Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libbackuppc-xs-perl-0.62/bpc_attribCache.c Examining data/libbackuppc-xs-perl-0.62/bpc_fileZIO.c Examining data/libbackuppc-xs-perl-0.62/backuppc.h Examining data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c Examining data/libbackuppc-xs-perl-0.62/bpc_lib.c Examining data/libbackuppc-xs-perl-0.62/rsync.h Examining data/libbackuppc-xs-perl-0.62/bpc_dirOps.c Examining data/libbackuppc-xs-perl-0.62/bpc_hashtable.c Examining data/libbackuppc-xs-perl-0.62/byteorder.h Examining data/libbackuppc-xs-perl-0.62/ppport.h Examining data/libbackuppc-xs-perl-0.62/zlib/compress.c Examining data/libbackuppc-xs-perl-0.62/zlib/inffast.h Examining data/libbackuppc-xs-perl-0.62/zlib/trees.h Examining data/libbackuppc-xs-perl-0.62/zlib/crc32.c Examining data/libbackuppc-xs-perl-0.62/zlib/zutil.h Examining data/libbackuppc-xs-perl-0.62/zlib/zlib.h Examining data/libbackuppc-xs-perl-0.62/zlib/zutil.c Examining data/libbackuppc-xs-perl-0.62/zlib/deflate.h Examining data/libbackuppc-xs-perl-0.62/zlib/adler32.c Examining data/libbackuppc-xs-perl-0.62/zlib/inffast.c Examining data/libbackuppc-xs-perl-0.62/zlib/zconf.h Examining data/libbackuppc-xs-perl-0.62/zlib/trees.c Examining data/libbackuppc-xs-perl-0.62/zlib/inflate.c Examining data/libbackuppc-xs-perl-0.62/zlib/inftrees.c Examining data/libbackuppc-xs-perl-0.62/zlib/deflate.c Examining data/libbackuppc-xs-perl-0.62/zlib/inflate.h Examining data/libbackuppc-xs-perl-0.62/zlib/inffixed.h Examining data/libbackuppc-xs-perl-0.62/zlib/crc32.h Examining data/libbackuppc-xs-perl-0.62/zlib/inftrees.h Examining data/libbackuppc-xs-perl-0.62/bpc_attrib.c Examining data/libbackuppc-xs-perl-0.62/bpc_fileDigest.c Examining data/libbackuppc-xs-perl-0.62/md5/mdigest.h Examining data/libbackuppc-xs-perl-0.62/md5/md5.c Examining data/libbackuppc-xs-perl-0.62/bpc_refCount.c FINAL RESULTS: data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:779:13: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(poolPath, 0444); data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:824:13: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. chmod(poolPath, 0444); data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:876:35: [5] (race) chmod: This accepts filename arguments; if an attacker can move those files, a race condition results. (CWE-362). Use fchmod( ) instead. if ( !stat(poolPath, &st) && !chmod(poolPath, st.st_mode & ~S_IXOTH & ~S_IFMT) ) { data/libbackuppc-xs-perl-0.62/bpc_attrib.c:745:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(attribDirPath, attribPath); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:804:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(attribPathTemp, attribPath); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:847:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(attribPathNew, attribPath); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1323:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(attribPathTemp, attribPath); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:140:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fileName, ac->shareNameUM); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:147:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dir, ac->shareName); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:154:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fileName, p+1); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:159:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fileName, path); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:213:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(attr->key.key, attribPath); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:348:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(attr->key.key, attribPath); data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:121:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dirList + dirListLen, dp->d_name); data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:205:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dirList + dirListLen, dp->d_name); data/libbackuppc-xs-perl-0.62/bpc_lib.c:294:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. strLen = vsnprintf(LogData.mesg + LogData.mesgLen + pad, LogData.mesgSize - LogData.mesgLen - pad, fmt, args); data/libbackuppc-xs-perl-0.62/bpc_lib.c:303:18: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. strLen = vsnprintf(LogData.mesg + LogData.mesgLen + pad, LogData.mesgSize - LogData.mesgLen - pad, fmt, args); data/libbackuppc-xs-perl-0.62/bpc_lib.c:340:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. strLen = vsnprintf(LogData.mesg + LogData.mesgLen + pad, LogData.mesgSize - LogData.mesgLen - pad, fmt, args); data/libbackuppc-xs-perl-0.62/bpc_lib.c:349:18: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. strLen = vsnprintf(LogData.mesg + LogData.mesgLen + pad, LogData.mesgSize - LogData.mesgLen - pad, fmt, args); data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:173:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(info->match[i].fileName, candidateFile->fileName); data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:375:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(candidateFile->fileName, poolPath); data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:428:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(candidateFile->fileName, poolPath); data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:659:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(info->tmpFileName, fileNameTmp); data/libbackuppc-xs-perl-0.62/ppport.h:6890:14: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. retval = vsnprintf(buffer, len, format, ap); data/libbackuppc-xs-perl-0.62/ppport.h:6892:14: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. retval = vsprintf(buffer, format, ap); data/libbackuppc-xs-perl-0.62/ppport.h:6921:5: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. vsprintf(buffer, pat, args); data/libbackuppc-xs-perl-0.62/zlib/zutil.h:202:18: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # if !defined(vsnprintf) && !defined(NO_vsnprintf) data/libbackuppc-xs-perl-0.62/zlib/zutil.h:203:15: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define vsnprintf _vsnprintf data/libbackuppc-xs-perl-0.62/zlib/zutil.h:249:39: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Trace(x) {if (z_verbose>=0) fprintf x ;} data/libbackuppc-xs-perl-0.62/zlib/zutil.h:250:39: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Tracev(x) {if (z_verbose>0) fprintf x ;} data/libbackuppc-xs-perl-0.62/zlib/zutil.h:251:40: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Tracevv(x) {if (z_verbose>1) fprintf x ;} data/libbackuppc-xs-perl-0.62/zlib/zutil.h:252:48: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;} data/libbackuppc-xs-perl-0.62/zlib/zutil.h:253:49: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;} data/libbackuppc-xs-perl-0.62/backuppc.h:107:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char targetDir[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/backuppc.h:161:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/backuppc.h:171:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/backuppc.h:203:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmpFileName[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/backuppc.h:407:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shareName[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/backuppc.h:409:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char shareNameUM[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/backuppc.h:410:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostName[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/backuppc.h:411:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hostDir[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/backuppc.h:412:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char backupTopDir[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/backuppc.h:413:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char currentDir[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_attrib.c:125:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyCopy[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_attrib.c:132:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(keyCopy, key, keyLen); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:150:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xattr->key.key, key, keyLen); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:170:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xattr->value, value, valueLen); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:186:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(key, xattrSrc->key.key, xattrSrc->key.keyLen); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:187:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(value, xattrSrc->value, xattrSrc->valueLen); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:244:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info->list + info->idx, xattr->key.key, xattr->key.keyLen); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:306:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(file->name, fileName, fileNameLen + 1); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:439:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexStr[BPC_DIGEST_LEN_MAX * 2 + 1]; data/libbackuppc-xs-perl-0.62/bpc_attrib.c:462:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexStr[BPC_DIGEST_LEN_MAX * 2 + 1]; data/libbackuppc-xs-perl-0.62/bpc_attrib.c:496:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info->entries + info->entryIdx, file->name, len); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:644:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(file->digest.digest, bufP, file->digest.len); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:694:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attribPath[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_attrib.c:725:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; data/libbackuppc-xs-perl-0.62/bpc_attrib.c:739:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attribDirPath[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_attrib.c:775:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[256]; data/libbackuppc-xs-perl-0.62/bpc_attrib.c:802:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attribPathTemp[BPC_MAXPATHLEN + 16]; data/libbackuppc-xs-perl-0.62/bpc_attrib.c:805:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(attribPathTemp, "_0"); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:824:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attribPathNew[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_attrib.c:834:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dir->digest.digest, buf + 4, digestLen); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:850:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (fdNum = open(attribPathNew, O_WRONLY | O_CREAT | O_TRUNC, 0660)) < 0 ) { data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1027:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info->bufP, xattr->key.key, xattr->key.keyLen); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1036:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info->bufP, xattr->value, xattr->valueLen); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1058:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bufP, file->name, fileNameLen); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1075:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bufP, file->digest.digest, file->digest.len); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1135:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attribPath[BPC_MAXPATHLEN], attribPathTemp[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1158:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (fdNum = open(attribPathTemp, O_WRONLY | O_CREAT | O_TRUNC, 0660)) < 0 ) { data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1192:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info.bufP, digest.digest, digest.len); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1215:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dir->digest, &digest, sizeof(digest)); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1222:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attribPath[BPC_MAXPATHLEN], attribPathTemp[BPC_MAXPATHLEN], *baseAttribFileName; data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1287:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (fdNum = open(attribPathTemp, O_WRONLY | O_CREAT | O_TRUNC, 0660)) < 0 ) { data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1335:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char deletePath[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1363:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&dir->digest, &digest, sizeof(digest)); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:102:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fullPath[2*BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:142:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(attribPath, "/attrib"); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:190:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir[BPC_MAXPATHLEN], attribPath[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:221:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char topDir[2*BPC_MAXPATHLEN], fullAttribPath[2*BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:327:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attribPath[BPC_MAXPATHLEN], attribDir[BPC_MAXPATHLEN], attribFile[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:355:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inodeDir[2*BPC_MAXPATHLEN], fullAttribPath[2*BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:419:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inodeDir[2*BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:440:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:462:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName[BPC_MAXPATHLEN], indexStr[256]; data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:509:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:521:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indexStr[256]; data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:541:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indexStr[256]; data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:562:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char indexStr[256]; data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:575:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:582:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(path + pathLen, "/x"); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:605:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info->entries + info->entryIdx, file->name, len); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:607:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info->entries + info->entryIdx, &file->inode, sizeof(ino_t)); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:617:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName[BPC_MAXPATHLEN], fullPath[2*BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:630:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(fullPath, "/x"); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:649:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info.entries + info.entryIdx, &inode, sizeof(inode)); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:652:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(info.entries + info.entryIdx, ".."); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:655:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info.entries + info.entryIdx, &inode, sizeof(inode)); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:762:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char attribPath[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:767:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pathDeep[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:768:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName[BPC_MAXPATHLEN], dir[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:78:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filePath[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:169:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filePath[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:283:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (fd = open(lockFile, O_CREAT | O_RDWR, 0660)) < 0 ) { data/libbackuppc-xs-perl-0.62/bpc_fileZIO.c:54:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd->fd = open(fileName, O_WRONLY | O_CREAT | O_TRUNC, 0660); data/libbackuppc-xs-perl-0.62/bpc_fileZIO.c:60:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd->fd = open(fileName, O_WRONLY | O_CREAT | O_TRUNC, 0660); data/libbackuppc-xs-perl-0.62/bpc_fileZIO.c:73:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd->fd = open(fileName, O_RDONLY); data/libbackuppc-xs-perl-0.62/bpc_lib.c:22:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char BPC_TopDir[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_lib.c:23:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char BPC_PoolDir[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_lib.c:24:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char BPC_CPoolDir[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_lib.c:25:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char BPC_PoolDir3[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_lib.c:26:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char BPC_CPoolDir3[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_lib.c:154:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest->digest, emptyFileMD5, sizeof(emptyFileMD5)); data/libbackuppc-xs-perl-0.62/bpc_lib.c:157:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(path, "/dev/null"); data/libbackuppc-xs-perl-0.62/bpc_lib.c:174:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexStr[BPC_DIGEST_LEN_MAX * 2 + 1]; data/libbackuppc-xs-perl-0.62/bpc_lib.c:193:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lenStr[256]; data/libbackuppc-xs-perl-0.62/bpc_lib.c:197:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(lenStr, "%llu", (long long unsigned int)bufferLen); data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:203:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info->buffer + info->bufferIdx, data, dataLen); data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:214:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(info->buffer + info->bufferIdx, data, addTo1MB); data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:261:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexStr_v3[BPC_DIGEST_LEN_MAX * 2 + 1], hexStr[BPC_DIGEST_LEN_MAX * 2 + 1]; data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:267:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexStr[BPC_DIGEST_LEN_MAX * 2 + 1]; data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:306:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexStr_v3[BPC_DIGEST_LEN_MAX * 2 + 1], hexStr[BPC_DIGEST_LEN_MAX * 2 + 1]; data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:312:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexStr[BPC_DIGEST_LEN_MAX * 2 + 1]; data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:321:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char poolPath[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:525:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexStr[BPC_DIGEST_LEN_MAX * 2 + 1]; data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:541:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexStr[BPC_DIGEST_LEN_MAX * 2 + 1]; data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:568:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char path[BPC_MAXPATHLEN], *p; data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:676:21: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (fdWrite = open(poolPath, O_WRONLY | O_CREAT | O_EXCL, 0666)) < 0 ) { data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:681:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (fdRead = open(fileName, O_RDONLY)) < 0 ) { data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:716:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char poolPath[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:746:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lockFile[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:862:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lockFile[BPC_MAXPATHLEN], *p; data/libbackuppc-xs-perl-0.62/bpc_refCount.c:100:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexStr[BPC_DIGEST_LEN_MAX * 2 + 1]; data/libbackuppc-xs-perl-0.62/bpc_refCount.c:119:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexStr[BPC_DIGEST_LEN_MAX * 2 + 1]; data/libbackuppc-xs-perl-0.62/bpc_refCount.c:230:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(out->bufP, info->digest.digest, info->digest.len); data/libbackuppc-xs-perl-0.62/bpc_refCount.c:244:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out.fd = open(fileName, O_WRONLY | O_CREAT | O_TRUNC, 0666); data/libbackuppc-xs-perl-0.62/bpc_refCount.c:249:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dir[BPC_MAXPATHLEN], *p; data/libbackuppc-xs-perl-0.62/bpc_refCount.c:255:22: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out.fd = open(fileName, O_WRONLY | O_CREAT | O_TRUNC, 0666); data/libbackuppc-xs-perl-0.62/bpc_refCount.c:288:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(fileName, O_RDONLY); data/libbackuppc-xs-perl-0.62/bpc_refCount.c:330:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(digest.digest, bufP, digest.len); data/libbackuppc-xs-perl-0.62/bpc_refCount.c:363:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fileName[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_refCount.c:367:16: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (fd = open(fileName, O_CREAT | O_WRONLY, 0660)) < 0 ) { data/libbackuppc-xs-perl-0.62/bpc_refCount.c:403:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tempFileName[BPC_MAXPATHLEN], finalFileName[BPC_MAXPATHLEN]; data/libbackuppc-xs-perl-0.62/bpc_refCount.c:421:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ( (fd = open(tempFileName, O_RDONLY, 0666)) >= 0 ) { data/libbackuppc-xs-perl-0.62/bpc_refCount.c:476:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hexStr[BPC_DIGEST_LEN_MAX * 2 + 1]; data/libbackuppc-xs-perl-0.62/byteorder.h:34:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. #define CVAL(buf,pos) (((unsigned char *)(buf))[pos]) data/libbackuppc-xs-perl-0.62/md5/md5.c:166:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->buffer + left, input, fill); data/libbackuppc-xs-perl-0.62/md5/md5.c:180:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ctx->buffer + left, input, length); data/libbackuppc-xs-perl-0.62/md5/md5.c:251:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char output[33]; data/libbackuppc-xs-perl-0.62/md5/md5.c:268:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(output + j * 2, "%02x", md5sum[j]); data/libbackuppc-xs-perl-0.62/md5/md5.c:283:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!(f = fopen(*++argv, "rb"))) { data/libbackuppc-xs-perl-0.62/ppport.h:3842:42: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define CopyD(s,d,n,t) memcpy((char*)(d),(char*)(s), (n) * sizeof(t)) data/libbackuppc-xs-perl-0.62/ppport.h:6745:24: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. && (xdigit = strchr((char *) PL_hexdigit, s[1]))) data/libbackuppc-xs-perl-0.62/ppport.h:6967:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst + used, src, copy); data/libbackuppc-xs-perl-0.62/ppport.h:6996:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dst, src, copy); data/libbackuppc-xs-perl-0.62/ppport.h:7088:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char octbuf[32] = "%123456789ABCDF"; data/libbackuppc-xs-perl-0.62/ppport.h:7158:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[2]; data/libbackuppc-xs-perl-0.62/zlib/crc32.c:161:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen("crc32.h", "w"); data/libbackuppc-xs-perl-0.62/zlib/inflate.c:572:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hbuf[4]; /* buffer for gzip header crc calculation */ data/libbackuppc-xs-perl-0.62/zlib/inflate.c:1287:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; /* to restore bit buffer to byte string */ data/libbackuppc-xs-perl-0.62/zlib/trees.c:332:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *header = fopen("trees.h", "w"); data/libbackuppc-xs-perl-0.62/zlib/zutil.c:14:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * const z_errmsg[10] = { data/libbackuppc-xs-perl-0.62/zlib/zutil.h:56:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char * const z_errmsg[10]; /* indexed by 2-zlib_error */ data/libbackuppc-xs-perl-0.62/zlib/zutil.h:114:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512") data/libbackuppc-xs-perl-0.62/zlib/zutil.h:176:30: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). # define F_OPEN(name, mode) fopen((name), (mode)) data/libbackuppc-xs-perl-0.62/zlib/zutil.h:233:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define zmemcpy memcpy data/libbackuppc-xs-perl-0.62/bpc_attrib.c:290:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return bpc_hashtable_find(&dir->filesHT, (uchar*)fileName, strlen(fileName), allocate_if_missing); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:298:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int fileNameLen = strlen(fileName); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:386:81: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bpc_attrib_file *file = bpc_hashtable_find(&dir->filesHT, (uchar*)fileName, strlen(fileName), 0); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:488:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ssize_t len = strlen(file->name) + 1; data/libbackuppc-xs-perl-0.62/bpc_attrib.c:738:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int attribFileNameLen = strlen(attribFileName); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:749:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(attribDirPath, "."); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:826:55: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t digestLen = nRead - 4, attribPathLen = strlen(attribPath); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1052:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t fileNameLen = strlen(file->name); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1244:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). baseAttribFileNameLen = strlen(baseAttribFileName); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1255:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). attribPathLen = strlen(attribPath); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1279:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bpc_logErrf("bpc_attrib_dirWrite: path too long (%d, %d, %d)\n", strlen(attribPath), digest.len, sizeof(attribPath)); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1300:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(attribPath + attribPathLen, "0"); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1320:88: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). bpc_logErrf("bpc_attrib_dirWrite: oldDigest path too long (%d, %d, %d)\n", strlen(attribPath), oldDigest->len, sizeof(attribPath)); data/libbackuppc-xs-perl-0.62/bpc_attrib.c:1328:13: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(attribPathTemp + attribPathLen, "0"); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:34:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ac->hostName, hostName, BPC_MAXPATHLEN); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:36:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ac->shareNameUM, shareNameUM, BPC_MAXPATHLEN); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:39:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ac->shareNameLen = strlen(ac->shareName); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:88:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = ac->currentDir + strlen(ac->currentDir) - 1; data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:124:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pathLen = strlen(path); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:128:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(fullPath, path, BPC_MAXPATHLEN); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:141:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(dir, "/"); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:148:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dir += strlen(dir); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:195:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). attribPathLen = strlen(attribPath); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:272:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for ( entry = entries ; entry < entries + entrySize ; entry += strlen(entry) + 1 ) { data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:387:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for ( entry = entries ; entry < entries + entrySize ; entry += strlen(entry) + 1 ) { data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:576:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t pathLen = strlen(path); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:597:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ssize_t len = strlen(file->name) + 1; data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:619:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t pathLen = strlen(path); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:633:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(path, "."); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:646:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(info.entries + info.entryIdx, "."); data/libbackuppc-xs-perl-0.62/bpc_attribCache.c:773:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). info.pathLen = strlen(info.path); data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:41:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = path + strlen(path); data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:59:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). p = path + strlen(path); data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:114:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( dirListLen + strlen(dp->d_name) + 1 >= dirListSize ) { data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:115:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dirListSize = dirListSize * 2 + strlen(dp->d_name); data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:122:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dirListLen += strlen(dp->d_name) + 1; data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:153:82: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for ( dirListP = dirList ; dirListP < dirList + dirListLen ; dirListP += strlen(dirListP) + 1 ) { data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:198:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ( dirListLen + strlen(dp->d_name) + 1 >= dirListSize ) { data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:199:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dirListSize = dirListSize * 2 + strlen(dp->d_name); data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:206:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dirListLen += strlen(dp->d_name) + 1; data/libbackuppc-xs-perl-0.62/bpc_dirOps.c:231:82: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for ( dirListP = dirList ; dirListP < dirList + dirListLen ; dirListP += strlen(dirListP) + 1 ) { data/libbackuppc-xs-perl-0.62/bpc_fileZIO.c:172:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). thisRead = read(fd->fd, buf, nRead); data/libbackuppc-xs-perl-0.62/bpc_fileZIO.c:196:28: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). thisRead = read(fd->fd, fd->strm.next_in + fd->strm.avail_in, maxRead); data/libbackuppc-xs-perl-0.62/bpc_lib.c:160:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(path, compress ? BPC_CPoolDir : BPC_PoolDir, BPC_MAXPATHLEN - 32); data/libbackuppc-xs-perl-0.62/bpc_lib.c:162:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). out = path + strlen(path); data/libbackuppc-xs-perl-0.62/bpc_lib.c:198:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5_update(&md5, (uchar*)lenStr, strlen(lenStr)); data/libbackuppc-xs-perl-0.62/bpc_lib.c:250:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(path); data/libbackuppc-xs-perl-0.62/bpc_poolWrite.c:687:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ( (nRead = read(fdRead, info->buffer, sizeof(info->buffer))) > 0 ) { data/libbackuppc-xs-perl-0.62/bpc_refCount.c:157:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). thisRead = read(fd, buf + *nRead, bufSize - *nRead); data/libbackuppc-xs-perl-0.62/md5/md5.c:265:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). get_md5(md5sum, str, strlen(str)); data/libbackuppc-xs-perl-0.62/ppport.h:5335:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)); data/libbackuppc-xs-perl-0.62/ppport.h:5343:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define sv_vcatpvf(sv, pat, args) sv_vcatpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)) data/libbackuppc-xs-perl-0.62/ppport.h:5347:59: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define sv_vsetpvf(sv, pat, args) sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)) data/libbackuppc-xs-perl-0.62/ppport.h:5367:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vcatpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*)); data/libbackuppc-xs-perl-0.62/ppport.h:5395:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vcatpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*)); data/libbackuppc-xs-perl-0.62/ppport.h:5416:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vcatpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)); \ data/libbackuppc-xs-perl-0.62/ppport.h:5438:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vsetpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*)); data/libbackuppc-xs-perl-0.62/ppport.h:5466:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vsetpvfn(sv, pat, strlen(pat), &args, Null(SV**), 0, Null(bool*)); data/libbackuppc-xs-perl-0.62/ppport.h:5487:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sv_vsetpvfn(sv, pat, strlen(pat), args, Null(SV**), 0, Null(bool*)); \ data/libbackuppc-xs-perl-0.62/ppport.h:5541:65: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). # define HvNAMELEN_get(hv) (HvNAME_get(hv) ? (I32)strlen(HvNAME_get(hv)) : 0) data/libbackuppc-xs-perl-0.62/ppport.h:6339:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). STRLEN len = strlen(radix); data/libbackuppc-xs-perl-0.62/ppport.h:6923:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(buffer); data/libbackuppc-xs-perl-0.62/ppport.h:6963:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). used = strlen(dst); data/libbackuppc-xs-perl-0.62/ppport.h:6964:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(src); data/libbackuppc-xs-perl-0.62/ppport.h:6993:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). length = strlen(src); ANALYSIS SUMMARY: Hits = 231 Lines analyzed = 22888 in approximately 0.83 seconds (27452 lines/second) Physical Source Lines of Code (SLOC) = 13290 Hits@level = [0] 91 [1] 65 [2] 133 [3] 0 [4] 30 [5] 3 Hits@level+ = [0+] 322 [1+] 231 [2+] 166 [3+] 33 [4+] 33 [5+] 3 Hits/KSLOC@level+ = [0+] 24.2287 [1+] 17.3815 [2+] 12.4906 [3+] 2.48307 [4+] 2.48307 [5+] 0.225734 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.