Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c
Examining data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c
Examining data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.h
Examining data/fosfat-0.4.0-13-ged091bb/libfosgra/fosgra.c
Examining data/fosfat-0.4.0-13-ged091bb/libfosgra/fosgra.h
Examining data/fosfat-0.4.0-13-ged091bb/libw32disk/w32disk.c
Examining data/fosfat-0.4.0-13-ged091bb/libw32disk/w32disk.h
Examining data/fosfat-0.4.0-13-ged091bb/tools/ascii.c
Examining data/fosfat-0.4.0-13-ged091bb/tools/ascii.h
Examining data/fosfat-0.4.0-13-ged091bb/tools/fosread.c
Examining data/fosfat-0.4.0-13-ged091bb/tools/fosrec.c
Examining data/fosfat-0.4.0-13-ged091bb/tools/smascii.c
FINAL RESULTS:
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:165:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (head, mapping);
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:437:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (name, "%s." FOSGRAID ".pbm", files->name);
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:444:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (name, "%s." FOSGRAID ".xpm", files->name);
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:562:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (HELP_TEXT);
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:569:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (VERSION_TEXT);
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:430:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, msg, va);
data/fosfat-0.4.0-13-ged091bb/tools/fosread.c:235:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (HELP_TEXT);
data/fosfat-0.4.0-13-ged091bb/tools/fosread.c:242:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (VERSION_TEXT);
data/fosfat-0.4.0-13-ged091bb/tools/fosrec.c:94:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (HELP_TEXT);
data/fosfat-0.4.0-13-ged091bb/tools/fosrec.c:101:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (VERSION_TEXT);
data/fosfat-0.4.0-13-ged091bb/tools/smascii.c:106:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (HELP_TEXT);
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:608:19: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
next_option = getopt_long (argc, argv, short_options, long_options, NULL);
data/fosfat-0.4.0-13-ged091bb/tools/fosread.c:270:19: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
next_option = getopt_long (argc, argv, short_options, long_options, NULL);
data/fosfat-0.4.0-13-ged091bb/tools/fosrec.c:125:19: [3] (buffer) getopt_long:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
next_option = getopt_long (argc, argv, short_options, long_options, NULL);
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:82:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *it, res[256];
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:138:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char head[1024];
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:139:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapping[512];
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:222:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dec, head + offset, strlen (head) - offset); /* copy header */
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:228:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dec + (strlen (head) - offset), /* copy data */
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:342:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst, link, strlen (link) + 1);
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:378:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (stbuf, st, sizeof (*stbuf));
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:425:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char _path[256];
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:541:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (buf, buf_tmp, size);
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:321:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char conv[16];
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:325:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
res = atoi (conv);
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:381:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dst, src, n);
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:408:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log[32] = "[fosfat] ";
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:418:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (log, "error");
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:422:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (log, "warning");
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:426:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (log, "notice");
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:707:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (blk, buffer + sec_offset (block, fosfat->fosboot),
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:733:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (blk, buffer + sec_offset (block, fosfat->fosboot),
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:767:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (blk, buffer + sec_offset (block, fosfat->fosboot),
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:802:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (blk, buffer + sec_offset (block, fosfat->fosboot),
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:1053:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f_dst = fopen (dst, "w");
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:1100:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (op_buffer + op_inoff, file_d->data + first_pts, cp);
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:1251:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[MAX_SPLIT][FOSFAT_NAMELGT];
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:1352:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_r[FOSFAT_NAMELGT];
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:1365:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (blf_found, &bl_found->file[i], sizeof (*blf_found));
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:1731:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (sysdir->name, "..dir");
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:2152:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fosfat->dev = fopen (dev, "r");
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.h:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FOSFAT_NAMELGT]; /*!< File name. */
data/fosfat-0.4.0-13-ged091bb/libfosgra/fosgra.c:217:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (header, buffer, FOSGRA_IMAGE_HEADER_LENGTH);
data/fosfat-0.4.0-13-ged091bb/tools/fosread.c:33:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[FOSFAT_NAMELGT];
data/fosfat-0.4.0-13-ged091bb/tools/fosread.c:121:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[FOSFAT_NAMELGT];
data/fosfat-0.4.0-13-ged091bb/tools/fosrec.c:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256], path2[256];
data/fosfat-0.4.0-13-ged091bb/tools/smascii.c:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFFER_SIZE];
data/fosfat-0.4.0-13-ged091bb/tools/smascii.c:58:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen (input, "rb");
data/fosfat-0.4.0-13-ged091bb/tools/smascii.c:65:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen (output, "wb");
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:170:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (offset > (signed) strlen (head))
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:172:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
off_t off_conv = offset - strlen (head);
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:207:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t size_conv = size - (strlen (head) - offset);
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:222:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (dec, head + offset, strlen (head) - offset); /* copy header */
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:225:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
COLOR_TO_XPM (dec + (strlen (head) - offset),
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:226:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size - (strlen (head) - offset), 0, start_n)
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:228:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (dec + (strlen (head) - offset), /* copy data */
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:229:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf, size - (strlen (head) - offset));
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:340:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (link) < size)
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:342:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (dst, link, strlen (link) + 1);
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:436:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = calloc (1, strlen (files->name) + strlen (FOSGRAID) + 6);
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:436:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = calloc (1, strlen (files->name) + strlen (FOSGRAID) + 6);
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:443:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = calloc (1, strlen (files->name) + strlen (FOSGRAID) + 6);
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:443:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = calloc (1, strlen (files->name) + strlen (FOSGRAID) + 6);
data/fosfat-0.4.0-13-ged091bb/fosmount/fosmount.c:450:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(name + strlen (name) - 4) = '\0';
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:648:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return file && strlen ((char *) file->name) > 0;
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:1222:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& !strncasecmp (realname, searchname, strlen (realname) - 4)
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:1223:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen (searchname) == strlen (realname) - 4
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:1223:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen (searchname) == strlen (realname) - 4
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:1227:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
!strncasecmp (realname, searchname, strlen (realname))
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:1228:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen (searchname) == strlen (realname)
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:1228:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen (searchname) == strlen (realname)
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:1536:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((it = my_strnchr (start, strlen (start), ':')))
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:1638:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (stat->name, (char *) file->name + 1, sizeof (stat->name));
data/fosfat-0.4.0-13-ged091bb/libfosfat/fosfat.c:1642:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (stat->name, (char *) file->name, sizeof (stat->name));
data/fosfat-0.4.0-13-ged091bb/tools/fosread.c:88:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ginfo->name, name, FOSFAT_NAMELGT - 1);
data/fosfat-0.4.0-13-ged091bb/tools/fosread.c:127:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (filename, file->name, FOSFAT_NAMELGT - 1);
data/fosfat-0.4.0-13-ged091bb/tools/fosrec.c:55:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (location) == 1 && *location == '/')
data/fosfat-0.4.0-13-ged091bb/tools/fosrec.c:63:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*(list->name + strlen (list->name) - 4) = '\0';
ANALYSIS SUMMARY:
Hits = 78
Lines analyzed = 4758 in approximately 0.14 seconds (33512 lines/second)
Physical Source Lines of Code (SLOC) = 2858
Hits@level = [0] 49 [1] 29 [2] 35 [3] 3 [4] 11 [5] 0
Hits@level+ = [0+] 127 [1+] 78 [2+] 49 [3+] 14 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 44.4367 [1+] 27.2918 [2+] 17.1449 [3+] 4.89853 [4+] 3.84885 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.