Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/aufs-5.2+20190909/fs/aufs/aufs.h Examining data/aufs-5.2+20190909/fs/aufs/branch.c Examining data/aufs-5.2+20190909/fs/aufs/branch.h Examining data/aufs-5.2+20190909/fs/aufs/cpup.c Examining data/aufs-5.2+20190909/fs/aufs/cpup.h Examining data/aufs-5.2+20190909/fs/aufs/dbgaufs.c Examining data/aufs-5.2+20190909/fs/aufs/dbgaufs.h Examining data/aufs-5.2+20190909/fs/aufs/dcsub.c Examining data/aufs-5.2+20190909/fs/aufs/dcsub.h Examining data/aufs-5.2+20190909/fs/aufs/debug.c Examining data/aufs-5.2+20190909/fs/aufs/debug.h Examining data/aufs-5.2+20190909/fs/aufs/dentry.c Examining data/aufs-5.2+20190909/fs/aufs/dentry.h Examining data/aufs-5.2+20190909/fs/aufs/dinfo.c Examining data/aufs-5.2+20190909/fs/aufs/dir.c Examining data/aufs-5.2+20190909/fs/aufs/dir.h Examining data/aufs-5.2+20190909/fs/aufs/dirren.c Examining data/aufs-5.2+20190909/fs/aufs/dirren.h Examining data/aufs-5.2+20190909/fs/aufs/dynop.c Examining data/aufs-5.2+20190909/fs/aufs/dynop.h Examining data/aufs-5.2+20190909/fs/aufs/export.c Examining data/aufs-5.2+20190909/fs/aufs/f_op.c Examining data/aufs-5.2+20190909/fs/aufs/fhsm.c Examining data/aufs-5.2+20190909/fs/aufs/file.c Examining data/aufs-5.2+20190909/fs/aufs/file.h Examining data/aufs-5.2+20190909/fs/aufs/finfo.c Examining data/aufs-5.2+20190909/fs/aufs/fstype.h Examining data/aufs-5.2+20190909/fs/aufs/hbl.h Examining data/aufs-5.2+20190909/fs/aufs/hfsnotify.c Examining data/aufs-5.2+20190909/fs/aufs/hfsplus.c Examining data/aufs-5.2+20190909/fs/aufs/hnotify.c Examining data/aufs-5.2+20190909/fs/aufs/i_op.c Examining data/aufs-5.2+20190909/fs/aufs/i_op_add.c Examining data/aufs-5.2+20190909/fs/aufs/i_op_del.c Examining data/aufs-5.2+20190909/fs/aufs/i_op_ren.c Examining data/aufs-5.2+20190909/fs/aufs/iinfo.c Examining data/aufs-5.2+20190909/fs/aufs/inode.c Examining data/aufs-5.2+20190909/fs/aufs/inode.h Examining data/aufs-5.2+20190909/fs/aufs/ioctl.c Examining data/aufs-5.2+20190909/fs/aufs/lcnt.h Examining data/aufs-5.2+20190909/fs/aufs/loop.c Examining data/aufs-5.2+20190909/fs/aufs/loop.h Examining data/aufs-5.2+20190909/fs/aufs/module.c Examining data/aufs-5.2+20190909/fs/aufs/module.h Examining data/aufs-5.2+20190909/fs/aufs/mvdown.c Examining data/aufs-5.2+20190909/fs/aufs/opts.c Examining data/aufs-5.2+20190909/fs/aufs/opts.h Examining data/aufs-5.2+20190909/fs/aufs/plink.c Examining data/aufs-5.2+20190909/fs/aufs/poll.c Examining data/aufs-5.2+20190909/fs/aufs/posix_acl.c Examining data/aufs-5.2+20190909/fs/aufs/procfs.c Examining data/aufs-5.2+20190909/fs/aufs/rdu.c Examining data/aufs-5.2+20190909/fs/aufs/rwsem.h Examining data/aufs-5.2+20190909/fs/aufs/sbinfo.c Examining data/aufs-5.2+20190909/fs/aufs/super.c Examining data/aufs-5.2+20190909/fs/aufs/super.h Examining data/aufs-5.2+20190909/fs/aufs/sysaufs.c Examining data/aufs-5.2+20190909/fs/aufs/sysaufs.h Examining data/aufs-5.2+20190909/fs/aufs/sysfs.c Examining data/aufs-5.2+20190909/fs/aufs/sysrq.c Examining data/aufs-5.2+20190909/fs/aufs/vdir.c Examining data/aufs-5.2+20190909/fs/aufs/vfsub.c Examining data/aufs-5.2+20190909/fs/aufs/vfsub.h Examining data/aufs-5.2+20190909/fs/aufs/wbr_policy.c Examining data/aufs-5.2+20190909/fs/aufs/whout.c Examining data/aufs-5.2+20190909/fs/aufs/whout.h Examining data/aufs-5.2+20190909/fs/aufs/wkq.c Examining data/aufs-5.2+20190909/fs/aufs/wkq.h Examining data/aufs-5.2+20190909/fs/aufs/xattr.c Examining data/aufs-5.2+20190909/fs/aufs/xino.c Examining data/aufs-5.2+20190909/include/uapi/linux/aufs_type.h FINAL RESULTS: data/aufs-5.2+20190909/fs/aufs/dbgaufs.c:167:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p->a, str); data/aufs-5.2+20190909/fs/aufs/dbgaufs.c:332:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(name, sizeof(name), DbgaufsXi_PREFIX "%d", bindex); data/aufs-5.2+20190909/fs/aufs/dbgaufs.c:334:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(name, sizeof(name), DbgaufsXi_PREFIX "%d-%u", data/aufs-5.2+20190909/fs/aufs/dirren.c:738:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(w->whname, AUFS_WH_DR_INFO_PFX); data/aufs-5.2+20190909/fs/aufs/super.c:129:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(p, append); data/aufs-5.2+20190909/fs/aufs/sysaufs.h:61:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(name, SysaufsSiNameLen, SysaufsSiNamePrefix "%lx", data/aufs-5.2+20190909/fs/aufs/sysfs.c:38:8: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. err = snprintf(buf, PAGE_SIZE, conf); data/aufs-5.2+20190909/fs/aufs/sysfs.c:362:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(br_sysfs[AuBrSysfs_BR].name, sizeof(br_sysfs->name), data/aufs-5.2+20190909/fs/aufs/sysfs.c:364:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(br_sysfs[AuBrSysfs_BRID].name, sizeof(br_sysfs->name), data/aufs-5.2+20190909/fs/aufs/xino.c:1676:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(p, "/" AUFS_XINO_FNAME); data/aufs-5.2+20190909/fs/aufs/branch.h:95:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[16]; data/aufs-5.2+20190909/fs/aufs/dbgaufs.c:36:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a[20 * 4]; data/aufs-5.2+20190909/fs/aufs/dbgaufs.c:230:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *p, a[sizeof(DbgaufsXi_PREFIX) + 8]; data/aufs-5.2+20190909/fs/aufs/dbgaufs.c:246:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a, name->name, name->len); data/aufs-5.2+20190909/fs/aufs/dbgaufs.c:329:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[sizeof(DbgaufsXi_PREFIX) + 8]; data/aufs-5.2+20190909/fs/aufs/dbgaufs.c:464:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[SysaufsSiNameLen]; data/aufs-5.2+20190909/fs/aufs/debug.c:47:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. return sprintf(buffer, "%d", atomic_read(a)); data/aufs-5.2+20190909/fs/aufs/debug.c:238:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a[32]; data/aufs-5.2+20190909/fs/aufs/debug.h:184:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sym[KSYM_SYMBOL_LEN]; \ data/aufs-5.2+20190909/fs/aufs/dentry.c:854:56: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). unsigned char plus, unhashed, is_root, h_plus, h_nfs, tmpfile; data/aufs-5.2+20190909/fs/aufs/dentry.c:900:16: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). || (!tmpfile && !dirren data/aufs-5.2+20190909/fs/aufs/dentry.c:945:36: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (unlikely(plus != h_plus && !tmpfile)) data/aufs-5.2+20190909/fs/aufs/dir.h:41:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char name[0]; data/aufs-5.2+20190909/fs/aufs/dirren.c:499:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(drinfo->oldname, qname->name, qname->len); data/aufs-5.2+20190909/fs/aufs/dirren.c:596:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char whname[sizeof(AUFS_WH_DR_INFO_PFX) + AUFS_DIRREN_ENV_VAL_SZ]; data/aufs-5.2+20190909/fs/aufs/dirren.c:792:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(w->fdata->drinfo.oldname, data/aufs-5.2+20190909/fs/aufs/dirren.c:1072:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char whname[sizeof(AUFS_WH_DR_INFO_PFX) + AUFS_DIRREN_ENV_VAL_SZ] data/aufs-5.2+20190909/fs/aufs/export.c:95:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comm[sizeof(tsk->comm)]; data/aufs-5.2+20190909/fs/aufs/export.c:362:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(a->name, name, namelen); data/aufs-5.2+20190909/fs/aufs/file.c:250:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). err = args->open(file, vfsub_file_flags(file), NULL); data/aufs-5.2+20190909/fs/aufs/file.c:253:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). err = args->open(file, vfsub_file_flags(file), data/aufs-5.2+20190909/fs/aufs/file.h:81:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int (*open)(struct file *file, int flags, data/aufs-5.2+20190909/fs/aufs/hnotify.c:636:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, h_child_name, len); data/aufs-5.2+20190909/fs/aufs/i_op_add.c:465:29: [2] (tmpfile) tmpfile: Function tmpfile() has a security flaw on some systems (e.g., older System V systems) (CWE-377). if (unlikely(!h_dir->i_op->tmpfile)) data/aufs-5.2+20190909/fs/aufs/loop.c:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char c, comm[sizeof(tsk->comm)]; data/aufs-5.2+20190909/fs/aufs/module.c:61:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, p, new_sz); data/aufs-5.2+20190909/fs/aufs/module.c:162:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char au_esc_chars[0x20 + 3]; /* 0x01-0x20, backslash, del, and NULL */ data/aufs-5.2+20190909/fs/aufs/module.c:193:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aufs_iop_nogetattr, aufs_iop, sizeof(aufs_iop)); data/aufs-5.2+20190909/fs/aufs/opts.c:301:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, p, sz + 1); data/aufs-5.2+20190909/fs/aufs/opts.c:311:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, p, sz + 1); data/aufs-5.2+20190909/fs/aufs/opts.c:387:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, p, sz + 1); data/aufs-5.2+20190909/fs/aufs/opts.c:393:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(q, attr.a, sz + 1); data/aufs-5.2+20190909/fs/aufs/plink.c:239:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a[PLINK_NAME_LEN]; data/aufs-5.2+20190909/fs/aufs/plink.c:336:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a[PLINK_NAME_LEN]; data/aufs-5.2+20190909/fs/aufs/procfs.c:94:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[3 + sizeof(unsigned long) * 2 + 1]; data/aufs-5.2+20190909/fs/aufs/super.c:137:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[32]; data/aufs-5.2+20190909/fs/aufs/vdir.c:267:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(str->name, name, nlen); data/aufs-5.2+20190909/fs/aufs/vdir.c:341:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(room->de->de_str.name, name, nlen); data/aufs-5.2+20190909/fs/aufs/vdir.c:530:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, AUFS_WH_PFX, AUFS_WH_PFX_LEN); data/aufs-5.2+20190909/fs/aufs/vdir.c:536:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, destr->name, destr->len); data/aufs-5.2+20190909/fs/aufs/vdir.c:718:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tgt->vd_deblk[0], src->vd_deblk[0], deblk_sz); data/aufs-5.2+20190909/fs/aufs/whout.c:53:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, AUFS_WH_PFX, AUFS_WH_PFX_LEN); data/aufs-5.2+20190909/fs/aufs/whout.c:54:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p + AUFS_WH_PFX_LEN, name->name, name->len); data/aufs-5.2+20190909/fs/aufs/whout.c:123:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char defname[NAME_MAX - AUFS_MAX_NAMELEN + DNAME_INLINE_LEN + 1], data/aufs-5.2+20190909/fs/aufs/whout.c:144:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, AUFS_WH_PFX AUFS_WH_PFX, AUFS_WH_PFX_LEN * 2); data/aufs-5.2+20190909/fs/aufs/whout.c:146:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, prefix->name, prefix->len); data/aufs-5.2+20190909/fs/aufs/whout.c:153:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(p, "%.*x", AUFS_WH_TMP_LEN, cnt++); data/aufs-5.2+20190909/fs/aufs/whout.c:845:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, AUFS_WH_PFX, AUFS_WH_PFX_LEN); data/aufs-5.2+20190909/fs/aufs/whout.c:856:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p, str->name, str->len); data/aufs-5.2+20190909/include/uapi/linux/aufs_type.h:212:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a[AuBrPermStrSz]; data/aufs-5.2+20190909/include/uapi/linux/aufs_type.h:290:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[0]; data/aufs-5.2+20190909/include/uapi/linux/aufs_type.h:431:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char _spacer[4096]; data/aufs-5.2+20190909/include/uapi/linux/aufs_type.h:435:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[0]; data/aufs-5.2+20190909/fs/aufs/dbgaufs.c:338:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). struct qstr qstr = QSTR_INIT(name, strlen(name)); data/aufs-5.2+20190909/fs/aufs/export.c:477:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n = strlen(p); data/aufs-5.2+20190909/fs/aufs/export.c:489:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = d_path(&path, buf, len - strlen(p)); data/aufs-5.2+20190909/fs/aufs/export.c:494:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p[strlen(p)] = '/'; data/aufs-5.2+20190909/fs/aufs/opts.c:300:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sz = strlen(p); data/aufs-5.2+20190909/fs/aufs/opts.c:310:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sz = strlen(p); data/aufs-5.2+20190909/fs/aufs/opts.c:386:7: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sz = strlen(p); data/aufs-5.2+20190909/fs/aufs/opts.c:396:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). AuDebugOn(strlen(str->a) >= sizeof(str->a)); data/aufs-5.2+20190909/fs/aufs/super.c:130:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). AuDebugOn(strlen(fmt) >= len); data/aufs-5.2+20190909/fs/aufs/wkq.c:190:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (p->read) data/aufs-5.2+20190909/fs/aufs/xattr.c:165:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p += strlen(p) + 1; ANALYSIS SUMMARY: Hits = 74 Lines analyzed = 35702 in approximately 0.88 seconds (40580 lines/second) Physical Source Lines of Code (SLOC) = 27252 Hits@level = [0] 14 [1] 11 [2] 53 [3] 0 [4] 10 [5] 0 Hits@level+ = [0+] 88 [1+] 74 [2+] 63 [3+] 10 [4+] 10 [5+] 0 Hits/KSLOC@level+ = [0+] 3.22912 [1+] 2.7154 [2+] 2.31176 [3+] 0.366946 [4+] 0.366946 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.