stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/libblkmaker-0.5.3/base58.c
Examining data/libblkmaker-0.5.3/blkmaker.c
Examining data/libblkmaker-0.5.3/blkmaker.h
Examining data/libblkmaker-0.5.3/blkmaker_jansson.c
Examining data/libblkmaker-0.5.3/blkmaker_jansson.h
Examining data/libblkmaker-0.5.3/blktemplate.c
Examining data/libblkmaker-0.5.3/blktemplate.h
Examining data/libblkmaker-0.5.3/example.c
Examining data/libblkmaker-0.5.3/hex.c
Examining data/libblkmaker-0.5.3/private.h
Examining data/libblkmaker-0.5.3/testinput.c

FINAL RESULTS:

data/libblkmaker-0.5.3/base58.c:35:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char addrbin[25];
data/libblkmaker-0.5.3/base58.c:55:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&cout[3], &addrbin[1], 20);
data/libblkmaker-0.5.3/base58.c:65:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&cout[2], &addrbin[1], 20);
data/libblkmaker-0.5.3/blkmaker.c:69:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&data[0],
data/libblkmaker-0.5.3/blkmaker.c:103:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&data[off], tmpl->auxs[i].data, aux->datasz);
data/libblkmaker-0.5.3/blkmaker.c:110:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&data[off],
data/libblkmaker-0.5.3/blkmaker.c:118:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&data[off], script, scriptsz);
data/libblkmaker-0.5.3/blkmaker.c:203:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char hashes[(hashcount + 1) * 32];
data/libblkmaker-0.5.3/blkmaker.c:206:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&hashes[0x20 * (i + 1)], tmpl->txns[i].hash_, 0x20);
data/libblkmaker-0.5.3/blkmaker.c:210:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&branches[i], &hashes[0x20], 0x20);
data/libblkmaker-0.5.3/blkmaker.c:213:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&hashes[32 * hashcount], &hashes[32 * (hashcount - 1)], 32);
data/libblkmaker-0.5.3/blkmaker.c:245:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&hashes[1], tmpl->_mrklbranch[i], 0x20);
data/libblkmaker-0.5.3/blkmaker.c:251:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(mrklroot_out, &hashes[0], 32);
data/libblkmaker-0.5.3/blkmaker.c:280:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(out, in, cbPostScriptSig+1);
data/libblkmaker-0.5.3/blkmaker.c:281:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(outPostScriptSig, &in[cbPostScriptSig], insz - cbPostScriptSig);
data/libblkmaker-0.5.3/blkmaker.c:287:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(outExtranonce, append, appendsz);
data/libblkmaker-0.5.3/blkmaker.c:342:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(vout, in, insz);
data/libblkmaker-0.5.3/blkmaker.c:379:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&cbuf[4], &tmpl->prevblk, 32);
data/libblkmaker-0.5.3/blkmaker.c:381:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char cbtxndata[tmpl->cbtxn->datasz + sizeof(dataid)];
data/libblkmaker-0.5.3/blkmaker.c:389:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&cbuf[72], &tmpl->diffbits, 4);
data/libblkmaker-0.5.3/blkmaker.c:429:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&cbuf[4], &tmpl->prevblk, 32);
data/libblkmaker-0.5.3/blkmaker.c:435:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char dummy[extranoncesz];
data/libblkmaker-0.5.3/blkmaker.c:444:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&cbuf[72], &tmpl->diffbits, 4);
data/libblkmaker-0.5.3/blkmaker.c:454:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(*out_branches, tmpl->_mrklbranch, branches_bytesz);
data/libblkmaker-0.5.3/blkmaker.c:522:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(blk, data, 76);
data/libblkmaker-0.5.3/blkmaker.c:524:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&blk[76], &nonce, 4);
data/libblkmaker-0.5.3/blkmaker.c:539:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
			memcpy(&blk[offs], tmpl->cbtxn->data, tmpl->cbtxn->datasz);
data/libblkmaker-0.5.3/blkmaker.c:546:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
				memcpy(&blk[offs], tmpl->txns[i].data, tmpl->txns[i].datasz);
data/libblkmaker-0.5.3/blkmaker.c:570:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char extended_extranonce[extranoncesz + 1];
data/libblkmaker-0.5.3/blkmaker.c:571:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(extended_extranonce, extranonce, extranoncesz);
data/libblkmaker-0.5.3/blktemplate.h:99:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char diffbits[4];
data/libblkmaker-0.5.3/example.c:29:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char bufx[26] = {'\xff'};
data/libblkmaker-0.5.3/example.c:36:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char cbuf[51];
data/libblkmaker-0.5.3/example.c:97:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
		unsigned char data[80], hash[32];
data/libblkmaker-0.5.3/base58.c:37:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	const size_t b58sz = strlen(addr);
data/libblkmaker-0.5.3/blkmaker_jansson.c:137:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t datasz = strlen(hexdata) / 2;
data/libblkmaker-0.5.3/blkmaker_jansson.c:245:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			size_t sz = strlen(s) / 2;
data/libblkmaker-0.5.3/example.c:27:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	const size_t addrlen = strlen(addr);

ANALYSIS SUMMARY:

Hits = 38
Lines analyzed = 1640 in approximately 0.08 seconds (20621 lines/second)
Physical Source Lines of Code (SLOC) = 1306
Hits@level = [0]   7 [1]   4 [2]  34 [3]   0 [4]   0 [5]   0
Hits@level+ = [0+]  45 [1+]  38 [2+]  34 [3+]   0 [4+]   0 [5+]   0
Hits/KSLOC@level+ = [0+] 34.4564 [1+] 29.0965 [2+] 26.0337 [3+]   0 [4+]   0 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.