayground_") + QLocale::system().name());
data/aseba-1.6.99+dfsg/aseba/targets/playground/playground.cpp:148:56: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
aboutTranslator.load(QString(":/qtabout_") + QLocale::system().name());
data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/socketcan.cpp:126:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ifr.ifr_name, ifName.c_str());
data/aseba-1.6.99+dfsg/third_party/avahi-compat-libdns_sd/compat.c:319:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, __FILE__": read() failed: %s\n", r < 0 ? strerror(errno) : "EOF");
data/aseba-1.6.99+dfsg/third_party/avahi-compat-libdns_sd/compat.c:330:9: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, __FILE__": write() failed: %s\n", strerror(errno));
data/aseba-1.6.99+dfsg/third_party/avahi-compat-libdns_sd/compat.c:387:25: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, __FILE__": avahi_simple_poll_run() failed: %s\n", strerror(errno));
data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/UsageLogger.cpp:416:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(nullptr));
data/aseba-1.6.99+dfsg/aseba/targets/challenge/challenge.cpp:602:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
epuck->pos.x = Enki::random.getRange(120)+10;
data/aseba-1.6.99+dfsg/aseba/targets/challenge/challenge.cpp:603:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
epuck->pos.y = Enki::random.getRange(120)+10;
data/aseba-1.6.99+dfsg/aseba/targets/challenge/challenge.cpp:1189:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
epuck->pos.x = Enki::random.getRange(120)+10;
data/aseba-1.6.99+dfsg/aseba/targets/challenge/challenge.cpp:1190:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
epuck->pos.y = Enki::random.getRange(120)+10;
data/aseba-1.6.99+dfsg/tests/compiler/asebatest.cpp:247:7: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
c = getopt_long(argc, argv, short_options, long_options, &index);
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:8125:18: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand( config.rngSeed() );
data/aseba-1.6.99+dfsg/aseba/clients/cmd/cmd.cpp:220:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
GetNodeDescription message(atoi(argv[1]));
data/aseba-1.6.99+dfsg/aseba/clients/cmd/cmd.cpp:230:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
uint16_t type = atoi(argv[1]);
data/aseba-1.6.99+dfsg/aseba/clients/cmd/cmd.cpp:235:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data[i] = atoi(argv[i+2]);
data/aseba-1.6.99+dfsg/aseba/clients/cmd/cmd.cpp:248:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
CmdBootloaderInterface bootloader(stream, atoi(argv[1]));
data/aseba-1.6.99+dfsg/aseba/clients/cmd/cmd.cpp:251:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (bootloader.readPage(atoi(argv[2]), &data[0]))
data/aseba-1.6.99+dfsg/aseba/clients/cmd/cmd.cpp:260:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
errorReadPage(atoi(argv[2]));
data/aseba-1.6.99+dfsg/aseba/clients/cmd/cmd.cpp:268:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
CmdBootloaderInterface bootloader(stream, atoi(argv[1]));
data/aseba-1.6.99+dfsg/aseba/clients/cmd/cmd.cpp:270:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cout << "Page: " << atoi(argv[2]) << endl;
data/aseba-1.6.99+dfsg/aseba/clients/cmd/cmd.cpp:271:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(bootloader.readPageSimple(atoi(argv[2]), &data[0])) {
data/aseba-1.6.99+dfsg/aseba/clients/cmd/cmd.cpp:279:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
errorReadPage(atoi(argv[2]));
data/aseba-1.6.99+dfsg/aseba/clients/cmd/cmd.cpp:298:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
CmdBootloaderInterface bootloader(stream, atoi(argv[1]));
data/aseba-1.6.99+dfsg/aseba/clients/cmd/cmd.cpp:319:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
CmdBootloaderInterface bootloader(stream, atoi(argv[1]));
data/aseba-1.6.99+dfsg/aseba/clients/cmd/cmd.cpp:337:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
CmdBootloaderInterface bootloader(stream, atoi(argv[1]));
data/aseba-1.6.99+dfsg/aseba/clients/cmd/cmd.cpp:353:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dest = atoi(argv[1]);
data/aseba-1.6.99+dfsg/aseba/clients/cmd/cmd.cpp:388:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dest = atoi(argv[1]);
data/aseba-1.6.99+dfsg/aseba/clients/cmd/cmd.cpp:401:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dest = atoi(argv[1]);
data/aseba-1.6.99+dfsg/aseba/clients/eventlogger/eventlogger.cpp:109:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
outputFile.open(filename);
data/aseba-1.6.99+dfsg/aseba/clients/eventlogger/eventlogger.cpp:181:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
EventLogger logger(argv[1], atoi(argv[2]), atoi(argv[3]), (argc > 4 ? argv[4] : 0));
data/aseba-1.6.99+dfsg/aseba/clients/eventlogger/eventlogger.cpp:181:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
EventLogger logger(argv[1], atoi(argv[2]), atoi(argv[3]), (argc > 4 ? argv[4] : 0));
data/aseba-1.6.99+dfsg/aseba/clients/exec/exec.cpp:105:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const unsigned msgId(atoi(argv[1]));
data/aseba-1.6.99+dfsg/aseba/clients/exec/exec.cpp:106:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *programName(argv[2]);
data/aseba-1.6.99+dfsg/aseba/clients/massloader/massloader.cpp:163:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly))
data/aseba-1.6.99+dfsg/aseba/clients/replay/play.cpp:104:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
buffer.rawData.reserve(atoi(tokenizedLine.front().c_str()));
data/aseba-1.6.99+dfsg/aseba/clients/studio/EventViewer.cpp:236:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::WriteOnly | QFile::Truncate))
data/aseba-1.6.99+dfsg/aseba/clients/studio/MainWindow.cpp:866:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::WriteOnly | QFile::Truncate))
data/aseba-1.6.99+dfsg/aseba/clients/studio/MainWindow.cpp:1732:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly))
data/aseba-1.6.99+dfsg/aseba/clients/studio/MainWindow.cpp:1921:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::WriteOnly | QFile::Truncate))
data/aseba-1.6.99+dfsg/aseba/clients/studio/MainWindow.cpp:2030:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::WriteOnly | QFile::Truncate))
data/aseba-1.6.99+dfsg/aseba/clients/studio/MainWindow.cpp:2062:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly))
data/aseba-1.6.99+dfsg/aseba/clients/studio/ThymioVPLStandalone.cpp:320:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::WriteOnly | QFile::Truncate))
data/aseba-1.6.99+dfsg/aseba/clients/studio/ThymioVPLStandalone.cpp:382:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly))
data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/UsageLogger.cpp:405:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/aseba-1.6.99+dfsg/aseba/clients/thymioupgrader/ThymioUpgrader.cpp:464:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (officialHexFile.open())
data/aseba-1.6.99+dfsg/aseba/clients/thymiownetconfig/thymiownetconfig-cli.c:46:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(file, O_RDWR);
data/aseba-1.6.99+dfsg/aseba/clients/thymiownetconfig/thymiownetconfig-cli.c:166:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
c = atoi(argv[i]);
data/aseba-1.6.99+dfsg/aseba/common/zeroconf/target.cpp:73:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port(atoi(stream->getTargetParameter("port").c_str()))
data/aseba-1.6.99+dfsg/aseba/common/zeroconf/zeroconf.cpp:336:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return getTarget(name, atoi(stream->getTargetParameter("port").c_str()));
data/aseba-1.6.99+dfsg/aseba/switches/http/http.cpp:419:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[256];
data/aseba-1.6.99+dfsg/aseba/switches/http/http.cpp:421:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hostname, "unknown host");
data/aseba-1.6.99+dfsg/aseba/switches/http/http.cpp:736:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (! (int(nodeId) == atoi(args[0].c_str()) ||
data/aseba-1.6.99+dfsg/aseba/switches/http/http.cpp:1031:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data.push_back(atoi(args[i].c_str()));
data/aseba-1.6.99+dfsg/aseba/switches/http/http.cpp:1100:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data.push_back(atoi(args[i].c_str()));
data/aseba-1.6.99+dfsg/aseba/switches/http/http.cpp:1282:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int eventSize = atoi((const char *)size);
data/aseba-1.6.99+dfsg/aseba/switches/http/http.cpp:1308:70: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi((const char *)value)));
data/aseba-1.6.99+dfsg/aseba/switches/http/http.cpp:1345:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (preferredId == unsigned(atoi((char*)storedId))
data/aseba-1.6.99+dfsg/aseba/switches/http/http.cpp:1669:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sse_todo = atoi(query[1].substr(5).c_str());
data/aseba-1.6.99+dfsg/aseba/switches/http/http.cpp:1705:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int content_length = atoi(headers["Content-Length"].c_str());
data/aseba-1.6.99+dfsg/aseba/switches/http/http.cpp:1765:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reply_str, reply.str().c_str(), reply_len);
data/aseba-1.6.99+dfsg/aseba/switches/http/main.cpp:105:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Kiterations = atoi(argv[argCounter++]);
data/aseba-1.6.99+dfsg/aseba/switches/http2/AeslProgram.cpp:81:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int eventSize = atoi((const char *) size);
data/aseba-1.6.99+dfsg/aseba/switches/http2/AeslProgram.cpp:99:107: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(name && value) commonDefinitions.constants.push_back(NamedValue(UTF8ToWString((const char *) name), atoi((const char *) value)));
data/aseba-1.6.99+dfsg/aseba/switches/http2/HttpDashelTarget.cpp:66:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data.push_back(atoi(args[i].c_str()));
data/aseba-1.6.99+dfsg/aseba/switches/http2/HttpDashelTarget.cpp:165:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data.push_back(atoi(args[i].c_str()));
data/aseba-1.6.99+dfsg/aseba/switches/http2/HttpInterfaceHandlers.cpp:549:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[bufferSize];
data/aseba-1.6.99+dfsg/aseba/switches/http2/HttpRequest.cpp:171:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int contentLength = atoi(headers["Content-Length"].c_str());
data/aseba-1.6.99+dfsg/aseba/switches/http2/main.cpp:76:84: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else if((strcmp(arg, "-K") == 0) || (strcmp(arg, "--Kiter") == 0)) Kiterations = atoi(argv[argCounter++]);
data/aseba-1.6.99+dfsg/aseba/switches/medulla/medulla.cpp:196:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QFile::ReadOnly))
data/aseba-1.6.99+dfsg/aseba/switches/medulla/medulla.cpp:700:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(arg);
data/aseba-1.6.99+dfsg/aseba/switches/switch/switch.cpp:78:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hostname[256];
data/aseba-1.6.99+dfsg/aseba/switches/switch/switch.cpp:80:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hostname, "unknown host");
data/aseba-1.6.99+dfsg/aseba/switches/switch/switch.cpp:273:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(arg);
data/aseba-1.6.99+dfsg/aseba/targets/can-translator/main.c:57:62: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static __attribute((far)) __attribute((aligned(2))) unsigned char uartSendBuffer[ASEBA_MAX_OUTER_PACKET_SIZE];
data/aseba-1.6.99+dfsg/aseba/targets/can-translator/main.c:60:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static __attribute((far)) __attribute((aligned(2))) unsigned char uartRecvBuffer[ASEBA_MAX_OUTER_PACKET_SIZE];
data/aseba-1.6.99+dfsg/aseba/targets/challenge/challenge.cpp:1022:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &asebaEPuckMap[vm]->lastMessageData[0], asebaEPuckMap[vm]->lastMessageData.size());
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:217:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode"), address(0x15800 - 0x800 /* bootloader */ - 0x400 /* settings */ - NUMBER_OF_CHUNK*0x400L*PAGE_PER_CHUNK)/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:218:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash1[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:219:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash2[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:220:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash3[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:221:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash4[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:222:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash5[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:223:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash6[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:224:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash7[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:225:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash8[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:226:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash9[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:227:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash10[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:228:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash11[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:229:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash12[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:230:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash13[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:231:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash14[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:232:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash15[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:233:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash16[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:234:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash17[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:235:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash18[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:236:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash19[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:237:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash20[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:238:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash21[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:239:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash22[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:240:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash23[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:241:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash24[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:242:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_flash25[PAGE_PER_CHUNK][INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), aligned(INSTRUCTIONS_PER_PAGE * 2), section(".aseba_bytecode")/*, noload*/));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:245:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char __bootloader[INSTRUCTIONS_PER_PAGE * 2 * 2] __attribute((space(prog), section(".boot"), noload, address(0x15800 - 0x800)));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:248:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char aseba_settings_flash[INSTRUCTIONS_PER_PAGE * 2] __attribute__ ((space(prog), section(".aseba_settings"), noload, address(0x15800 - 0x800 - 0x400)));
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:299:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[3];
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:313:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[2];
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:460:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error_string[255];
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:461:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[10];
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:462:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(error_string, "Molole error 0x");
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:465:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(error_string, " in file: ");
data/aseba-1.6.99+dfsg/aseba/targets/dummy/dummynode.cpp:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mutableName[12];
data/aseba-1.6.99+dfsg/aseba/targets/dummy/dummynode.cpp:296:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &node.lastMessageData[0], node.lastMessageData.size());
data/aseba-1.6.99+dfsg/aseba/targets/dummy/dummynode.cpp:395:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
do_delta = false, port = atoi(argv[argCounter++]);
data/aseba-1.6.99+dfsg/aseba/targets/dummy/dummynode.cpp:400:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
deltaNodeId = atoi(arg);
data/aseba-1.6.99+dfsg/aseba/targets/enki-marxbot/AsebaMarxbot.cpp:112:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &(event.data[0]), length);
data/aseba-1.6.99+dfsg/aseba/targets/enki-marxbot/AsebaMarxbot.h:61:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&this->data[0], data, length);
data/aseba-1.6.99+dfsg/aseba/targets/playground/AsebaGlue.cpp:61:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &lastMessageData[0], len);
data/aseba-1.6.99+dfsg/aseba/targets/playground/Door.cpp:74:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void SlidingDoor::open(void)
data/aseba-1.6.99+dfsg/aseba/targets/playground/Door.cpp:151:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
attachedDoor->open();
data/aseba-1.6.99+dfsg/aseba/targets/playground/Door.h:31:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open() = 0;
data/aseba-1.6.99+dfsg/aseba/targets/playground/Door.h:57:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual void open(void);
data/aseba-1.6.99+dfsg/aseba/targets/playground/playground.cpp:180:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(QIODevice::ReadOnly))
data/aseba-1.6.99+dfsg/aseba/targets/playground/robots/thymio2/Thymio2.cpp:284:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sdCardFile.open(fileName.c_str(), std::ios::in | std::ios::out | std::ios::binary);
data/aseba-1.6.99+dfsg/aseba/targets/playground/robots/thymio2/Thymio2.cpp:288:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
sdCardFile.open(fileName.c_str(), std::ios::in | std::ios::out | std::ios::binary | std::ios::trunc);
data/aseba-1.6.99+dfsg/aseba/transport/buffer/vm-buffer.c:27:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buffer[ASEBA_MAX_INNER_PACKET_SIZE];
data/aseba-1.6.99+dfsg/aseba/transport/can/can-net.c:100:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(asebaCan.sendQueue[asebaCan.sendQueueInsertPos].data, data, size);
data/aseba-1.6.99+dfsg/aseba/transport/can/can-net.c:288:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, asebaCan.recvQueue[i].data, len);
data/aseba-1.6.99+dfsg/aseba/transport/can/can-net.c:326:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + pos, asebaCan.recvQueue[i].data, amount);
data/aseba-1.6.99+dfsg/aseba/transport/can/can-net.c:405:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&asebaCan.recvQueue[asebaCan.recvQueueInsertPos], frame, sizeof(*frame));
data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/android.cpp:154:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data,rx_urb.buffer,cpy);
data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/android.h:32:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rx_data[512];
data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/socketcan.cpp:84:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tx_buffer[ASEBA_MAX_OUTER_PACKET_SIZE];
data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/socketcan.cpp:86:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rx_buffer[ASEBA_MAX_OUTER_PACKET_SIZE];
data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/socketcan.cpp:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ctrlmsg[CMSG_SPACE(sizeof(struct timeval)) + CMSG_SPACE(sizeof(__u32))];
data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/socketcan.cpp:207:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&frame.data[2], &tx_buffer[6], packet_len);
data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/socketcan.cpp:217:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&frame.data[2], p, 6);
data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/socketcan.cpp:226:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame.data, p, 8);
data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/socketcan.cpp:233:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame.data, p, packet_len);
data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/socketcan.cpp:286:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rx_buffer[4], rx_fifo[i].f.data, rx_fifo[i].f.can_dlc);
data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/socketcan.cpp:323:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rx_buffer[rx_len], rx_fifo[i].f.data, rx_fifo[i].f.can_dlc);
data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/socketcan.cpp:386:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&rx_fifo[rx_insert].f,&rframe,sizeof(rframe));
data/aseba-1.6.99+dfsg/aseba/vm/vm.c:552:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer+3, message, msgLen);
data/aseba-1.6.99+dfsg/examples/clients/cpp-shell/shell.cpp:364:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data.push_back(atoi(args[i].c_str()));
data/aseba-1.6.99+dfsg/examples/clients/cpp-shell/shell.cpp:388:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
data.push_back(atoi(args[i].c_str()));
data/aseba-1.6.99+dfsg/examples/clients/cpp-shell/shell.cpp:453:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preferedId = unsigned(atoi((char*)storedId));
data/aseba-1.6.99+dfsg/examples/clients/cpp-shell/shell.cpp:483:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int eventSize(atoi((const char *)size));
data/aseba-1.6.99+dfsg/examples/clients/cpp-shell/shell.cpp:514:90: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
commonDefinitions.constants.push_back(NamedValue(UTF8ToWString((const char *)name), atoi((const char *)value)));
data/aseba-1.6.99+dfsg/examples/switches/botspeak/botspeak.cpp:89:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
unsigned index(atoi(parts[1].c_str()));
data/aseba-1.6.99+dfsg/examples/switches/botspeak/botspeak.cpp:117:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(parts[0].c_str());
data/aseba-1.6.99+dfsg/examples/switches/botspeak/botspeak.cpp:453:63: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
createBotspeakVarIfUndefined(UTF8ToWString(tokens.at(0)), atoi(tokens.back().c_str()));
data/aseba-1.6.99+dfsg/examples/switches/botspeak/botspeak.cpp:514:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const unsigned gotoAddr(atoi(cmd.back().c_str()));
data/aseba-1.6.99+dfsg/examples/switches/botspeak/botspeak.cpp:523:64: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
createBotspeakVarIfUndefined(UTF8ToWString(tokens.at(0)), atoi(tokens.back().c_str()));
data/aseba-1.6.99+dfsg/examples/switches/botspeak/botspeak.cpp:600:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
asebaSource += WFormatableString(L"\ttimer.period[0] = %0\n").arg(atoi(cmd.at(1).c_str()));
data/aseba-1.6.99+dfsg/examples/switches/botspeak/botspeak.cpp:604:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const unsigned destLine(atoi(cmd.back().c_str()));
data/aseba-1.6.99+dfsg/examples/switches/botspeak/botspeak.cpp:623:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
const unsigned destLine(atoi(cmd.back().c_str()));
data/aseba-1.6.99+dfsg/examples/switches/botspeak/botspeak.cpp:890:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
botSpeakPort = atoi(argv[2]);
data/aseba-1.6.99+dfsg/tests/compiler/asebatest.cpp:291:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stepCount = atoi(optarg);
data/aseba-1.6.99+dfsg/tests/compiler/asebatest.cpp:381:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open(memCmpFileName.data(), std::ifstream::in);
data/aseba-1.6.99+dfsg/tests/compiler/asebatest.cpp:425:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifs.open( filename.c_str(),std::ifstream::binary);
data/aseba-1.6.99+dfsg/tests/test-http.cpp:208:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
REQUIRE( atoi(values[0].c_str()) == 42 );
data/aseba-1.6.99+dfsg/tests/test-http.cpp:236:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
REQUIRE( atoi(values[0].c_str()) == 42 );
data/aseba-1.6.99+dfsg/tests/test-http.cpp:237:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
REQUIRE( atoi(values[1].c_str()) == 63 );
data/aseba-1.6.99+dfsg/third_party/avahi-compat-libdns_sd/compat.c:595:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type_fixed[AVAHI_DOMAIN_NAME_MAX], domain_fixed[AVAHI_DOMAIN_NAME_MAX];
data/aseba-1.6.99+dfsg/third_party/avahi-compat-libdns_sd/compat.c:795:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char host_name_fixed[AVAHI_DOMAIN_NAME_MAX];
data/aseba-1.6.99+dfsg/third_party/avahi-compat-libdns_sd/compat.c:796:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char full_name[AVAHI_DOMAIN_NAME_MAX];
data/aseba-1.6.99+dfsg/third_party/avahi-compat-libdns_sd/compat.c:910:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char domain_fixed[AVAHI_DOMAIN_NAME_MAX];
data/aseba-1.6.99+dfsg/third_party/avahi-compat-libdns_sd/compat.c:1038:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regtype_fixed[AVAHI_DOMAIN_NAME_MAX], domain_fixed[AVAHI_DOMAIN_NAME_MAX];
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:1224:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStamp[timeStampSize];
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:3437:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
alignas(alignof(T)) char storage[sizeof(T)];
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:3897:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[CATCH_CONFIG_CONSOLE_WIDTH] = {0};
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:4465:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:7829:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&i, &f, sizeof(f));
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:7838:14: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&i, &d, sizeof(d));
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:9169:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char **utf8Argv = new char *[ argc ];
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:9291:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[bufferSize];
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:9340:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
m_ofs.open( filename.c_str() );
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:9590:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( m_data, m_start, m_size );
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:10103:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void TrackerBase::open() {
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:10192:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open();
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:10231:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tracker->open();
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:10509:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char asChar[sizeof (int)];
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:11061:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[maxDoubleSize];
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:11068:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%.3f", duration);
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:11636:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open() {
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:11665:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tp.open();
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:12011:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeStamp[timeStampSize];
data/aseba-1.6.99+dfsg/aseba/clients/replay/play.cpp:156:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char c(stream->read<char>());
data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/ThymioVisualProgramming.cpp:1095:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const QImage playImage(playReader.read());
data/aseba-1.6.99+dfsg/aseba/clients/studio/plugins/ThymioVPL/ThymioVisualProgramming.cpp:1099:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const QImage playRedImage(playRedReader.read());
data/aseba-1.6.99+dfsg/aseba/clients/thymiownetconfig/ThymioWNetConfig.cpp:157:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&settings, sizeof(settings)-1);
data/aseba-1.6.99+dfsg/aseba/clients/thymiownetconfig/ThymioWNetConfig.cpp:205:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&settings, sizeof(settings)-1);
data/aseba-1.6.99+dfsg/aseba/clients/thymiownetconfig/ThymioWNetConfig.cpp:212:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&settings, sizeof(settings)-1);
data/aseba-1.6.99+dfsg/aseba/clients/thymiownetconfig/ThymioWNetConfig.cpp:219:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&settings, sizeof(settings)-1);
data/aseba-1.6.99+dfsg/aseba/clients/thymiownetconfig/ThymioWNetConfig.cpp:238:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&settings, sizeof(settings)-1);
data/aseba-1.6.99+dfsg/aseba/clients/thymiownetconfig/thymiownetconfig-cli.c:201:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = read(fd, &settings, sizeof(settings) - 1);
data/aseba-1.6.99+dfsg/aseba/common/msg/msg.cpp:184:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&len, 2);
data/aseba-1.6.99+dfsg/aseba/common/msg/msg.cpp:186:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&source, 2);
data/aseba-1.6.99+dfsg/aseba/common/msg/msg.cpp:188:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&type, 2);
data/aseba-1.6.99+dfsg/aseba/common/msg/msg.cpp:195:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&buffer.rawData[0], len);
data/aseba-1.6.99+dfsg/aseba/common/utils/BootloaderInterface.cpp:116:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(data, 2048);
data/aseba-1.6.99+dfsg/aseba/common/utils/BootloaderInterface.cpp:219:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
hexFile.read(fileName);
data/aseba-1.6.99+dfsg/aseba/common/utils/HexFile.cpp:84:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void HexFile::read(const std::string &fileName)
data/aseba-1.6.99+dfsg/aseba/common/utils/HexFile.h:98:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(const std::string &fileName);
data/aseba-1.6.99+dfsg/aseba/common/utils/utils.cpp:106:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
timeString[strlen(timeString) - 1] = 0;
data/aseba-1.6.99+dfsg/aseba/switches/http/http.cpp:126:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&c, 1);
data/aseba-1.6.99+dfsg/aseba/switches/http/http.cpp:1708:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(buffer, content_length);
data/aseba-1.6.99+dfsg/aseba/switches/http/main.cpp:128:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
network.aeslLoadMemory(nodeId, failsafe,strlen(failsafe));
data/aseba-1.6.99+dfsg/aseba/switches/http2/HttpInterfaceHandlers.cpp:550:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f.read(buffer, bufferSize);
data/aseba-1.6.99+dfsg/aseba/switches/http2/HttpRequest.cpp:208:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&c, 1);
data/aseba-1.6.99+dfsg/aseba/switches/http2/HttpRequest.cpp:217:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(buffer, size);
data/aseba-1.6.99+dfsg/aseba/targets/challenge/challenge.cpp:257:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&temp, 2);
data/aseba-1.6.99+dfsg/aseba/targets/challenge/challenge.cpp:259:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&temp, 2);
data/aseba-1.6.99+dfsg/aseba/targets/challenge/challenge.cpp:262:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&lastMessageData[0], lastMessageData.size());
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:466:2: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(error_string, file, 200);
data/aseba-1.6.99+dfsg/aseba/targets/dspic33/skel.c:467:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(error_string, ":");
data/aseba-1.6.99+dfsg/aseba/targets/dummy/dummynode.cpp:102:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(mutableName, "dummynode-0", 12);
data/aseba-1.6.99+dfsg/aseba/targets/dummy/dummynode.cpp:203:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&temp, 2);
data/aseba-1.6.99+dfsg/aseba/targets/dummy/dummynode.cpp:205:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&temp, 2);
data/aseba-1.6.99+dfsg/aseba/targets/dummy/dummynode.cpp:208:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&lastMessageData[0], lastMessageData.size());
data/aseba-1.6.99+dfsg/aseba/targets/enki-marxbot/AsebaMarxbot.h:68:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&temp, 2);
data/aseba-1.6.99+dfsg/aseba/targets/enki-marxbot/AsebaMarxbot.h:70:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&temp, 2);
data/aseba-1.6.99+dfsg/aseba/targets/enki-marxbot/AsebaMarxbot.h:73:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&data[0], data.size());
data/aseba-1.6.99+dfsg/aseba/targets/playground/DashelAsebaGlue.cpp:91:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&c, 1);
data/aseba-1.6.99+dfsg/aseba/targets/playground/DashelAsebaGlue.cpp:101:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&temp, 2);
data/aseba-1.6.99+dfsg/aseba/targets/playground/DashelAsebaGlue.cpp:103:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&temp, 2);
data/aseba-1.6.99+dfsg/aseba/targets/playground/DashelAsebaGlue.cpp:106:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&lastMessageData[0], lastMessageData.size());
data/aseba-1.6.99+dfsg/aseba/targets/playground/robots/thymio2/Thymio2-natives.cpp:370:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
thymio2->sdCardFile.read(reinterpret_cast<char*>(&vm->variables[dataAddr]), dataLength*2);
data/aseba-1.6.99+dfsg/aseba/transport/buffer/vm-buffer.c:64:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint16_t len = strlen(s);
data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/android.cpp:140:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void AndroidStream::read(void *data, size_t size)
data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/android.h:16:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void read(void *data, size_t size);
data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/socketcan.cpp:123:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(ifName.c_str()) >= IFNAMSIZ)
data/aseba-1.6.99+dfsg/aseba/transport/dashel_plugins/socketcan.cpp:394:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void read(void *data, size_t size)
data/aseba-1.6.99+dfsg/aseba/vm/vm.c:536:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
uint16_t msgLen = strlen(message);
data/aseba-1.6.99+dfsg/examples/clients/cpp-qt-dbus/dbusinterface.cpp:65:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read >> values;
data/aseba-1.6.99+dfsg/examples/clients/cpp-shell/shell.cpp:157:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stream->read(&c, 1);
data/aseba-1.6.99+dfsg/examples/switches/botspeak/botspeak.cpp:369:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = stream->read<uint8_t>()) != '\r')
data/aseba-1.6.99+dfsg/examples/switches/botspeak/botspeak.cpp:380:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = stream->read<uint8_t>();
data/aseba-1.6.99+dfsg/tests/compiler/asebatest.cpp:438:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ifs.read(&utf8Source[0], length);
data/aseba-1.6.99+dfsg/tests/simulator/aseba-test-simulator.cpp:220:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (!equal(expected.begin(), expected.end(), &thymio->variables.freeSpace[0]))
data/aseba-1.6.99+dfsg/third_party/avahi-compat-libdns_sd/compat.c:305:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s[strlen(s)-1] == '.')
data/aseba-1.6.99+dfsg/third_party/avahi-compat-libdns_sd/compat.c:318:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((r = read(fd, &command, 1)) != 1) {
data/aseba-1.6.99+dfsg/third_party/avahi-compat-libdns_sd/compat.c:809:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(full_name, ".");
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:9192:36: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static_cast<void>(std::getchar());
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:9197:36: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static_cast<void>(std::getchar());
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:9478:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return s.size() >= prefix.size() && std::equal(prefix.begin(), prefix.end(), s.begin());
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:9484:50: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return s.size() >= suffix.size() && std::equal(suffix.rbegin(), suffix.rend(), s.rbegin());
data/aseba-1.6.99+dfsg/third_party/catch2/include/catch2/catch.hpp:9558:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
: StringRef( rawChars, static_cast<StringRef::size_type>(std::strlen(rawChars) ) )
ANALYSIS SUMMARY:
Hits = 262
Lines analyzed = 82120 in approximately 2.41 seconds (34008 lines/second)
Physical Source Lines of Code (SLOC) = 59629
Hits@level = [0] 27 [1] 61 [2] 174 [3] 7 [4] 20 [5] 0
Hits@level+ = [0+] 289 [1+] 262 [2+] 201 [3+] 27 [4+] 20 [5+] 0
Hits/KSLOC@level+ = [0+] 4.84664 [1+] 4.39384 [2+] 3.37084 [3+] 0.4528 [4+] 0.335407 [5+] 0
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.