Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/cauchy_01.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/cauchy_02.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/cauchy_03.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/cauchy_04.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/encoder.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/jerasure_01.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/jerasure_02.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/jerasure_03.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/jerasure_04.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/jerasure_05.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/jerasure_06.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/jerasure_07.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/jerasure_08.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/liberation_01.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/reed_sol_01.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/reed_sol_02.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/reed_sol_03.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/reed_sol_04.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/reed_sol_test_gf.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/reed_sol_time_gf.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/test_galois.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/include/cauchy.h
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/include/galois.h
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/include/jerasure.h
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/include/liberation.h
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/include/reed_sol.h
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/include/timing.h
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/src/cauchy.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/src/cauchy_best_r6.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/src/galois.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/src/jerasure.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/src/liberation.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/src/reed_sol.c
Examining data/jerasure-2.0.0+2017.04.10.git.de1739cc84/src/timing.c
FINAL RESULTS:
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:149:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cs1, cs2);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:152:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cs1, argv[1]);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:164:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/Coding/%s_meta.txt", curdir, cs1);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:172:6: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (fscanf(fp, "%s", temp) != 1) {
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:186:6: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (fscanf(fp, "%s", c_tech) != 1) {
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:260:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/Coding/%s_k%0*d%s", curdir, cs1, md, i, extension);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:283:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/Coding/%s_m%0*d%s", curdir, cs1, md, i, extension);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:340:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/Coding/%s_decoded%s", curdir, cs1, extension);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/encoder.c:407:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s1, s2);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/encoder.c:410:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s1, argv[1]);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/encoder.c:541:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/Coding/%s_k%0*d%s", curdir, s1, md, i, extension);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/encoder.c:557:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/Coding/%s_m%0*d%s", curdir, s1, md, i, extension);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/encoder.c:575:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "%s/Coding/%s_meta.txt", curdir, s1);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/cauchy_02.c:101:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
up = (unsigned char *) ptrs[i];
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/cauchy_02.c:181:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dcopy[i], data[i], sizeof(long)*w);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/cauchy_03.c:105:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
up = (unsigned char *) ptrs[i];
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/cauchy_03.c:199:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dcopy[i], data[i], sizeof(long)*w);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/cauchy_04.c:102:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
up = (unsigned char *) ptrs[i];
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/cauchy_04.c:181:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dcopy[i], data[i], sizeof(long)*w);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:82:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *Methods[N] = {"reed_sol_van", "reed_sol_r6_op", "cauchy_orig", "cauchy_good", "liberation", "blaum_roth", "liber8tion", "rdp", "evenodd", "no_coding"};
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:166:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname, "rb");
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:171:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
temp = (char *)malloc(sizeof(char)*(strlen(argv[1])+20));
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:185:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
c_tech = (char *)malloc(sizeof(char)*(strlen(argv[1])+20));
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:219:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "%d", k);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:261:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname, "rb");
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:284:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname, "rb");
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:342:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname, "wb");
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:345:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname, "ab");
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/encoder.c:80:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *Methods[N] = {"reed_sol_van", "reed_sol_r6_op", "cauchy_orig", "cauchy_good", "liberation", "blaum_roth", "liber8tion", "no_coding"};
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/encoder.c:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[5];
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/encoder.c:334:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[1], "rb");
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/encoder.c:422:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "%d", k);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/encoder.c:543:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp2 = fopen(fname, "wb");
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/encoder.c:546:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp2 = fopen(fname, "ab");
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/encoder.c:559:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp2 = fopen(fname, "wb");
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/encoder.c:562:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp2 = fopen(fname, "ab");
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/encoder.c:576:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp2 = fopen(fname, "wb");
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/jerasure_03.c:105:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(matrix_copy, matrix, sizeof(int)*k*k);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/jerasure_03.c:110:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(matrix_copy, matrix, sizeof(int)*k*k);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/jerasure_04.c:104:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bitmatrix_copy, bitmatrix, sizeof(int)*k*w*k*w);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/jerasure_04.c:109:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bitmatrix_copy, bitmatrix, sizeof(int)*k*w*k*w);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/jerasure_06.c:89:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
up = (unsigned char *) ptrs[i];
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/jerasure_07.c:89:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
up = (unsigned char *) ptrs[i];
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/jerasure_08.c:92:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
up = (unsigned char *) ptrs[i];
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/liberation_01.c:90:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
up = (unsigned char *) ptrs[i];
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/reed_sol_01.c:146:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dcopy[i], data[i], sizeof(long));
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/reed_sol_01.c:159:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ccopy[i], coding[i], sizeof(long));
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/reed_sol_01.c:173:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((erasures[i] < k) ? data[erasures[i]] : coding[erasures[i]-k], &l, sizeof(long));
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/reed_sol_03.c:147:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dcopy[i], data[i], sizeof(long));
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/reed_sol_03.c:159:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ccopy[i], coding[i], sizeof(long));
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/reed_sol_03.c:173:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((erasures[i] < k) ? data[erasures[i]] : coding[erasures[i]-k], &l, sizeof(long));
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/reed_sol_04.c:94:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, a32, sizeof(int)*4);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/reed_sol_test_gf.c:166:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_values[i], (erasures[i] < k) ? data[erasures[i]] : coding[erasures[i]-k], BUFSIZE);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/reed_sol_time_gf.c:174:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(old_values[i], (erasures[i] < k) ? data[erasures[i]] : coding[erasures[i]-k], bufsize);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/src/jerasure.c:65:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[30];
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/src/jerasure.c:72:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%u", w2-1);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/src/jerasure.c:354:15: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pptr, dptr, packetsize);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/src/jerasure.c:373:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(parity_ptr, data_ptrs[0], size);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/src/jerasure.c:612:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dptr, sptr, size);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/src/jerasure.c:902:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, bitmatrix+k*w*w*(row_ids[i]-k), k*w*w*sizeof(int));
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/src/jerasure.c:925:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, inverse+k*w*w*row_ids[k+i], sizeof(int)*k*w*w);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/src/jerasure.c:946:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, bitmatrix+drive*k*w*w, sizeof(int)*k*w*w);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/src/jerasure.c:1225:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dptr, sptr, packetsize);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/src/reed_sol.c:155:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(coding_ptrs[0], data_ptrs[0], size);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/src/reed_sol.c:161:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(coding_ptrs[1], data_ptrs[k-1], size);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:145:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cs1 = (char*)malloc(sizeof(char)*strlen(argv[1]));
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:161:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname = (char *)malloc(sizeof(char*)*(100+strlen(argv[1])+20));
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:171:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp = (char *)malloc(sizeof(char)*(strlen(argv[1])+20));
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:185:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
c_tech = (char *)malloc(sizeof(char)*(strlen(argv[1])+20));
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/decoder.c:220:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md = strlen(temp);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/encoder.c:403:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s1 = (char*)malloc(sizeof(char)*(strlen(argv[1])+20));
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/encoder.c:421:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname = (char*)malloc(sizeof(char)*(strlen(argv[1])+strlen(curdir)+20));
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/encoder.c:421:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fname = (char*)malloc(sizeof(char)*(strlen(argv[1])+strlen(curdir)+20));
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/Examples/encoder.c:423:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md = strlen(temp);
data/jerasure-2.0.0+2017.04.10.git.de1739cc84/src/jerasure.c:73:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fw = strlen(s);
ANALYSIS SUMMARY:
Hits = 75
Lines analyzed = 10012 in approximately 0.61 seconds (16371 lines/second)
Physical Source Lines of Code (SLOC) = 7197
Hits@level = [0] 926 [1] 10 [2] 52 [3] 0 [4] 13 [5] 0
Hits@level+ = [0+] 1001 [1+] 75 [2+] 65 [3+] 13 [4+] 13 [5+] 0
Hits/KSLOC@level+ = [0+] 139.086 [1+] 10.421 [2+] 9.03154 [3+] 1.80631 [4+] 1.80631 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.