Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libantlr3c-3.4+dfsg/include/antlr3baserecognizer.h Examining data/libantlr3c-3.4+dfsg/include/antlr3errors.h Examining data/libantlr3c-3.4+dfsg/include/antlr3bitset.h Examining data/libantlr3c-3.4+dfsg/include/antlr3commontreenodestream.h Examining data/libantlr3c-3.4+dfsg/include/antlr3intstream.h Examining data/libantlr3c-3.4+dfsg/include/antlr3treeparser.h Examining data/libantlr3c-3.4+dfsg/include/antlr3defs.h Examining data/libantlr3c-3.4+dfsg/include/antlr3string.h Examining data/libantlr3c-3.4+dfsg/include/antlr3commontreeadaptor.h Examining data/libantlr3c-3.4+dfsg/include/antlr3basetreeadaptor.h Examining data/libantlr3c-3.4+dfsg/include/antlr3input.h Examining data/libantlr3c-3.4+dfsg/include/antlr3debugeventlistener.h Examining data/libantlr3c-3.4+dfsg/include/antlr3parser.h Examining data/libantlr3c-3.4+dfsg/include/antlr3.h Examining data/libantlr3c-3.4+dfsg/include/antlr3encodings.h Examining data/libantlr3c-3.4+dfsg/include/antlr3interfaces.h Examining data/libantlr3c-3.4+dfsg/include/antlr3memory.h Examining data/libantlr3c-3.4+dfsg/include/antlr3tokenstream.h Examining data/libantlr3c-3.4+dfsg/include/antlr3exception.h Examining data/libantlr3c-3.4+dfsg/include/antlr3filestream.h Examining data/libantlr3c-3.4+dfsg/include/antlr3commontoken.h Examining data/libantlr3c-3.4+dfsg/include/antlr3lexer.h Examining data/libantlr3c-3.4+dfsg/include/antlr3cyclicdfa.h Examining data/libantlr3c-3.4+dfsg/include/antlr3parsetree.h Examining data/libantlr3c-3.4+dfsg/include/antlr3commontree.h Examining data/libantlr3c-3.4+dfsg/include/antlr3recognizersharedstate.h Examining data/libantlr3c-3.4+dfsg/include/antlr3collections.h Examining data/libantlr3c-3.4+dfsg/include/antlr3rewritestreams.h Examining data/libantlr3c-3.4+dfsg/include/antlr3basetree.h Examining data/libantlr3c-3.4+dfsg/include/antlr3convertutf.h Examining data/libantlr3c-3.4+dfsg/src/antlr3bitset.c Examining data/libantlr3c-3.4+dfsg/src/antlr3treeparser.c Examining data/libantlr3c-3.4+dfsg/src/antlr3baserecognizer.c Examining data/libantlr3c-3.4+dfsg/src/antlr3exception.c Examining data/libantlr3c-3.4+dfsg/src/antlr3lexer.c Examining data/libantlr3c-3.4+dfsg/src/antlr3commontreenodestream.c Examining data/libantlr3c-3.4+dfsg/src/antlr3cyclicdfa.c Examining data/libantlr3c-3.4+dfsg/src/antlr3encodings.c Examining data/libantlr3c-3.4+dfsg/src/antlr3commontreeadaptor.c Examining data/libantlr3c-3.4+dfsg/src/antlr3parser.c Examining data/libantlr3c-3.4+dfsg/src/antlr3basetreeadaptor.c Examining data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c Examining data/libantlr3c-3.4+dfsg/src/antlr3tokenstream.c Examining data/libantlr3c-3.4+dfsg/src/antlr3rewritestreams.c Examining data/libantlr3c-3.4+dfsg/src/antlr3basetree.c Examining data/libantlr3c-3.4+dfsg/src/antlr3commontree.c Examining data/libantlr3c-3.4+dfsg/src/antlr3commontoken.c Examining data/libantlr3c-3.4+dfsg/src/antlr3inputstream.c Examining data/libantlr3c-3.4+dfsg/src/antlr3filestream.c Examining data/libantlr3c-3.4+dfsg/src/antlr3collections.c Examining data/libantlr3c-3.4+dfsg/src/antlr3intstream.c Examining data/libantlr3c-3.4+dfsg/src/antlr3convertutf.cc Examining data/libantlr3c-3.4+dfsg/src/antlr3string.c Examining data/libantlr3c-3.4+dfsg/antlr3config.h FINAL RESULTS: data/libantlr3c-3.4+dfsg/include/antlr3defs.h:516:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define ANTLR3_PRINTF printf data/libantlr3c-3.4+dfsg/include/antlr3defs.h:524:24: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define ANTLR3_FPRINTF fprintf data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:312:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf (message, "grammar \"%s\n", delboy->grammarFileName->chars); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:554:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "enterRule\t%s\t%s\n", grammarFileName, ruleName); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:576:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "exitRule\t%s\t%s\n", grammarFileName, ruleName); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:767:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "exception\t%s\t%d\t%d\t%d\n", (char *)(e->name), (ANTLR3_INT32)(e->index), e->line, e->charPositionInLine); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:798:19: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. out = buffer + sprintf((char *)buffer, "semanticPredicate\t%s\t", result == ANTLR3_TRUE ? "true" : "false"); data/libantlr3c-3.4+dfsg/include/antlr3defs.h:496:45: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define ANTLR3_MEMCPY(target, source, size) memcpy((void *)(target), (const void *)(source), (size_t)(size)) data/libantlr3c-3.4+dfsg/src/antlr3basetreeadaptor.c:167:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[64]; data/libantlr3c-3.4+dfsg/src/antlr3basetreeadaptor.c:199:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "\tn%p[label=\"", child); data/libantlr3c-3.4+dfsg/src/antlr3basetreeadaptor.c:272:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[128]; data/libantlr3c-3.4+dfsg/src/antlr3basetreeadaptor.c:282:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "\t\tn%p -> n%p\t\t// ", t, child); data/libantlr3c-3.4+dfsg/src/antlr3basetreeadaptor.c:364:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[64]; data/libantlr3c-3.4+dfsg/src/antlr3basetreeadaptor.c:392:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff, "\tn%p[label=\"", theTree); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:209:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char message[256]; data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:310:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (message, "ANTLR %d\n", delboy->PROTOCOL_VERSION); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:550:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:561:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:565:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "enterAlt\t%d\n", alt); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:572:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:583:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:587:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "enterSubRule\t%d\n", decisionNumber); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:594:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:598:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "exitSubRule\t%d\n", decisionNumber); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:605:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:609:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "enterDecision\t%d\n", decisionNumber); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:617:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:621:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "exitDecision\t%d\n", decisionNumber); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:698:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:700:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "mark\t%d\n", (ANTLR3_UINT32)(marker & 0xFFFFFFFF)); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:710:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:712:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "rewind\t%d\n", (ANTLR3_UINT32)(marker & 0xFFFFFFFF)); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:729:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:731:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "beginBacktrack\t%d\n", (ANTLR3_UINT32)(level & 0xFFFFFFFF)); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:741:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:743:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "endBacktrack\t%d\t%d\n", level, successful); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:753:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:755:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "location\t%d\t%d\n", line, pos); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:765:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[256]; data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:910:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:911:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "nilNode\t%d\n", delboy->adaptor->getUniqueID(delboy->adaptor, t)); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:1005:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:1007:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "createNode\t%d\t%d\n", delboy->adaptor->getUniqueID(delboy->adaptor, node), (ANTLR3_UINT32)token->getTokenIndex(token)); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:1015:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:1017:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "becomeRoot\t%d\t%d\n", delboy->adaptor->getUniqueID(delboy->adaptor, newRoot), data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:1027:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:1029:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "addChild\t%d\t%d\n", delboy->adaptor->getUniqueID(delboy->adaptor, root), data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:1038:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:1040:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "becomeRoot\t%d\t%d\t%d\n", delboy->adaptor->getUniqueID(delboy->adaptor, t), data/libantlr3c-3.4+dfsg/src/antlr3filestream.c:406:26: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return (ANTLR3_FDSC)fopen((const char *)filename, mode); data/libantlr3c-3.4+dfsg/src/antlr3string.c:992:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *)newbit, "%d", i); data/libantlr3c-3.4+dfsg/src/antlr3string.c:1001:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *)newbit, "%d", i); data/libantlr3c-3.4+dfsg/src/antlr3string.c:1011:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *)newbit, "%d", i); data/libantlr3c-3.4+dfsg/src/antlr3string.c:1019:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *)newbit, "%d", i); data/libantlr3c-3.4+dfsg/src/antlr3string.c:1319:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi((const char *)(string->chars)); data/libantlr3c-3.4+dfsg/include/antlr3baserecognizer.h:144:13: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. void (*mismatch) (struct ANTLR3_BASE_RECOGNIZER_struct * recognizer, data/libantlr3c-3.4+dfsg/src/antlr3baserecognizer.c:56:17: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static void mismatch (pANTLR3_BASE_RECOGNIZER recognizer, ANTLR3_UINT32 ttype, pANTLR3_BITSET_LIST follow); data/libantlr3c-3.4+dfsg/src/antlr3baserecognizer.c:172:47: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. recognizer->mismatch = mismatch; data/libantlr3c-3.4+dfsg/src/antlr3baserecognizer.c:642:1: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. mismatch(pANTLR3_BASE_RECOGNIZER recognizer, ANTLR3_UINT32 ttype, pANTLR3_BITSET_LIST follow) data/libantlr3c-3.4+dfsg/src/antlr3collections.c:340:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hash = antlr3Hash(key, (ANTLR3_UINT32)strlen((const char *)key)); data/libantlr3c-3.4+dfsg/src/antlr3collections.c:492:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hash = antlr3Hash(key, (ANTLR3_UINT32)strlen((const char *)key)); data/libantlr3c-3.4+dfsg/src/antlr3collections.c:603:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hash = antlr3Hash(key, (ANTLR3_UINT32)strlen((const char *)key)); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:311:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sockSend (delboy->socket, message, (int)strlen(message)); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:313:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sockSend (delboy->socket, message, (int)strlen(message)); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:325:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sockSend(delboy->socket, ptr, (int)strlen(ptr)); data/libantlr3c-3.4+dfsg/src/antlr3debughandlers.c:794:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer = (unsigned char *)ANTLR3_MALLOC(64 + 2*strlen(predicate)); data/libantlr3c-3.4+dfsg/src/antlr3string.c:598:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return factory->newPtr8(factory, ptr, (ANTLR3_UINT32)strlen((const char *)ptr)); data/libantlr3c-3.4+dfsg/src/antlr3string.c:609:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return factory->newPtr8(factory, ptr, (ANTLR3_UINT32)strlen((const char *)ptr)); data/libantlr3c-3.4+dfsg/src/antlr3string.c:803:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (ANTLR3_UINT32)strlen(newbit); data/libantlr3c-3.4+dfsg/src/antlr3string.c:826:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (ANTLR3_UINT32)strlen(newbit); data/libantlr3c-3.4+dfsg/src/antlr3string.c:881:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (ANTLR3_UINT32)strlen(chars); data/libantlr3c-3.4+dfsg/src/antlr3string.c:904:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (ANTLR3_UINT32)strlen(chars); data/libantlr3c-3.4+dfsg/src/antlr3string.c:1033:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (ANTLR3_UINT32)strlen(newbit); data/libantlr3c-3.4+dfsg/src/antlr3string.c:1071:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = (ANTLR3_UINT32)strlen(newbit); data/libantlr3c-3.4+dfsg/src/antlr3treeparser.c:38:16: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static void mismatch (pANTLR3_BASE_RECOGNIZER recognizer, ANTLR3_UINT32 ttype, pANTLR3_BITSET_LIST follow); data/libantlr3c-3.4+dfsg/src/antlr3treeparser.c:83:29: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. parser->rec->mismatch = mismatch; data/libantlr3c-3.4+dfsg/src/antlr3treeparser.c:174:1: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. mismatch (pANTLR3_BASE_RECOGNIZER recognizer, ANTLR3_UINT32 ttype, pANTLR3_BITSET_LIST follow) ANALYSIS SUMMARY: Hits = 77 Lines analyzed = 24685 in approximately 0.77 seconds (32025 lines/second) Physical Source Lines of Code (SLOC) = 11886 Hits@level = [0] 2 [1] 22 [2] 48 [3] 0 [4] 7 [5] 0 Hits@level+ = [0+] 79 [1+] 77 [2+] 55 [3+] 7 [4+] 7 [5+] 0 Hits/KSLOC@level+ = [0+] 6.64647 [1+] 6.47821 [2+] 4.62729 [3+] 0.588928 [4+] 0.588928 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.