Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/fpgatools-0.0+201212/autotest.c
Examining data/fpgatools-0.0+201212/bit2fp.c
Examining data/fpgatools-0.0+201212/blinking_led.c
Examining data/fpgatools-0.0+201212/draw_svg_tiles.c
Examining data/fpgatools-0.0+201212/fp2bit.c
Examining data/fpgatools-0.0+201212/hello_world.c
Examining data/fpgatools-0.0+201212/hstrrep.c
Examining data/fpgatools-0.0+201212/libs/bit.h
Examining data/fpgatools-0.0+201212/libs/bit_frames.c
Examining data/fpgatools-0.0+201212/libs/bit_regs.c
Examining data/fpgatools-0.0+201212/libs/control.c
Examining data/fpgatools-0.0+201212/libs/control.h
Examining data/fpgatools-0.0+201212/libs/floorplan.c
Examining data/fpgatools-0.0+201212/libs/floorplan.h
Examining data/fpgatools-0.0+201212/libs/helper.c
Examining data/fpgatools-0.0+201212/libs/helper.h
Examining data/fpgatools-0.0+201212/libs/model.h
Examining data/fpgatools-0.0+201212/libs/model_conns.c
Examining data/fpgatools-0.0+201212/libs/model_devices.c
Examining data/fpgatools-0.0+201212/libs/model_helper.c
Examining data/fpgatools-0.0+201212/libs/model_main.c
Examining data/fpgatools-0.0+201212/libs/model_ports.c
Examining data/fpgatools-0.0+201212/libs/model_switches.c
Examining data/fpgatools-0.0+201212/libs/model_tiles.c
Examining data/fpgatools-0.0+201212/libs/parts.c
Examining data/fpgatools-0.0+201212/libs/parts.h
Examining data/fpgatools-0.0+201212/merge_seq.c
Examining data/fpgatools-0.0+201212/mini-jtag/jtag.c
Examining data/fpgatools-0.0+201212/mini-jtag/jtag.h
Examining data/fpgatools-0.0+201212/mini-jtag/load-bits.c
Examining data/fpgatools-0.0+201212/mini-jtag/load-bits.h
Examining data/fpgatools-0.0+201212/mini-jtag/mini-jtag.c
Examining data/fpgatools-0.0+201212/new_fp.c
Examining data/fpgatools-0.0+201212/pair2net.c
Examining data/fpgatools-0.0+201212/sort_seq.c
FINAL RESULTS:
data/fpgatools-0.0+201212/autotest.c:52:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(line);
data/fpgatools-0.0+201212/autotest.c:62:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tstate->base_name, base_name);
data/fpgatools-0.0+201212/autotest.c:114:7: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
rc = system(tmp);
data/fpgatools-0.0+201212/autotest.c:1261:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lut6_str, "(A6+~A6)*%s", lut5_str);
data/fpgatools-0.0+201212/autotest.c:1924:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmdline_test, param);
data/fpgatools-0.0+201212/autotest.c:1933:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tstate.cmdline_diff_exec, param);
data/fpgatools-0.0+201212/autotest.c:1974:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tstate.cmdline_diff_exec, DEFAULT_DIFF_EXEC);
data/fpgatools-0.0+201212/autotest.c:2007:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tstate.tmp_dir, AUTOTEST_TMP_DIR);
data/fpgatools-0.0+201212/draw_svg_tiles.c:88:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, fpga_tiletype_str(
data/fpgatools-0.0+201212/libs/bit_frames.c:327:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.istandard, IO_LVCMOS25);
data/fpgatools-0.0+201212/libs/bit_frames.c:331:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.istandard, IO_LVCMOS12);
data/fpgatools-0.0+201212/libs/bit_frames.c:335:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.istandard, IO_LVCMOS12_JEDEC);
data/fpgatools-0.0+201212/libs/bit_frames.c:339:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.istandard, IO_SSTL2_I);
data/fpgatools-0.0+201212/libs/bit_frames.c:347:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS25);
data/fpgatools-0.0+201212/libs/bit_frames.c:351:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS33);
data/fpgatools-0.0+201212/libs/bit_frames.c:355:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS33);
data/fpgatools-0.0+201212/libs/bit_frames.c:359:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS33);
data/fpgatools-0.0+201212/libs/bit_frames.c:363:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS33);
data/fpgatools-0.0+201212/libs/bit_frames.c:367:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS33);
data/fpgatools-0.0+201212/libs/bit_frames.c:371:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS33);
data/fpgatools-0.0+201212/libs/bit_frames.c:376:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS25);
data/fpgatools-0.0+201212/libs/bit_frames.c:380:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS25);
data/fpgatools-0.0+201212/libs/bit_frames.c:384:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS25);
data/fpgatools-0.0+201212/libs/bit_frames.c:388:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS25);
data/fpgatools-0.0+201212/libs/bit_frames.c:392:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS25);
data/fpgatools-0.0+201212/libs/bit_frames.c:396:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS25);
data/fpgatools-0.0+201212/libs/bit_frames.c:401:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVTTL);
data/fpgatools-0.0+201212/libs/bit_frames.c:405:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVTTL);
data/fpgatools-0.0+201212/libs/bit_frames.c:409:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVTTL);
data/fpgatools-0.0+201212/libs/bit_frames.c:413:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVTTL);
data/fpgatools-0.0+201212/libs/bit_frames.c:417:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVTTL);
data/fpgatools-0.0+201212/libs/bit_frames.c:421:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVTTL);
data/fpgatools-0.0+201212/libs/bit_frames.c:425:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVTTL);
data/fpgatools-0.0+201212/libs/bit_frames.c:430:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS18);
data/fpgatools-0.0+201212/libs/bit_frames.c:434:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS18);
data/fpgatools-0.0+201212/libs/bit_frames.c:438:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS18);
data/fpgatools-0.0+201212/libs/bit_frames.c:442:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS18);
data/fpgatools-0.0+201212/libs/bit_frames.c:446:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS18);
data/fpgatools-0.0+201212/libs/bit_frames.c:450:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS18);
data/fpgatools-0.0+201212/libs/bit_frames.c:454:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS18);
data/fpgatools-0.0+201212/libs/bit_frames.c:459:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS15);
data/fpgatools-0.0+201212/libs/bit_frames.c:463:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS15);
data/fpgatools-0.0+201212/libs/bit_frames.c:467:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS15);
data/fpgatools-0.0+201212/libs/bit_frames.c:471:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS15);
data/fpgatools-0.0+201212/libs/bit_frames.c:475:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS15);
data/fpgatools-0.0+201212/libs/bit_frames.c:479:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS15);
data/fpgatools-0.0+201212/libs/bit_frames.c:484:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS12);
data/fpgatools-0.0+201212/libs/bit_frames.c:488:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS12);
data/fpgatools-0.0+201212/libs/bit_frames.c:492:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS12);
data/fpgatools-0.0+201212/libs/bit_frames.c:496:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS12);
data/fpgatools-0.0+201212/libs/bit_frames.c:500:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg.ostandard, IO_LVCMOS12);
data/fpgatools-0.0+201212/libs/bit_frames.c:667:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lut5_buf, str);
data/fpgatools-0.0+201212/libs/bit_frames.c:674:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(lut6_buf, str);
data/fpgatools-0.0+201212/libs/bit_regs.c:1171:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cfg->header_str[i-'a'], (char*) &d[inpos + *outdelta + 3]);
data/fpgatools-0.0+201212/libs/control.c:874:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dev->u.iob.istandard, io_std);
data/fpgatools-0.0+201212/libs/control.c:895:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dev->u.iob.ostandard, io_std);
data/fpgatools-0.0+201212/libs/control.c:1442:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
return strcpy(switch_get_buf[last_buf], hash_str);
data/fpgatools-0.0+201212/libs/control.c:1559:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&buf[last_buf][o], fpga_switch_str(model, y, x, set->sw[0], SW_FROM));
data/fpgatools-0.0+201212/libs/control.c:1563:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&buf[last_buf][o],
data/fpgatools-0.0+201212/libs/control.c:1570:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&buf[last_buf][o],
data/fpgatools-0.0+201212/libs/control.c:1575:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&buf[last_buf][o], fpga_switch_str(model, y, x, set->sw[0], SW_TO));
data/fpgatools-0.0+201212/libs/floorplan.c:1038:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp_line, "conn y%i x%i %s ",
data/fpgatools-0.0+201212/libs/floorplan.c:1043:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(&tmp_line[k], "y%i x%i %s\n",
data/fpgatools-0.0+201212/libs/helper.c:46:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(fmt_str, indent_str, i, data[i]);
data/fpgatools-0.0+201212/libs/helper.c:876:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(&line[i+1], 256, fmt, list);
data/fpgatools-0.0+201212/libs/helper.c:1012:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&array->bin_strings[bin][array->bin_len[bin]+BIN_STR_HEADER], str);
data/fpgatools-0.0+201212/libs/helper.c:1148:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(argv[i], scan_str, buf[next_buf]) == 1) {
data/fpgatools-0.0+201212/libs/helper.c:1163:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
if (sscanf(argv[i], buf, &out_int) == 1)
data/fpgatools-0.0+201212/libs/helper.h:19:24: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define OUT_OF_MEM() { fprintf(stderr, \
data/fpgatools-0.0+201212/libs/helper.h:21:32: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define EXIT(expr) if (expr) { fprintf(stderr, \
data/fpgatools-0.0+201212/libs/model_conns.c:826:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(wstr, fpga_connpt_str(model, net->wire+i, y, x, -1, -1));
data/fpgatools-0.0+201212/libs/model_helper.c:23:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(pf_buf[last_buf], sizeof(pf_buf[0]), fmt, list);
data/fpgatools-0.0+201212/libs/model_helper.c:352:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf1, sizeof(buf1), name1, i);
data/fpgatools-0.0+201212/libs/model_helper.c:354:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf2, sizeof(buf2), name2, (start2 & COUNT_MASK)-(i-start1));
data/fpgatools-0.0+201212/libs/model_helper.c:356:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf2, sizeof(buf2), name2, (start2 & COUNT_MASK)+(i-start1));
data/fpgatools-0.0+201212/libs/model_helper.c:962:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf[last_buf], fpga_wire2str(wire));
data/fpgatools-0.0+201212/libs/model_helper.c:969:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf[last_buf], fpga_wire2str(wire));
data/fpgatools-0.0+201212/libs/model_helper.c:971:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf[last_buf], fpga_wire2str(wire));
data/fpgatools-0.0+201212/libs/model_helper.c:1004:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf[last_buf], fpga_wire2str(wire));
data/fpgatools-0.0+201212/libs/model_helper.c:1011:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf[last_buf], fpga_wire2str(wire));
data/fpgatools-0.0+201212/libs/model_helper.c:1013:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf[last_buf], fpga_wire2str(wire));
data/fpgatools-0.0+201212/libs/model_helper.c:1034:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf[last_buf], fpga_wire2str(wire));
data/fpgatools-0.0+201212/libs/model_helper.c:1041:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf[last_buf], fpga_wire2str(wire));
data/fpgatools-0.0+201212/libs/model_helper.c:1043:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf[last_buf], fpga_wire2str(wire));
data/fpgatools-0.0+201212/merge_seq.c:35:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(line->buf);
data/fpgatools-0.0+201212/merge_seq.c:56:2: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(buf);
data/fpgatools-0.0+201212/pair2net.c:151:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
i = sscanf(line, "%s%s", point_a, point_b);
data/fpgatools-0.0+201212/sort_seq.c:412:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(s_lines[i]);
data/fpgatools-0.0+201212/autotest.c:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdline_diff_exec[1024];
data/fpgatools-0.0+201212/autotest.c:32:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_dir[256];
data/fpgatools-0.0+201212/autotest.c:33:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base_name[256];
data/fpgatools-0.0+201212/autotest.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/fpgatools-0.0+201212/autotest.c:44:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen(path, "r")))
data/fpgatools-0.0+201212/autotest.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024], tmp[1024], prior_fp[1024];
data/fpgatools-0.0+201212/autotest.c:93:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(prior_fp, "/dev/null");
data/fpgatools-0.0+201212/autotest.c:100:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&path[path_base], ".fp");
data/fpgatools-0.0+201212/autotest.c:101:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dest_f = fopen(path, "w");
data/fpgatools-0.0+201212/autotest.c:123:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(&path[path_base], ".diff");
data/fpgatools-0.0+201212/autotest.c:794:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iob_name[32];
data/fpgatools-0.0+201212/autotest.c:1186:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lut6_str[128], lut5_str[128];
data/fpgatools-0.0+201212/autotest.c:1208:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lut6_str, "A%c", i);
data/fpgatools-0.0+201212/autotest.c:1233:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lut6_str, "(A6+~A6)*1");
data/fpgatools-0.0+201212/autotest.c:1238:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lut6_str, "(A6+~A6)*0");
data/fpgatools-0.0+201212/autotest.c:1244:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lut5_str, "A%c", i);
data/fpgatools-0.0+201212/autotest.c:1245:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lut6_str, "(A6+~A6)*A%c", (i == '5') ? '1' : i+1);
data/fpgatools-0.0+201212/autotest.c:1889:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char param[1024], cmdline_test[1024];
data/fpgatools-0.0+201212/bit2fp.c:66:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* fbits = fopen(argv[file_arg], "r");
data/fpgatools-0.0+201212/draw_svg_tiles.c:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[128];
data/fpgatools-0.0+201212/draw_svg_tiles.c:79:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "y%i x%i:", i, j);
data/fpgatools-0.0+201212/fp2bit.c:31:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[1], "r");
data/fpgatools-0.0+201212/fp2bit.c:37:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fbits = fopen(argv[2], "w");
data/fpgatools-0.0+201212/hstrrep.c:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], search_str[1024], replace_str[1024];
data/fpgatools-0.0+201212/hstrrep.c:49:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[2], "r");
data/fpgatools-0.0+201212/hstrrep.c:79:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[1], "r");
data/fpgatools-0.0+201212/libs/bit.h:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header_str[4][MAX_HEADER_STR_LEN];
data/fpgatools-0.0+201212/libs/bit_frames.c:690:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lut6_ml[NUM_LUTS][MAX_LUT_LEN];
data/fpgatools-0.0+201212/libs/bit_frames.c:691:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lut5_ml[NUM_LUTS][MAX_LUT_LEN];
data/fpgatools-0.0+201212/libs/bit_frames.c:692:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lut6_x[NUM_LUTS][MAX_LUT_LEN];
data/fpgatools-0.0+201212/libs/bit_frames.c:693:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lut5_x[NUM_LUTS][MAX_LUT_LEN];
data/fpgatools-0.0+201212/libs/bit_frames.c:2253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bit_str[129];
data/fpgatools-0.0+201212/libs/bit_frames.c:2495:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
from_idx = atoi(&from_found[6]);
data/fpgatools-0.0+201212/libs/bit_frames.c:2496:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
to_idx = atoi(&to_found[5]);
data/fpgatools-0.0+201212/libs/bit_regs.c:635:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bits[512];
data/fpgatools-0.0+201212/libs/bit_regs.c:722:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bit_str[129];
data/fpgatools-0.0+201212/libs/bit_regs.c:748:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bit_str[65];
data/fpgatools-0.0+201212/libs/bit_regs.c:781:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bit_str[64];
data/fpgatools-0.0+201212/libs/bit_regs.c:1361:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cfg->bits.d[offset_in_bits
data/fpgatools-0.0+201212/libs/bit_regs.c:1370:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cfg->bits.d[offset_in_bits],
data/fpgatools-0.0+201212/libs/bit_regs.c:1801:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char padding_frame[FRAME_SIZE];
data/fpgatools-0.0+201212/libs/control.c:420:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[NUM_BUFS][BUF_SIZE];
data/fpgatools-0.0+201212/libs/control.c:639:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*lut_ptr, lut_str, lut_len);
data/fpgatools-0.0+201212/libs/control.c:1429:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char switch_get_buf[NUM_CONNPT_BUFS][CONNPT_BUF_SIZE];
data/fpgatools-0.0+201212/libs/control.c:1469:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[NUM_BUFS][BUF_SIZE];
data/fpgatools-0.0+201212/libs/control.c:1522:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sw_buf[NUM_SW_BUFS][SW_BUF_SIZE];
data/fpgatools-0.0+201212/libs/control.c:1524:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char midstr[64];
data/fpgatools-0.0+201212/libs/control.c:1528:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(midstr, "<->");
data/fpgatools-0.0+201212/libs/control.c:1530:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(midstr, "->");
data/fpgatools-0.0+201212/libs/control.c:1551:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[FMT_SWSET_NUM_BUFS][FMT_SWSET_BUF_SIZE];
data/fpgatools-0.0+201212/libs/control.c:2442:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/fpgatools-0.0+201212/libs/floorplan.c:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref[256];
data/fpgatools-0.0+201212/libs/floorplan.c:202:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->u.iob.istandard, w2, w2_len);
data/fpgatools-0.0+201212/libs/floorplan.c:207:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dev->u.iob.ostandard, w2, w2_len);
data/fpgatools-0.0+201212/libs/floorplan.c:297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref[256];
data/fpgatools-0.0+201212/libs/floorplan.c:490:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmp_str[128];
data/fpgatools-0.0+201212/libs/floorplan.c:666:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref[256];
data/fpgatools-0.0+201212/libs/floorplan.c:757:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref[256];
data/fpgatools-0.0+201212/libs/floorplan.c:837:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pref[256];
data/fpgatools-0.0+201212/libs/floorplan.c:996:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_line[512];
data/fpgatools-0.0+201212/libs/floorplan.c:1121:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/fpgatools-0.0+201212/libs/floorplan.c:1155:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &line[from_beg], from_end-from_beg);
data/fpgatools-0.0+201212/libs/floorplan.c:1172:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &line[to_beg], to_end-to_beg);
data/fpgatools-0.0+201212/libs/floorplan.c:1311:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/fpgatools-0.0+201212/libs/helper.c:14:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[2 /* "0b" */ + 32 + 1 /* '\0' */];
data/fpgatools-0.0+201212/libs/helper.c:28:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fmt_str[16] = "%s@%05x %02x";
data/fpgatools-0.0+201212/libs/helper.c:29:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indent_str[16];
data/fpgatools-0.0+201212/libs/helper.c:222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char a[6]; // 0=A1, 5=A6. value can be 0, 1 or 2 for 'removed'
data/fpgatools-0.0+201212/libs/helper.c:239:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[2048];
data/fpgatools-0.0+201212/libs/helper.c:287:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_term[6];
data/fpgatools-0.0+201212/libs/helper.c:368:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char init_str[65];
data/fpgatools-0.0+201212/libs/helper.c:413:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&init_str[j*2], "%02X", init_byte);
data/fpgatools-0.0+201212/libs/helper.c:434:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&init_str[j*2], "%02X", init_byte);
data/fpgatools-0.0+201212/libs/helper.c:627:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[128], suffix[128];
data/fpgatools-0.0+201212/libs/helper.c:630:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prefix, "f%i ", abs(row));
data/fpgatools-0.0+201212/libs/helper.c:632:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prefix, "r%i ma%i mi%i ", row, major, minor);
data/fpgatools-0.0+201212/libs/helper.c:739:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* statusf = fopen("/proc/self/status", "r");
data/fpgatools-0.0+201212/libs/helper.c:740:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/fpgatools-0.0+201212/libs/helper.c:754:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
random_f = open("/dev/urandom", O_RDONLY);
data/fpgatools-0.0+201212/libs/helper.c:1140:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[NUM_BUFS][BUF_SIZE];
data/fpgatools-0.0+201212/libs/helper.c:1142:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scan_str[128];
data/fpgatools-0.0+201212/libs/helper.c:1158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/fpgatools-0.0+201212/libs/model.h:460:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char IOSTANDARD[32];
data/fpgatools-0.0+201212/libs/model_conns.c:761:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char i_str[MAX_WIRENAME_LEN], j_str[MAX_WIRENAME_LEN];
data/fpgatools-0.0+201212/libs/model_conns.c:818:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wstr[MAX_WIRENAME_LEN];
data/fpgatools-0.0+201212/libs/model_conns.c:3465:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/fpgatools-0.0+201212/libs/model_conns.c:3688:8: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "BRAM_LOGICINB%%i_INT%i", 3-i);
data/fpgatools-0.0+201212/libs/model_conns.c:3846:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *s[4] = { \
data/fpgatools-0.0+201212/libs/model_conns.c:3854:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *s[4] = { \
data/fpgatools-0.0+201212/libs/model_conns.c:3867:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *s[4] = { \
data/fpgatools-0.0+201212/libs/model_conns.c:3880:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *s[4] = { \
data/fpgatools-0.0+201212/libs/model_conns.c:3888:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *s[4] = { \
data/fpgatools-0.0+201212/libs/model_devices.c:400:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_str[128];
data/fpgatools-0.0+201212/libs/model_devices.c:453:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp_str, "LIOB_TOP_PCI_RDY0");
data/fpgatools-0.0+201212/libs/model_devices.c:455:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp_str, "LIOB_BOT_PCI_RDY0");
data/fpgatools-0.0+201212/libs/model_devices.c:457:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp_str, "RIOB_BOT_PCI_RDY0");
data/fpgatools-0.0+201212/libs/model_devices.c:459:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp_str, "RIOB_TOP_PCI_RDY1");
data/fpgatools-0.0+201212/libs/model_helper.c:17:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pf_buf[NUM_PF_BUFS][128];
data/fpgatools-0.0+201212/libs/model_helper.c:30:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[8][128];
data/fpgatools-0.0+201212/libs/model_helper.c:208:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_buf[MAX_WIRENAME_LEN];
data/fpgatools-0.0+201212/libs/model_helper.c:347:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[MAX_WIRENAME_LEN], buf2[MAX_WIRENAME_LEN];
data/fpgatools-0.0+201212/libs/model_helper.c:527:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char from[64], to[64];
data/fpgatools-0.0+201212/libs/model_helper.c:573:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to_tile->conn_point_names, from_tile->conn_point_names, from_tile->num_conn_point_names*2*sizeof(uint16_t));
data/fpgatools-0.0+201212/libs/model_helper.c:578:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to_tile->switches, from_tile->switches, from_tile->num_switches*sizeof(*from_tile->switches));
data/fpgatools-0.0+201212/libs/model_helper.c:936:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[NUM_BUFS][BUF_SIZE];
data/fpgatools-0.0+201212/libs/model_helper.c:1069:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_S");
data/fpgatools-0.0+201212/libs/model_helper.c:1089:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_S");
data/fpgatools-0.0+201212/libs/model_helper.c:1128:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_N");
data/fpgatools-0.0+201212/libs/model_helper.c:1151:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_N");
data/fpgatools-0.0+201212/libs/model_helper.c:1173:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_E");
data/fpgatools-0.0+201212/libs/model_helper.c:1180:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_E");
data/fpgatools-0.0+201212/libs/model_helper.c:1193:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_E");
data/fpgatools-0.0+201212/libs/model_helper.c:1200:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_E");
data/fpgatools-0.0+201212/libs/model_helper.c:1224:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_W");
data/fpgatools-0.0+201212/libs/model_helper.c:1231:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_W");
data/fpgatools-0.0+201212/libs/model_helper.c:1245:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_W");
data/fpgatools-0.0+201212/libs/model_helper.c:1252:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_W");
data/fpgatools-0.0+201212/libs/model_helper.c:1370:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_W");
data/fpgatools-0.0+201212/libs/model_helper.c:1418:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_S");
data/fpgatools-0.0+201212/libs/model_helper.c:1434:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_S");
data/fpgatools-0.0+201212/libs/model_helper.c:1459:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_N");
data/fpgatools-0.0+201212/libs/model_helper.c:1479:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_N");
data/fpgatools-0.0+201212/libs/model_helper.c:1501:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_E");
data/fpgatools-0.0+201212/libs/model_helper.c:1508:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_E");
data/fpgatools-0.0+201212/libs/model_helper.c:1521:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_E");
data/fpgatools-0.0+201212/libs/model_helper.c:1528:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_E");
data/fpgatools-0.0+201212/libs/model_helper.c:1546:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_W");
data/fpgatools-0.0+201212/libs/model_helper.c:1553:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_W");
data/fpgatools-0.0+201212/libs/model_helper.c:1567:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_W");
data/fpgatools-0.0+201212/libs/model_helper.c:1574:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf[last_buf], "_W");
data/fpgatools-0.0+201212/libs/model_helper.c:1590:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[NUM_BUFS][BUF_SIZE];
data/fpgatools-0.0+201212/merge_seq.c:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LINE_LENGTH];
data/fpgatools-0.0+201212/merge_seq.c:31:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[LINE_LENGTH];
data/fpgatools-0.0+201212/merge_seq.c:321:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[1], "r");
data/fpgatools-0.0+201212/merge_seq.c:329:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
last_merge_try = atoi(argv[3]);
data/fpgatools-0.0+201212/mini-jtag/jtag.c:142:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf_bytes[3], (in + i * FTDI_MAX_RW_SIZE), len);
data/fpgatools-0.0+201212/mini-jtag/mini-jtag.c:166:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[2], "r");
data/fpgatools-0.0+201212/pair2net.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024], point_a[1024], point_b[1024];
data/fpgatools-0.0+201212/pair2net.c:144:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[1], "r");
data/fpgatools-0.0+201212/sort_seq.c:17:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s_lines[1000][LINE_LENGTH];
data/fpgatools-0.0+201212/sort_seq.c:390:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[1], "r");
data/fpgatools-0.0+201212/autotest.c:90:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_base = strlen(path);
data/fpgatools-0.0+201212/autotest.c:598:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) < 5
data/fpgatools-0.0+201212/autotest.c:1199:5: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(lut6_str, "0");
data/fpgatools-0.0+201212/autotest.c:1203:5: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(lut6_str, "1");
data/fpgatools-0.0+201212/autotest.c:1234:5: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(lut5_str, "0");
data/fpgatools-0.0+201212/autotest.c:1239:5: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(lut5_str, "1");
data/fpgatools-0.0+201212/autotest.c:1871:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"Output dir: " AUTOTEST_TMP_DIR "\n", argv_0, (int) strlen(argv_0), "");
data/fpgatools-0.0+201212/bit2fp.c:26:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"\n", argv[0], argv[0], (int) strlen(argv[0]), "");
data/fpgatools-0.0+201212/blinking_led.c:42:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
"\n", (int) strlen(*argv), "",
data/fpgatools-0.0+201212/blinking_led.c:43:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) strlen(*argv), "", (int) strlen(*argv), "");
data/fpgatools-0.0+201212/blinking_led.c:43:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) strlen(*argv), "", (int) strlen(*argv), "");
data/fpgatools-0.0+201212/hstrrep.c:58:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(replace_str);
data/fpgatools-0.0+201212/libs/bit_regs.c:1612:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s_len = strlen(s)+1;
data/fpgatools-0.0+201212/libs/control.c:313:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(dev_str[i]) == len
data/fpgatools-0.0+201212/libs/control.c:377:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(iob_pinw_str[i]) == len
data/fpgatools-0.0+201212/libs/control.c:386:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(logic_pinw_str[i]) == len
data/fpgatools-0.0+201212/libs/control.c:638:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (lut_len == ZTERM) lut_len = strlen(lut_str);
data/fpgatools-0.0+201212/libs/control.c:1437:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!hash_str || (strlen(hash_str) >= CONNPT_BUF_SIZE)) {
data/fpgatools-0.0+201212/libs/control.c:1560:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
o += strlen(&buf[last_buf][o]);
data/fpgatools-0.0+201212/libs/control.c:1565:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
o += strlen(&buf[last_buf][o]);
data/fpgatools-0.0+201212/libs/control.c:1572:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
o += strlen(&buf[last_buf][o]);
data/fpgatools-0.0+201212/libs/control.c:1576:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
o += strlen(&buf[last_buf][o]);
data/fpgatools-0.0+201212/libs/floorplan.c:1040:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
k = strlen(tmp_line);
data/fpgatools-0.0+201212/libs/helper.c:207:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str_len = strlen(str);
data/fpgatools-0.0+201212/libs/helper.c:755:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(random_f, &random_num, sizeof(random_num));
data/fpgatools-0.0+201212/libs/helper.c:867:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(line);
data/fpgatools-0.0+201212/libs/helper.c:990:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int str_len = strlen(str);
data/fpgatools-0.0+201212/libs/helper.c:1107:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*argv, *argv, (int) strlen(*argv), "",
data/fpgatools-0.0+201212/libs/helper.c:1108:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) strlen(*argv), "");
data/fpgatools-0.0+201212/libs/model_helper.c:539:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
from_len = strlen(from);
data/fpgatools-0.0+201212/libs/model_helper.c:540:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
to_len = strlen(to);
data/fpgatools-0.0+201212/libs/model_helper.c:1803:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(_str);
data/fpgatools-0.0+201212/libs/model_helper.c:1813:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(&_str[9]);
data/fpgatools-0.0+201212/libs/model_helper.c:1883:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(&_str[8]);
data/fpgatools-0.0+201212/pair2net.c:154:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(point_b);
ANALYSIS SUMMARY:
Hits = 264
Lines analyzed = 30014 in approximately 0.92 seconds (32451 lines/second)
Physical Source Lines of Code (SLOC) = 25528
Hits@level = [0] 702 [1] 35 [2] 141 [3] 0 [4] 88 [5] 0
Hits@level+ = [0+] 966 [1+] 264 [2+] 229 [3+] 88 [4+] 88 [5+] 0
Hits/KSLOC@level+ = [0+] 37.8408 [1+] 10.3416 [2+] 8.97054 [3+] 3.4472 [4+] 3.4472 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.