Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libisofs-1.5.2/demo/demo.c Examining data/libisofs-1.5.2/libisofs/builder.h Examining data/libisofs-1.5.2/libisofs/find.c Examining data/libisofs-1.5.2/libisofs/messages.c Examining data/libisofs-1.5.2/libisofs/fsource.c Examining data/libisofs-1.5.2/libisofs/aaip-os-dummy.c Examining data/libisofs-1.5.2/libisofs/filter.h Examining data/libisofs-1.5.2/libisofs/data_source.c Examining data/libisofs-1.5.2/libisofs/buffer.h Examining data/libisofs-1.5.2/libisofs/node.c Examining data/libisofs-1.5.2/libisofs/libiso_msgs.c Examining data/libisofs-1.5.2/libisofs/aaip-os-freebsd.c Examining data/libisofs-1.5.2/libisofs/stream.c Examining data/libisofs-1.5.2/libisofs/aaip_0_2.c Examining data/libisofs-1.5.2/libisofs/fsource.h Examining data/libisofs-1.5.2/libisofs/iso1999.h Examining data/libisofs-1.5.2/libisofs/system_area.h Examining data/libisofs-1.5.2/libisofs/util_rbtree.c Examining data/libisofs-1.5.2/libisofs/hfsplus.h Examining data/libisofs-1.5.2/libisofs/rockridge.h Examining data/libisofs-1.5.2/libisofs/ecma119.h Examining data/libisofs-1.5.2/libisofs/filesrc.h Examining data/libisofs-1.5.2/libisofs/make_isohybrid_mbr.c Examining data/libisofs-1.5.2/libisofs/hfsplus_case.c Examining data/libisofs-1.5.2/libisofs/fs_local.c Examining data/libisofs-1.5.2/libisofs/util.h Examining data/libisofs-1.5.2/libisofs/tree.h Examining data/libisofs-1.5.2/libisofs/buffer.c Examining data/libisofs-1.5.2/libisofs/writer.h Examining data/libisofs-1.5.2/libisofs/hfsplus_decompose.c Examining data/libisofs-1.5.2/libisofs/node.h Examining data/libisofs-1.5.2/libisofs/system_area.c Examining data/libisofs-1.5.2/libisofs/filters/zisofs.c Examining data/libisofs-1.5.2/libisofs/filters/external.c Examining data/libisofs-1.5.2/libisofs/filters/gzip.c Examining data/libisofs-1.5.2/libisofs/eltorito.h Examining data/libisofs-1.5.2/libisofs/ecma119_tree.h Examining data/libisofs-1.5.2/libisofs/messages.h Examining data/libisofs-1.5.2/libisofs/ecma119_tree.c Examining data/libisofs-1.5.2/libisofs/rockridge.c Examining data/libisofs-1.5.2/libisofs/libiso_msgs.h Examining data/libisofs-1.5.2/libisofs/hfsplus_classes.c Examining data/libisofs-1.5.2/libisofs/md5.h Examining data/libisofs-1.5.2/libisofs/fs_image.c Examining data/libisofs-1.5.2/libisofs/hfsplus.c Examining data/libisofs-1.5.2/libisofs/eltorito.c Examining data/libisofs-1.5.2/libisofs/md5.c Examining data/libisofs-1.5.2/libisofs/iso1999.c Examining data/libisofs-1.5.2/libisofs/aaip-os-linux.c Examining data/libisofs-1.5.2/libisofs/tree.c Examining data/libisofs-1.5.2/libisofs/joliet.c Examining data/libisofs-1.5.2/libisofs/util.c Examining data/libisofs-1.5.2/libisofs/image.c Examining data/libisofs-1.5.2/libisofs/image.h Examining data/libisofs-1.5.2/libisofs/aaip_0_2.h Examining data/libisofs-1.5.2/libisofs/rockridge_read.c Examining data/libisofs-1.5.2/libisofs/filesrc.c Examining data/libisofs-1.5.2/libisofs/joliet.h Examining data/libisofs-1.5.2/libisofs/util_htable.c Examining data/libisofs-1.5.2/libisofs/builder.c Examining data/libisofs-1.5.2/libisofs/stream.h Examining data/libisofs-1.5.2/libisofs/ecma119.c Examining data/libisofs-1.5.2/libisofs/filter.c Examining data/libisofs-1.5.2/libisofs/libisofs.h FINAL RESULTS: data/libisofs-1.5.2/libisofs/fs_local.c:440:12: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. size = readlink(path, buf, bufsiz); data/libisofs-1.5.2/libisofs/fsource.c:115:24: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. return src->class->readlink(src, buf, bufsiz); data/libisofs-1.5.2/libisofs/libisofs.h:808:11: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. int (*readlink)(IsoFileSource *src, char *buf, size_t bufsiz); data/libisofs-1.5.2/libisofs/aaip_0_2.c:1700:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(prefix, Aaip_namespace_textS[(int) name[0]]); data/libisofs-1.5.2/libisofs/aaip_0_2.c:2185:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, pwd->pw_name); data/libisofs-1.5.2/libisofs/aaip_0_2.c:2199:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, grp->gr_name); data/libisofs-1.5.2/libisofs/ecma119.c:1785:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(o->path, path); data/libisofs-1.5.2/libisofs/ecma119.c:4011:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(opts->scdbackup_tag_parm, "%s %s", eff_name, eff_time); data/libisofs-1.5.2/libisofs/ecma119_tree.c:767:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fmt, "%%s%%0%dd.%%s", digits); data/libisofs-1.5.2/libisofs/ecma119_tree.c:769:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fmt, "%%s%%0%dd%%s", digits); data/libisofs-1.5.2/libisofs/ecma119_tree.c:772:21: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tmp, fmt, name, change, ext); data/libisofs-1.5.2/libisofs/filters/external.c:294:5: [4] (shell) execv: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. execv(data->cmd->path, data->cmd->argv); /* should never come back */ data/libisofs-1.5.2/libisofs/fs_image.c:497:16: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). return strcat(path, data->name); data/libisofs-1.5.2/libisofs/fs_image.c:4833:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(target->buf + target->byte_count, msg); data/libisofs-1.5.2/libisofs/fs_image.c:4847:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(msg, path); data/libisofs-1.5.2/libisofs/fs_image.c:4956:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, msg); data/libisofs-1.5.2/libisofs/fs_image.c:5013:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msg + strlen(msg), " cyl-align-%s", data/libisofs-1.5.2/libisofs/fs_image.c:5084:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msg, "DEC Alpha ldr path : %s", sai->alpha_boot_image); data/libisofs-1.5.2/libisofs/fs_image.c:5126:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msg, data/libisofs-1.5.2/libisofs/fs_image.c:5154:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msg, "SUN SPARC disklabel: %s", sai->sparc_disc_label); data/libisofs-1.5.2/libisofs/fs_image.c:5217:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msg, "GPT entry array : %u %u %s", data/libisofs-1.5.2/libisofs/fs_image.c:5287:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msg, "APM partition name : %3d %s", idx, apm_entry->name); data/libisofs-1.5.2/libisofs/fs_image.c:5289:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msg, "APM partition type : %3d %s", idx, apm_entry->type); data/libisofs-1.5.2/libisofs/fs_image.c:5348:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf + count, doc[i]); data/libisofs-1.5.2/libisofs/fs_image.c:5428:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(emul_code, emul_names[img->type]); data/libisofs-1.5.2/libisofs/fs_image.c:5432:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pltf, pltf_names[img->platform_id]); data/libisofs-1.5.2/libisofs/fs_image.c:5447:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(msg, data/libisofs-1.5.2/libisofs/fs_local.c:88:16: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). return strcat(path, data->name); data/libisofs-1.5.2/libisofs/fsource.c:73:24: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. return src->class->access(src); data/libisofs-1.5.2/libisofs/hfsplus.c:1409:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(new_name, "%s_%s", prefix, number); data/libisofs-1.5.2/libisofs/iso1999.c:370:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(full_name, children[i]->name); data/libisofs-1.5.2/libisofs/iso1999.c:428:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fmt, "%%s%%0%dd.%%s", digits); data/libisofs-1.5.2/libisofs/iso1999.c:430:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fmt, "%%s%%0%dd%%s", digits); data/libisofs-1.5.2/libisofs/iso1999.c:433:21: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(tmp, fmt, name, change, ext); data/libisofs-1.5.2/libisofs/joliet.c:377:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(nstr, fmt, number); data/libisofs-1.5.2/libisofs/libiso_msgs.c:349:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sev_text,"%s : ",sev_name); data/libisofs-1.5.2/libisofs/libiso_msgs.c:379:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(item->msg_text,msg_text); data/libisofs-1.5.2/libisofs/libiso_msgs.h:508:71: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. 0x00020140 (FATAL,HIGH) = Drive is busy on attempt to write random access data/libisofs-1.5.2/libisofs/libiso_msgs.h:510:61: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. 0x00020142 (FATAL,HIGH) = Drive is not grabbed on random access write data/libisofs-1.5.2/libisofs/libisofs.h:713:11: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. int (*access)(IsoFileSource *src); data/libisofs-1.5.2/libisofs/md5.c:745:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(record, "%s %s ", t->opts->scdbackup_tag_parm, postext); data/libisofs-1.5.2/libisofs/md5.c:758:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag_block + line_start, "scdbackup_checksum_tag_v0.1 %s %d %s ", data/libisofs-1.5.2/libisofs/md5.c:821:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(tag_block, "%s pos=%u range_start=%u range_size=%u", data/libisofs-1.5.2/libisofs/messages.c:260:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(msg, MAX_MSG_LEN, fmt, ap); data/libisofs-1.5.2/libisofs/messages.c:583:9: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(msg, MAX_MSG_LEN, fmt, ap); data/libisofs-1.5.2/libisofs/messages.c:690:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(severity, sev_name); data/libisofs-1.5.2/libisofs/stream.c:910:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(path, raw_path); data/libisofs-1.5.2/libisofs/stream.c:911:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(path, ivd); data/libisofs-1.5.2/libisofs/tree.c:1264:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "/%s", node->name); data/libisofs-1.5.2/libisofs/tree.c:1269:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(path, "%s/%s", parent_path, node->name); data/libisofs-1.5.2/libisofs/util.c:180:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(libisofs_local_charset, name); data/libisofs-1.5.2/libisofs/util.c:1838:9: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. int access; data/libisofs-1.5.2/libisofs/util.c:1853:10: [4] (race) access: This usually indicates a security flaw. If an attacker can change anything along the path between the call to access() and the file's actual use (e.g., by moving files), the attacker can exploit the race condition (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid()) and try to open the file directly. if (!access) { data/libisofs-1.5.2/demo/demo.c:289:17: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. while ((c = getopt(argc, argv, optstring)) != -1) { data/libisofs-1.5.2/libisofs/libiso_msgs.h:508:64: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. 0x00020140 (FATAL,HIGH) = Drive is busy on attempt to write random access data/libisofs-1.5.2/libisofs/libiso_msgs.h:510:54: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. 0x00020142 (FATAL,HIGH) = Drive is not grabbed on random access write data/libisofs-1.5.2/libisofs/util.c:1687:10: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. tz = getenv("TZ"); data/libisofs-1.5.2/libisofs/util.c:1700:10: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. tz = getenv("TZ"); data/libisofs-1.5.2/demo/demo.c:84:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char perm[10]; data/libisofs-1.5.2/demo/demo.c:282:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[2048]; data/libisofs-1.5.2/demo/demo.c:306:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). level = atoi(optarg); data/libisofs-1.5.2/demo/demo.c:332:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(argv[optind+1], "w"); data/libisofs-1.5.2/demo/demo.c:445:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[PATH_MAX]; data/libisofs-1.5.2/demo/demo.c:640:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libisofs-1.5.2/demo/demo.c:692:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[2048]; data/libisofs-1.5.2/demo/demo.c:702:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(argv[3], "w"); data/libisofs-1.5.2/demo/demo.c:821:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[2048]; data/libisofs-1.5.2/demo/demo.c:838:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(argv[5], "w"); data/libisofs-1.5.2/demo/demo.c:875:42: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). iso_read_opts_set_start_block(ropts, atoi(argv[1])); data/libisofs-1.5.2/demo/demo.c:901:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ms_block = atoi(argv[2]); data/libisofs-1.5.2/libisofs/aaip-os-freebsd.c:299:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_list, *namelist, *namelist_size); data/libisofs-1.5.2/libisofs/aaip-os-freebsd.c:309:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wpt, attrnamespace, space_len); data/libisofs-1.5.2/libisofs/aaip-os-freebsd.c:312:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wpt, list + i + 1, len); data/libisofs-1.5.2/libisofs/aaip-os-freebsd.c:783:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[256]; data/libisofs-1.5.2/libisofs/aaip-os-freebsd.c:954:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ret= aaip_decode_acl((unsigned char *) values[i], value_lengths[i], data/libisofs-1.5.2/libisofs/aaip-os-freebsd.c:963:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ret= aaip_decode_acl((unsigned char *) values[i], value_lengths[i], data/libisofs-1.5.2/libisofs/aaip-os-freebsd.c:1034:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ret= aaip_decode_acl((unsigned char *) values[i], value_lengths[i], data/libisofs-1.5.2/libisofs/aaip-os-freebsd.c:1041:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ret= aaip_decode_acl((unsigned char *) values[i], value_lengths[i], data/libisofs-1.5.2/libisofs/aaip-os-freebsd.c:1058:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ret= aaip_decode_acl((unsigned char *) (values[i] + consumed), data/libisofs-1.5.2/libisofs/aaip-os-freebsd.c:1066:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ret= aaip_decode_acl((unsigned char *) (values[i] + consumed), data/libisofs-1.5.2/libisofs/aaip-os-linux.c:613:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ret= aaip_decode_acl((unsigned char *) values[i], value_lengths[i], data/libisofs-1.5.2/libisofs/aaip-os-linux.c:622:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ret= aaip_decode_acl((unsigned char *) values[i], value_lengths[i], data/libisofs-1.5.2/libisofs/aaip-os-linux.c:642:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ret= aaip_decode_acl((unsigned char *) (values[i] + consumed), data/libisofs-1.5.2/libisofs/aaip-os-linux.c:652:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ret= aaip_decode_acl((unsigned char *) (values[i] + consumed), data/libisofs-1.5.2/libisofs/aaip_0_2.c:167:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hpt, *result, *result_len); data/libisofs-1.5.2/libisofs/aaip_0_2.c:173:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. for(i= 0; i < *result_len; i+= ((unsigned char *) (*result))[i + 2]) data/libisofs-1.5.2/libisofs/aaip_0_2.c:565:10: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(result + count, name + i * 127, result[count - 1] & 127); data/libisofs-1.5.2/libisofs/aaip_0_2.c:649:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(acl, a_acl, a_acl_len); data/libisofs-1.5.2/libisofs/aaip_0_2.c:650:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(acl + a_acl_len, d_acl, d_acl_len); data/libisofs-1.5.2/libisofs/aaip_0_2.c:873:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(wpt, "user::%c%c%c\n", data/libisofs-1.5.2/libisofs/aaip_0_2.c:880:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(wpt, "group::%c%c%c\n", data/libisofs-1.5.2/libisofs/aaip_0_2.c:887:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(wpt, "other::%c%c%c\n", data/libisofs-1.5.2/libisofs/aaip_0_2.c:894:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(wpt, "mask::%c%c%c\n", data/libisofs-1.5.2/libisofs/aaip_0_2.c:926:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char recs[Aaip_buffer_sizE + Aaip_buffer_reservE]; data/libisofs-1.5.2/libisofs/aaip_0_2.c:1077:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(start_pt, data, at_start_pt); data/libisofs-1.5.2/libisofs/aaip_0_2.c:1079:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aaip->recs, data + at_start_pt, at_recs); data/libisofs-1.5.2/libisofs/aaip_0_2.c:1096:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, start_pt, at_start_pt); data/libisofs-1.5.2/libisofs/aaip_0_2.c:1098:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data + at_start_pt, aaip->recs, at_recs); data/libisofs-1.5.2/libisofs/aaip_0_2.c:1161:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aaip->recs + aaip->recs_fill, data, todo); data/libisofs-1.5.2/libisofs/aaip_0_2.c:1172:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data, aaip->recs + idx, num_data); data/libisofs-1.5.2/libisofs/aaip_0_2.c:1269:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char aa_head[5]; data/libisofs-1.5.2/libisofs/aaip_0_2.c:1299:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char zero_char[2]= {0, 0}; data/libisofs-1.5.2/libisofs/aaip_0_2.c:1625:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char prefix[Aaip_max_name_expansioN + 1]; data/libisofs-1.5.2/libisofs/aaip_0_2.c:1703:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, prefix, pl); data/libisofs-1.5.2/libisofs/aaip_0_2.c:1928:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aaip->list_names[i], aaip->name_buf, aaip->name_buf_fill); data/libisofs-1.5.2/libisofs/aaip_0_2.c:1930:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aaip->list_values[i], aaip->value_buf, aaip->value_buf_fill); data/libisofs-1.5.2/libisofs/aaip_0_2.c:2044:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((*result), tag_type, tag_len); data/libisofs-1.5.2/libisofs/aaip_0_2.c:2046:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((*result) + tag_len + 1, qualifier, qualifier_len); data/libisofs-1.5.2/libisofs/aaip_0_2.c:2048:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((*result) + tag_len + 1 + qualifier_len + 1, permissions, perm_len); data/libisofs-1.5.2/libisofs/aaip_0_2.c:2072:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name + *name_fill, rpt + 1, rec_len); data/libisofs-1.5.2/libisofs/aaip_0_2.c:2108:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char perm_text[4], *wpt, *name= NULL; data/libisofs-1.5.2/libisofs/aaip_0_2.c:2124:4: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(perm_text, "---"); data/libisofs-1.5.2/libisofs/aaip_0_2.c:2178:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. uid= (uid << 8) | ((unsigned char *) name)[i]; data/libisofs-1.5.2/libisofs/aaip_0_2.c:2181:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "%.f", (double) uid); data/libisofs-1.5.2/libisofs/aaip_0_2.c:2183:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "%.f", (double) uid); data/libisofs-1.5.2/libisofs/aaip_0_2.c:2192:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. gid= (gid << 8) | ((unsigned char *) name)[i]; data/libisofs-1.5.2/libisofs/aaip_0_2.c:2195:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "%.f", (double) gid); data/libisofs-1.5.2/libisofs/aaip_0_2.c:2197:8: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "%.f", (double) gid); data/libisofs-1.5.2/libisofs/buffer.c:185:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf->buf + buf->wpos, data + bytes_write, len); data/libisofs-1.5.2/libisofs/buffer.c:240:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest + bytes_read, buf->buf + buf->rpos, len); data/libisofs-1.5.2/libisofs/data_source.c:73:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open(data->path, O_RDONLY | O_BINARY); data/libisofs-1.5.2/libisofs/ecma119.c:116:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5[16]; data/libisofs-1.5.2/libisofs/ecma119.c:394:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rec->file_id, name, len_fi); data/libisofs-1.5.2/libisofs/ecma119.c:572:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vol.std_identifier, "CD001", 5); data/libisofs-1.5.2/libisofs/ecma119.c:613:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vol.app_use, image->application_use, 512); data/libisofs-1.5.2/libisofs/ecma119.c:790:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rec->dir_id, dir->iso_name, rec->len_di[0]); data/libisofs-1.5.2/libisofs/ecma119.c:963:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, data/libisofs-1.5.2/libisofs/ecma119.c:1199:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[80]; data/libisofs-1.5.2/libisofs/ecma119.c:1207:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "Aligned image size to cylinder size by %d blocks", data/libisofs-1.5.2/libisofs/ecma119.c:1227:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[80]; data/libisofs-1.5.2/libisofs/ecma119.c:1239:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "Aligned image size to cylinder size by %d blocks", data/libisofs-1.5.2/libisofs/ecma119.c:1365:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vol->std_identifier, "CD001", 5); data/libisofs-1.5.2/libisofs/ecma119.c:1398:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sa, target->opts_overwrite, 16 * BLOCK_SIZE); data/libisofs-1.5.2/libisofs/ecma119.c:1608:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char txt[20]; data/libisofs-1.5.2/libisofs/ecma119.c:1934:26: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ret = (*src->open)(src); data/libisofs-1.5.2/libisofs/ecma119.c:1941:23: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ivr->fd = open(ivr->source_pt, O_RDONLY); data/libisofs-1.5.2/libisofs/ecma119.c:1967:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, ivr->pending_read_pt, ivr->pending_read_bytes); data/libisofs-1.5.2/libisofs/ecma119.c:2022:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + *buf_fill, ivr->read_buf, to_copy); data/libisofs-1.5.2/libisofs/ecma119.c:2131:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(path, "rb"); data/libisofs-1.5.2/libisofs/ecma119.c:2354:51: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. idx = (idx << 8) | ((unsigned char *) old_cx_value)[i]; data/libisofs-1.5.2/libisofs/ecma119.c:2459:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(target->gpt_uuid_base, target->opts->gpt_disk_guid, 16); data/libisofs-1.5.2/libisofs/ecma119.c:2464:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(target->gpt_uuid_base, target->opts->vol_uuid, 9); data/libisofs-1.5.2/libisofs/ecma119.c:2465:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(target->gpt_uuid_base + 9, target->opts->vol_uuid + 14, 2); data/libisofs-1.5.2/libisofs/ecma119.c:2466:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(target->gpt_uuid_base + 11, target->opts->vol_uuid + 9, 5); data/libisofs-1.5.2/libisofs/ecma119.c:2471:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(target->gpt_disk_guid, target->gpt_uuid_base, 16); data/libisofs-1.5.2/libisofs/ecma119.c:2612:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(target->system_area_data, system_area, 32768); data/libisofs-1.5.2/libisofs/ecma119.c:3167:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5[16]; data/libisofs-1.5.2/libisofs/ecma119.c:3627:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(o, in, sizeof(IsoWriteOpts)); data/libisofs-1.5.2/libisofs/ecma119.c:3991:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char eff_name[81], eff_time[19]; data/libisofs-1.5.2/libisofs/ecma119.c:3995:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (isspace((int) ((unsigned char *) name)[i])) data/libisofs-1.5.2/libisofs/ecma119.c:4003:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (isspace((int) ((unsigned char *) timestamp)[i])) data/libisofs-1.5.2/libisofs/ecma119.c:4189:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int iso_write_opts_set_system_area(IsoWriteOpts *opts, char data[32768], data/libisofs-1.5.2/libisofs/ecma119.c:4203:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(opts->system_area_data, data, 32768); data/libisofs-1.5.2/libisofs/ecma119.c:4323:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(opts->appended_part_type_guids[partition_number - 1], guid, 16); data/libisofs-1.5.2/libisofs/ecma119.c:4361:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(opts->iso_gpt_type_guid, guid, 16); data/libisofs-1.5.2/libisofs/ecma119.c:4376:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(opts->hfsp_serial_number, serial_number, 8); data/libisofs-1.5.2/libisofs/ecma119.c:4399:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(opts->gpt_disk_guid, guid, 16); data/libisofs-1.5.2/libisofs/ecma119.c:4451:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(smashed, name, name_len); data/libisofs-1.5.2/libisofs/ecma119.c:4498:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(with_version, conved, conved_len); data/libisofs-1.5.2/libisofs/ecma119.c:4518:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(with_version, conved, conved_len + 1); data/libisofs-1.5.2/libisofs/ecma119.c:4519:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(with_version, ";1"); data/libisofs-1.5.2/libisofs/ecma119.h:422:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char scdbackup_tag_parm[100]; data/libisofs-1.5.2/libisofs/ecma119.h:445:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vol_uuid[17]; data/libisofs-1.5.2/libisofs/ecma119.h:483:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *appended_partitions[ISO_MAX_PARTITIONS]; data/libisofs-1.5.2/libisofs/ecma119.h:524:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ascii_disc_label[ISO_DISC_LABEL_SIZE]; data/libisofs-1.5.2/libisofs/ecma119.h:767:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char image_md5[16]; data/libisofs-1.5.2/libisofs/ecma119_tree.c:656:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_name[40]; data/libisofs-1.5.2/libisofs/ecma119_tree.c:764:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[40]; data/libisofs-1.5.2/libisofs/ecma119_tree.c:765:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[16]; data/libisofs-1.5.2/libisofs/eltorito.c:151:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bootimg->id_string, id_string, 28); data/libisofs-1.5.2/libisofs/eltorito.c:159:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(id_string, bootimg->id_string, 28); data/libisofs-1.5.2/libisofs/eltorito.c:166:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bootimg->selection_crit, crit, 20); data/libisofs-1.5.2/libisofs/eltorito.c:174:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crit, bootimg->selection_crit, 20); data/libisofs-1.5.2/libisofs/eltorito.c:718:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*content, bootcat->content, bootcat->size); data/libisofs-1.5.2/libisofs/eltorito.c:903:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(id_string, t->catalog->bootimages[idx]->id_string, data/libisofs-1.5.2/libisofs/eltorito.c:1013:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(se->vendor_sc, img->selection_crit + 1, 19); data/libisofs-1.5.2/libisofs/eltorito.c:1118:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, data->buffer + data->offset, len); data/libisofs-1.5.2/libisofs/eltorito.c:1440:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vol.std_identifier, "CD001", 5); data/libisofs-1.5.2/libisofs/eltorito.c:1442:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vol.boot_sys_id, "EL TORITO SPECIFICATION", 23); data/libisofs-1.5.2/libisofs/filesrc.c:422:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int filesrc_make_md5(Ecma119Image *t, IsoFileSrc *file, char md5[16], int flag) data/libisofs-1.5.2/libisofs/filesrc.c:440:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5[16], pre_md5[16]; data/libisofs-1.5.2/libisofs/filesrc.c:634:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t->checksum_buffer + 16 * file->checksum_index, md5, 16); data/libisofs-1.5.2/libisofs/filters/external.c:508:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64 * 1024]; data/libisofs-1.5.2/libisofs/filters/gzip.c:353:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(((char *) buf) + fill, rng->rpt, todo); data/libisofs-1.5.2/libisofs/filters/gzip.c:434:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64 * 1024]; data/libisofs-1.5.2/libisofs/filters/zisofs.c:151:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char zisofs_magic[9] = data/libisofs-1.5.2/libisofs/filters/zisofs.c:337:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rng->block_buffer, zisofs_magic, 8); data/libisofs-1.5.2/libisofs/filters/zisofs.c:383:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rng->block_buffer, data/libisofs-1.5.2/libisofs/filters/zisofs.c:460:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cbuf + fill, rng->block_buffer + rng->buffer_rpos, todo); data/libisofs-1.5.2/libisofs/filters/zisofs.c:486:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zisofs_head[16]; data/libisofs-1.5.2/libisofs/filters/zisofs.c:491:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. *header_size_div4 = ((unsigned char *) zisofs_head)[12]; data/libisofs-1.5.2/libisofs/filters/zisofs.c:492:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. *block_size_log2 = ((unsigned char *) zisofs_head)[13]; data/libisofs-1.5.2/libisofs/filters/zisofs.c:520:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char waste_word[4]; data/libisofs-1.5.2/libisofs/filters/zisofs.c:651:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cbuf + fill, rng->block_buffer + rng->buffer_rpos, todo); data/libisofs-1.5.2/libisofs/filters/zisofs.c:677:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64 * 1024]; data/libisofs-1.5.2/libisofs/fs_image.c:341:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char platform_ids[Libisofs_max_boot_imageS]; data/libisofs-1.5.2/libisofs/fs_image.c:342:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char id_strings[Libisofs_max_boot_imageS][28]; data/libisofs-1.5.2/libisofs/fs_image.c:343:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char selection_crits[Libisofs_max_boot_imageS][20]; data/libisofs-1.5.2/libisofs/fs_image.c:344:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char boot_flags[Libisofs_max_boot_imageS]; /* bit0= bootable */ data/libisofs-1.5.2/libisofs/fs_image.c:345:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char media_types[Libisofs_max_boot_imageS]; data/libisofs-1.5.2/libisofs/fs_image.c:346:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char partition_types[Libisofs_max_boot_imageS]; data/libisofs-1.5.2/libisofs/fs_image.c:714:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ret = data->fs->open(data->fs); data/libisofs-1.5.2/libisofs/fs_image.c:737:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ret = data->fs->open(data->fs); data/libisofs-1.5.2/libisofs/fs_image.c:931:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((uint8_t*)buf + read, orig, bytes); data/libisofs-1.5.2/libisofs/fs_image.c:1149:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*aa_string, data->aa_string, len); data/libisofs-1.5.2/libisofs/fs_image.c:1194:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(new_data->info), &(old_data->info), sizeof(struct stat)); data/libisofs-1.5.2/libisofs/fs_image.c:1199:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_data->sections + i, old_data->sections + i, data/libisofs-1.5.2/libisofs/fs_image.c:1295:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(smashed, str, name_len); data/libisofs-1.5.2/libisofs/fs_image.c:1316:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(smashed + i * 2 + name_len, "%2.2x", data/libisofs-1.5.2/libisofs/fs_image.c:1317:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *) md5)[i]); data/libisofs-1.5.2/libisofs/fs_image.c:1386:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, str, len); data/libisofs-1.5.2/libisofs/fs_image.c:1865:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, data/libisofs-1.5.2/libisofs/fs_image.c:1890:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, data/libisofs-1.5.2/libisofs/fs_image.c:2303:30: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int res = data->src->open(data->src); data/libisofs-1.5.2/libisofs/fs_image.c:2401:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&(syslinux_sbi.root), (char *) record, 256); data/libisofs-1.5.2/libisofs/fs_image.c:2684:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data->id_strings[0], ve->id_string, 24); data/libisofs-1.5.2/libisofs/fs_image.c:2723:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data->id_strings[idx], sh->id_string, 28); data/libisofs-1.5.2/libisofs/fs_image.c:2731:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data->selection_crits[idx] + 1, entry->vendor_sc, 19); data/libisofs-1.5.2/libisofs/fs_image.c:3241:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bootcat->content, fsdata->catcontent, to_copy); data/libisofs-1.5.2/libisofs/fs_image.c:3618:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(boot_info_found, boot_image_buf + 8, 16); data/libisofs-1.5.2/libisofs/fs_image.c:3978:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. if (((unsigned char *) sad)[510] != 0x55 || data/libisofs-1.5.2/libisofs/fs_image.c:3979:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *) sad)[511] != 0xaa) data/libisofs-1.5.2/libisofs/fs_image.c:4122:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comments + strlen(comments), "Implausible header LBA %.f, ", data/libisofs-1.5.2/libisofs/fs_image.c:4127:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comments + strlen(comments), data/libisofs-1.5.2/libisofs/fs_image.c:4135:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(comments, data/libisofs-1.5.2/libisofs/fs_image.c:4146:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comments + strlen(comments), data/libisofs-1.5.2/libisofs/fs_image.c:4151:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(comments, ". Matches all 512 block bytes, "); data/libisofs-1.5.2/libisofs/fs_image.c:4153:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(comments, ", "); data/libisofs-1.5.2/libisofs/fs_image.c:4161:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comments + strlen(comments), "Disk GUID differs ("); data/libisofs-1.5.2/libisofs/fs_image.c:4163:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comments + strlen(comments), "), "); data/libisofs-1.5.2/libisofs/fs_image.c:4174:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comments + strlen(comments), data/libisofs-1.5.2/libisofs/fs_image.c:4180:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comments + strlen(comments), "Implausible array LBA %.f, ", data/libisofs-1.5.2/libisofs/fs_image.c:4187:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comments + strlen(comments), data/libisofs-1.5.2/libisofs/fs_image.c:4197:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comments + strlen(comments), data/libisofs-1.5.2/libisofs/fs_image.c:4211:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(comments, "Entries differ for partitions"); data/libisofs-1.5.2/libisofs/fs_image.c:4214:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(comments + strlen(comments), " %d", i + 1); data/libisofs-1.5.2/libisofs/fs_image.c:4218:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(comments, ", "); data/libisofs-1.5.2/libisofs/fs_image.c:4256:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crc_buf, head, 512); data/libisofs-1.5.2/libisofs/fs_image.c:4274:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sai->gpt_disk_guid, head + 56, 16); data/libisofs-1.5.2/libisofs/fs_image.c:4412:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *sad, *part, name[33], type_string[33]; data/libisofs-1.5.2/libisofs/fs_image.c:4431:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(type_string, part + 48, 32); data/libisofs-1.5.2/libisofs/fs_image.c:4437:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(name, part + 16, 32); data/libisofs-1.5.2/libisofs/fs_image.c:4525:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sai->mips_vd_entries[idx]->name, upart, 8); data/libisofs-1.5.2/libisofs/fs_image.c:4629:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sai->sparc_disc_label, sad, 128); data/libisofs-1.5.2/libisofs/fs_image.c:4685:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *sad, *paths[4]; data/libisofs-1.5.2/libisofs/fs_image.c:4712:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(sai->hppa_cmdline, sad + cmd_adr, cmd_len); data/libisofs-1.5.2/libisofs/fs_image.c:4845:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg + strlen(msg), "(too long to show here)"); data/libisofs-1.5.2/libisofs/fs_image.c:4957:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(path + (cpt - msg), "blks", 4); data/libisofs-1.5.2/libisofs/fs_image.c:4958:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(path + strlen(path), "%u", (unsigned int) size); data/libisofs-1.5.2/libisofs/fs_image.c:4981:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *alignments[4] = {"auto", "on", "off", "all"}; data/libisofs-1.5.2/libisofs/fs_image.c:4994:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "System area options: 0x%-8.8x", (unsigned int) sao); data/libisofs-1.5.2/libisofs/fs_image.c:5000:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(msg, "System area summary:"); data/libisofs-1.5.2/libisofs/fs_image.c:5003:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(msg, " MBR"); data/libisofs-1.5.2/libisofs/fs_image.c:5005:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(msg, " isohybrid"); data/libisofs-1.5.2/libisofs/fs_image.c:5007:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(msg, " protective-msdos-label"); data/libisofs-1.5.2/libisofs/fs_image.c:5009:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(msg, " CHRP"); data/libisofs-1.5.2/libisofs/fs_image.c:5012:17: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(msg, " grub2-mbr"); data/libisofs-1.5.2/libisofs/fs_image.c:5016:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(msg, " PReP"); data/libisofs-1.5.2/libisofs/fs_image.c:5018:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(msg, " MBR"); data/libisofs-1.5.2/libisofs/fs_image.c:5020:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(msg, " not-recognized"); data/libisofs-1.5.2/libisofs/fs_image.c:5023:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(msg, " MIPS-Big-Endian"); data/libisofs-1.5.2/libisofs/fs_image.c:5025:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(msg, " MIPS-Little-Endian"); data/libisofs-1.5.2/libisofs/fs_image.c:5027:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(msg, " SUN-SPARC-Disk-Label"); data/libisofs-1.5.2/libisofs/fs_image.c:5029:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg + strlen(msg), " HP-PA-PALO"); data/libisofs-1.5.2/libisofs/fs_image.c:5031:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg + strlen(msg), " DEC-Alpha"); data/libisofs-1.5.2/libisofs/fs_image.c:5033:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg + strlen(msg), " unkown-system-area-type-%d", sa_type); data/libisofs-1.5.2/libisofs/fs_image.c:5036:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(msg, " GPT"); data/libisofs-1.5.2/libisofs/fs_image.c:5038:9: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(msg, " APM"); data/libisofs-1.5.2/libisofs/fs_image.c:5042:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "ISO image size/512 : %.f", data/libisofs-1.5.2/libisofs/fs_image.c:5046:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "Partition offset : %d", sai->partition_offset); data/libisofs-1.5.2/libisofs/fs_image.c:5050:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "PALO header version: %d", sai->hppa_hdrversion); data/libisofs-1.5.2/libisofs/fs_image.c:5052:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "HP-PA cmdline : "); data/libisofs-1.5.2/libisofs/fs_image.c:5054:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "HP-PA boot files : ByteAddr ByteSize Path"); data/libisofs-1.5.2/libisofs/fs_image.c:5056:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "HP-PA 32-bit kernel: %10u %10u ", data/libisofs-1.5.2/libisofs/fs_image.c:5061:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "HP-PA 64-bit kernel: %10u %10u ", data/libisofs-1.5.2/libisofs/fs_image.c:5066:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "HP-PA ramdisk : %10u %10u ", data/libisofs-1.5.2/libisofs/fs_image.c:5071:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "HP-PA bootloader : %10u %10u ", data/libisofs-1.5.2/libisofs/fs_image.c:5077:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "DEC Alpha ldr size : %.f", data/libisofs-1.5.2/libisofs/fs_image.c:5080:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "DEC Alpha ldr adr : %.f", data/libisofs-1.5.2/libisofs/fs_image.c:5089:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "MBR heads per cyl : %d", sai->partition_heads_per_cyl); data/libisofs-1.5.2/libisofs/fs_image.c:5091:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "MBR secs per head : %d", sai->partition_secs_per_head); data/libisofs-1.5.2/libisofs/fs_image.c:5093:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, data/libisofs-1.5.2/libisofs/fs_image.c:5099:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, data/libisofs-1.5.2/libisofs/fs_image.c:5111:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "MBR partition path : %3d ", part->desired_slot); data/libisofs-1.5.2/libisofs/fs_image.c:5116:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "PReP boot partition: %u %u", data/libisofs-1.5.2/libisofs/fs_image.c:5122:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, data/libisofs-1.5.2/libisofs/fs_image.c:5133:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "MIPS-BE boot path : %3d ", i + 1); data/libisofs-1.5.2/libisofs/fs_image.c:5139:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, data/libisofs-1.5.2/libisofs/fs_image.c:5142:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "MIPS-LE boot params: %10u %10u %10u %10u", data/libisofs-1.5.2/libisofs/fs_image.c:5147:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "MIPS-LE boot path : "); data/libisofs-1.5.2/libisofs/fs_image.c:5150:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "MIPS-LE elf offset : %u", sai->mipsel_p_offset); data/libisofs-1.5.2/libisofs/fs_image.c:5156:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "SUN SPARC secs/head: %d", sai->sparc_secs_per_head); data/libisofs-1.5.2/libisofs/fs_image.c:5158:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "SUN SPARC heads/cyl: %d", sai->sparc_heads_per_cyl); data/libisofs-1.5.2/libisofs/fs_image.c:5160:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, data/libisofs-1.5.2/libisofs/fs_image.c:5165:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, data/libisofs-1.5.2/libisofs/fs_image.c:5173:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "SPARC GRUB2 core : %.f %u", data/libisofs-1.5.2/libisofs/fs_image.c:5180:21: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "SPARC GRUB2 path : "); data/libisofs-1.5.2/libisofs/fs_image.c:5189:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "GPT : N Info"); data/libisofs-1.5.2/libisofs/fs_image.c:5192:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, data/libisofs-1.5.2/libisofs/fs_image.c:5196:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, data/libisofs-1.5.2/libisofs/fs_image.c:5202:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, data/libisofs-1.5.2/libisofs/fs_image.c:5209:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "GPT backup problems: "); data/libisofs-1.5.2/libisofs/fs_image.c:5214:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "GPT disk GUID : "); data/libisofs-1.5.2/libisofs/fs_image.c:5222:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "GPT lba range : %.f %.f %.f", data/libisofs-1.5.2/libisofs/fs_image.c:5237:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "GPT partition name : %3d ", idx); data/libisofs-1.5.2/libisofs/fs_image.c:5249:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "GPT partname local : %3d ", idx); data/libisofs-1.5.2/libisofs/fs_image.c:5250:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(msg + 26, local_name, local_len); data/libisofs-1.5.2/libisofs/fs_image.c:5255:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "GPT partition GUID : %3d ", idx); data/libisofs-1.5.2/libisofs/fs_image.c:5258:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "GPT type GUID : %3d ", idx); data/libisofs-1.5.2/libisofs/fs_image.c:5261:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "GPT partition flags: %3d 0x%8.8x%8.8x", idx, data/libisofs-1.5.2/libisofs/fs_image.c:5265:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "GPT start and size : %3d %.f %.f", idx, data/libisofs-1.5.2/libisofs/fs_image.c:5271:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "GPT partition path : %3d ", idx); data/libisofs-1.5.2/libisofs/fs_image.c:5277:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "APM : N Info"); data/libisofs-1.5.2/libisofs/fs_image.c:5279:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "APM block size : %u", sai->apm_block_size); data/libisofs-1.5.2/libisofs/fs_image.c:5281:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "APM gap fillers : %d", sai->apm_gap_count); data/libisofs-1.5.2/libisofs/fs_image.c:5291:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "APM start and size : %3d %.f %.f", idx, data/libisofs-1.5.2/libisofs/fs_image.c:5297:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "APM partition path : %3d ", idx); data/libisofs-1.5.2/libisofs/fs_image.c:5395:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char emul_names[5][6] = {"none", "fd1.2", "fd1.4", "fd2.8", "hd"}; data/libisofs-1.5.2/libisofs/fs_image.c:5396:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char pltf_names[3][5] = {"BIOS", "PPC", "Mac"}; data/libisofs-1.5.2/libisofs/fs_image.c:5409:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "El Torito catalog : %u %u", data/libisofs-1.5.2/libisofs/fs_image.c:5415:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "El Torito cat path : "); data/libisofs-1.5.2/libisofs/fs_image.c:5420:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, data/libisofs-1.5.2/libisofs/fs_image.c:5430:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(emul_code, "0x%2.2x", (unsigned int) img->type); data/libisofs-1.5.2/libisofs/fs_image.c:5434:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(pltf, "UEFI"); data/libisofs-1.5.2/libisofs/fs_image.c:5436:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(pltf, "0x%2.2x", (unsigned int) img->platform_id); data/libisofs-1.5.2/libisofs/fs_image.c:5458:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "El Torito img path : %3d ", i + 1); data/libisofs-1.5.2/libisofs/fs_image.c:5461:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "El Torito hdsiz/512: %3d %u", data/libisofs-1.5.2/libisofs/fs_image.c:5466:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "El Torito img opts : %3d ", i + 1); data/libisofs-1.5.2/libisofs/fs_image.c:5468:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(msg, "boot-info-table "); data/libisofs-1.5.2/libisofs/fs_image.c:5470:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(msg, "isohybrid-suitable "); data/libisofs-1.5.2/libisofs/fs_image.c:5472:13: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(msg, "grub2-boot-info "); data/libisofs-1.5.2/libisofs/fs_image.c:5481:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "El Torito id string: %3d ", i + 1); data/libisofs-1.5.2/libisofs/fs_image.c:5489:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "El Torito sel crit : %3d ", i + 1); data/libisofs-1.5.2/libisofs/fs_image.c:5749:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char checksum_type[81]; data/libisofs-1.5.2/libisofs/fs_image.c:5755:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5[16]; data/libisofs-1.5.2/libisofs/fs_image.c:5919:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(boot_image->id_string, data->id_strings[idx], 28); data/libisofs-1.5.2/libisofs/fs_image.c:5920:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(boot_image->selection_crit, data->selection_crits, 20); data/libisofs-1.5.2/libisofs/fs_image.c:6036:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(bootcat->content, data->catcontent, bootcat->size); data/libisofs-1.5.2/libisofs/fs_image.c:6545:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*sections, ifsdata->sections, data/libisofs-1.5.2/libisofs/fs_local.c:230:25: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). data->info.fd = open(path, O_RDONLY | O_BINARY); data/libisofs-1.5.2/libisofs/fsource.c:85:24: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return src->class->open(src); data/libisofs-1.5.2/libisofs/hfsplus.c:63:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[2048], buf_zeroed = 0; data/libisofs-1.5.2/libisofs/hfsplus.c:595:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[1024]; data/libisofs-1.5.2/libisofs/hfsplus.c:662:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&sb.num_serial, &t->opts->hfsp_serial_number, 8); data/libisofs-1.5.2/libisofs/hfsplus.c:673:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[2 * HFSPLUS_MAX_BLOCK_SIZE]; data/libisofs-1.5.2/libisofs/hfsplus.c:760:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy ((uint8_t *) buffer + curoff, t->hfsp_levels[level - 1].nodes[curnode].str, 2 * t->hfsp_levels[level - 1].nodes[curnode].strlen); data/libisofs-1.5.2/libisofs/hfsplus.c:833:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer + curoff, t->hfsp_leafs[curnode].name, t->hfsp_leafs[curnode].strlen * 2); data/libisofs-1.5.2/libisofs/hfsplus.c:846:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (buffer + curoff, t->hfsp_leafs[curnode].name, t->hfsp_leafs[curnode].strlen * 2); data/libisofs-1.5.2/libisofs/hfsplus.c:874:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (common->file_type, "slnk", 4); data/libisofs-1.5.2/libisofs/hfsplus.c:875:8: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (common->file_creator, "rhap", 4); data/libisofs-1.5.2/libisofs/hfsplus.c:885:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (common->file_type, xinfo->type_code, data/libisofs-1.5.2/libisofs/hfsplus.c:887:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (common->file_creator, data/libisofs-1.5.2/libisofs/hfsplus.c:892:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char crtp[14]; data/libisofs-1.5.2/libisofs/hfsplus.c:895:1: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crtp+1, xinfo->creator_code, 4); data/libisofs-1.5.2/libisofs/hfsplus.c:896:1: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(crtp + 5, "','"); data/libisofs-1.5.2/libisofs/hfsplus.c:897:1: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(crtp + 8, xinfo->type_code, 4); data/libisofs-1.5.2/libisofs/hfsplus.c:912:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (common->file_type, "????", 4); data/libisofs-1.5.2/libisofs/hfsplus.c:913:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (common->file_creator, "????", 4); data/libisofs-1.5.2/libisofs/hfsplus.c:1043:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[2 * HFSPLUS_MAX_BLOCK_SIZE]; data/libisofs-1.5.2/libisofs/hfsplus.c:1178:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&tr, &target->hfsp_leafs[old_idx], sz); data/libisofs-1.5.2/libisofs/hfsplus.c:1181:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&target->hfsp_leafs[i], &target->hfsp_leafs[i - 1], sz); data/libisofs-1.5.2/libisofs/hfsplus.c:1184:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&target->hfsp_leafs[i], &target->hfsp_leafs[i + 1], sz); data/libisofs-1.5.2/libisofs/hfsplus.c:1186:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&target->hfsp_leafs[new_idx], &tr, sz); data/libisofs-1.5.2/libisofs/hfsplus.c:1207:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wpt, *dest, *comp_start - *dest); data/libisofs-1.5.2/libisofs/hfsplus.c:1209:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wpt, new_name, new_len); data/libisofs-1.5.2/libisofs/hfsplus.c:1212:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wpt, *comp_end, *dest_len - (*comp_end - *dest)); data/libisofs-1.5.2/libisofs/hfsplus.c:1388:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char new_name[LIBISO_HFSPLUS_NAME_MAX + 1], number[9]; data/libisofs-1.5.2/libisofs/hfsplus.c:1400:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(number, "%X", (unsigned int) i); data/libisofs-1.5.2/libisofs/hfsplus.c:1867:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*new_data, old_data, sizeof(struct iso_hfsplus_xinfo_data)); data/libisofs-1.5.2/libisofs/image.c:503:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(image->application_use, app_use_data, count); data/libisofs-1.5.2/libisofs/image.c:513:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int iso_image_get_system_area(IsoImage *img, char system_area_data[32768], data/libisofs-1.5.2/libisofs/image.c:519:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(system_area_data, img->system_area_data, 32768); data/libisofs-1.5.2/libisofs/image.c:833:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. uint32_t *end_lba, char md5[16], int flag) data/libisofs-1.5.2/libisofs/image.c:839:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(md5, image->checksum_array, 16); data/libisofs-1.5.2/libisofs/image.c:874:52: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int iso_image_get_mips_boot_files(IsoImage *image, char *paths[15], int flag) data/libisofs-1.5.2/libisofs/image.h:59:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char application_use[512]; data/libisofs-1.5.2/libisofs/image.h:76:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *mips_boot_file_paths[15]; /* ISO 9660 Rock Ridge Paths */ data/libisofs-1.5.2/libisofs/image.h:182:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char truncate_buffer[4096]; data/libisofs-1.5.2/libisofs/iso1999.c:426:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[16]; data/libisofs-1.5.2/libisofs/iso1999.c:706:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rec->file_id, name, len_fi); data/libisofs-1.5.2/libisofs/iso1999.c:788:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vol.std_identifier, "CD001", 5); data/libisofs-1.5.2/libisofs/iso1999.c:944:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rec->dir_id, dir->name, rec->len_di[0]); data/libisofs-1.5.2/libisofs/joliet.c:365:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fmt[16]; data/libisofs-1.5.2/libisofs/joliet.c:366:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char nstr[72]; data/libisofs-1.5.2/libisofs/joliet.c:376:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fmt, "%%0%dd", digits); data/libisofs-1.5.2/libisofs/joliet.c:844:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rec->file_id, name, len_fi); data/libisofs-1.5.2/libisofs/joliet.c:960:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vol.std_identifier, "CD001", 5); data/libisofs-1.5.2/libisofs/joliet.c:965:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(vol.esc_sequences, "%/E", 3); data/libisofs-1.5.2/libisofs/joliet.c:1134:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(rec->dir_id, dir->name, rec->len_di[0]); data/libisofs-1.5.2/libisofs/libiso_msgs.c:155:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(o->print_id,"libiso: "); data/libisofs-1.5.2/libisofs/libiso_msgs.c:338:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *textpt,*sev_name,sev_text[81]; data/libisofs-1.5.2/libisofs/libiso_msgs.h:59:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char print_id[81]; data/libisofs-1.5.2/libisofs/libiso_msgs.h:432:37: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). 0x00020001 (SORRY,LOW) = Cannot open busy device data/libisofs-1.5.2/libisofs/libiso_msgs.h:436:40: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). 0x00020005 (SORRY,HIGH) = Failed to open device data/libisofs-1.5.2/libisofs/libiso_msgs.h:535:37: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). 0x00020200 (SORRY,HIGH) = Cannot open audio source file data/libisofs-1.5.2/libisofs/libiso_msgs.h:562:40: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). 0x0003ff7f (FAILURE,HIGH) = Trying to open an already openned file data/libisofs-1.5.2/libisofs/libisofs.h:433:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int (*open)(IsoDataSource *src); data/libisofs-1.5.2/libisofs/libisofs.h:548:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[4]; data/libisofs-1.5.2/libisofs/libisofs.h:605:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int (*open)(IsoFilesystem *fs); data/libisofs-1.5.2/libisofs/libisofs.h:727:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int (*open)(IsoFileSource *src); data/libisofs-1.5.2/libisofs/libisofs.h:1016:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char type[4]; data/libisofs-1.5.2/libisofs/libisofs.h:1025:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int (*open)(IsoStream *stream); data/libisofs-1.5.2/libisofs/libisofs.h:2293:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int iso_write_opts_set_system_area(IsoWriteOpts *opts, char data[32768], data/libisofs-1.5.2/libisofs/libisofs.h:4197:46: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int iso_image_get_system_area(IsoImage *img, char data[32768], data/libisofs-1.5.2/libisofs/libisofs.h:4623:52: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int iso_image_get_mips_boot_files(IsoImage *image, char *paths[15], int flag); data/libisofs-1.5.2/libisofs/libisofs.h:8142:50: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. uint32_t *end_lba, char md5[16], int flag); data/libisofs-1.5.2/libisofs/libisofs.h:8163:54: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int iso_file_get_md5(IsoImage *image, IsoFile *file, char md5[16], int flag); data/libisofs-1.5.2/libisofs/libisofs.h:8242:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int iso_util_decode_md5_tag(char data[2048], int *tag_type, uint32_t *pos, data/libisofs-1.5.2/libisofs/libisofs.h:8244:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. uint32_t *next_tag, char md5[16], int flag); data/libisofs-1.5.2/libisofs/libisofs.h:8311:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int iso_md5_end(void **md5_context, char result[16]); data/libisofs-1.5.2/libisofs/libisofs.h:8325:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int iso_md5_match(char first_md5[16], char second_md5[16]); data/libisofs-1.5.2/libisofs/libisofs.h:8325:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int iso_md5_match(char first_md5[16], char second_md5[16]); data/libisofs-1.5.2/libisofs/make_isohybrid_mbr.c:122:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char mbr_code[271] = { 0xfa, 0x31, 0xc0, 0x8e, 0xd8, 0x8e, data/libisofs-1.5.2/libisofs/make_isohybrid_mbr.c:394:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (*((unsigned char **) wpt))[0] = h; data/libisofs-1.5.2/libisofs/make_isohybrid_mbr.c:395:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (*((unsigned char **) wpt))[1] = s; data/libisofs-1.5.2/libisofs/make_isohybrid_mbr.c:396:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (*((unsigned char **) wpt))[2] = c; data/libisofs-1.5.2/libisofs/make_isohybrid_mbr.c:444:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *) gpt_name, "ISOHybrid%d", *gpt_count); data/libisofs-1.5.2/libisofs/make_isohybrid_mbr.c:505:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *) gpt_name, "ISOHybrid"); data/libisofs-1.5.2/libisofs/make_isohybrid_mbr.c:564:58: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static int gpt_images_as_mbr_partitions(Ecma119Image *t, char *wpt, data/libisofs-1.5.2/libisofs/make_isohybrid_mbr.c:583:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wpt + 1, dummy_chs, 3); data/libisofs-1.5.2/libisofs/make_isohybrid_mbr.c:588:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *) wpt)[4] = 0xef; /* "EFI (FAT-12/16)" */ data/libisofs-1.5.2/libisofs/make_isohybrid_mbr.c:590:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wpt + 5, dummy_chs, 3); data/libisofs-1.5.2/libisofs/md5.c:97:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[64]; /* input buffer */ data/libisofs-1.5.2/libisofs/md5.c:105:56: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static int md5__transform (uint32_t state[4], unsigned char block[64]) data/libisofs-1.5.2/libisofs/md5.c:245:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) &ctx->buffer[index], (char *) data, partlen); data/libisofs-1.5.2/libisofs/md5.c:254:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) &ctx->buffer[index], (char *) &data[i],datalen-i); data/libisofs-1.5.2/libisofs/md5.c:260:45: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static int md5_final(libisofs_md5_ctx *ctx, char result[16], int flag) data/libisofs-1.5.2/libisofs/md5.c:262:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bits[8], *respt; data/libisofs-1.5.2/libisofs/md5.c:264:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char PADDING[64] = { data/libisofs-1.5.2/libisofs/md5.c:308:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int libisofs_md5(void **ctx_in, char *data, int datalen, data/libisofs-1.5.2/libisofs/md5.c:309:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char result[16], int flag) data/libisofs-1.5.2/libisofs/md5.c:330:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((char *) *ctx,data,sizeof(libisofs_md5_ctx)); data/libisofs-1.5.2/libisofs/md5.c:391:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int iso_md5_end(void **md5_context, char result[16]) data/libisofs-1.5.2/libisofs/md5.c:403:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int iso_md5_match(char first_md5[16], char second_md5[16]) data/libisofs-1.5.2/libisofs/md5.c:403:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int iso_md5_match(char first_md5[16], char second_md5[16]) data/libisofs-1.5.2/libisofs/md5.c:469:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*new_data, old_data, 16); data/libisofs-1.5.2/libisofs/md5.c:535:55: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. idx = (idx << 8) | ((unsigned char *) value)[i]; data/libisofs-1.5.2/libisofs/md5.c:537:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(target->checksum_buffer + 16 * idx, md5_pt, 16); data/libisofs-1.5.2/libisofs/md5.c:628:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5[16]; data/libisofs-1.5.2/libisofs/md5.c:643:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t->checksum_buffer + 0 * 16, t->image_md5, 16); data/libisofs-1.5.2/libisofs/md5.c:659:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t->checksum_buffer + (t->checksum_idx_counter + 1) * 16, data/libisofs-1.5.2/libisofs/md5.c:729:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char postext[40], md5[16], *record = NULL; data/libisofs-1.5.2/libisofs/md5.c:741:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(postext, "%u%9.9u", (unsigned int) (pos / 1000000000), data/libisofs-1.5.2/libisofs/md5.c:744:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(postext, "%u", (unsigned int) pos); data/libisofs-1.5.2/libisofs/md5.c:748:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(record + record_len + 2 * i, data/libisofs-1.5.2/libisofs/md5.c:749:38: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. "%2.2x", ((unsigned char *) md5)[i]); data/libisofs-1.5.2/libisofs/md5.c:762:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tag_block + block_len + 2 * i, data/libisofs-1.5.2/libisofs/md5.c:763:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. "%2.2x", ((unsigned char *) md5)[i]); data/libisofs-1.5.2/libisofs/md5.c:791:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5[16], *tag_block = NULL, *tag_id; data/libisofs-1.5.2/libisofs/md5.c:826:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tag_block + l, " next=%u", t->checksum_tree_tag_pos); data/libisofs-1.5.2/libisofs/md5.c:828:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tag_block + l, " next=%u", t->checksum_tag_pos); data/libisofs-1.5.2/libisofs/md5.c:830:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tag_block + l, " session_start=%u", t->opts->ms_block); data/libisofs-1.5.2/libisofs/md5.c:832:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(tag_block + l, " md5="); data/libisofs-1.5.2/libisofs/md5.c:835:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tag_block + l + 2 * i, "%2.2x", data/libisofs-1.5.2/libisofs/md5.c:836:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *) md5)[i]); data/libisofs-1.5.2/libisofs/md5.c:843:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tag_block + l, " self="); data/libisofs-1.5.2/libisofs/md5.c:846:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tag_block + l + 2 * i, "%2.2x", data/libisofs-1.5.2/libisofs/md5.c:847:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *) md5)[i]); data/libisofs-1.5.2/libisofs/md5.c:863:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(t->opts_overwrite + pos * 2048, tag_block, 2048); data/libisofs-1.5.2/libisofs/messages.c:573:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[MAX_MSG_LEN]; data/libisofs-1.5.2/libisofs/node.c:1745:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*value, values[i], *value_length); data/libisofs-1.5.2/libisofs/node.c:1905:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((*m_values)[j], values[i], value_lengths[i]); data/libisofs-1.5.2/libisofs/node.c:1949:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((*m_values)[w], values[i], value_lengths[i]); data/libisofs-1.5.2/libisofs/node.c:2113:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. v_data = (unsigned char *) values[i]; data/libisofs-1.5.2/libisofs/node.c:2232:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. v_data = (unsigned char *) values[i]; data/libisofs-1.5.2/libisofs/node.c:2433:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*new_data, old_data, sizeof(struct zisofs_zf_info)); data/libisofs-1.5.2/libisofs/node.c:2569:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*new_data, old_data, sizeof(ino_t)); data/libisofs-1.5.2/libisofs/node.c:2657:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(xipt, &ino, sizeof(ino_t)); data/libisofs-1.5.2/libisofs/node.c:2882:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char value[4]; data/libisofs-1.5.2/libisofs/node.c:2904:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[5 + 5 + 5 + 2 + 81], *wpt = buffer, *valuept = buffer; data/libisofs-1.5.2/libisofs/node.c:2932:59: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. uint32_t *count, uint32_t *size, char typetext[81], data/libisofs-1.5.2/libisofs/node.c:2961:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(typetext, rpt, len); data/libisofs-1.5.2/libisofs/node.c:2975:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[5 + 5], *wpt = buffer, *valuept = buffer; data/libisofs-1.5.2/libisofs/node.c:3017:54: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int iso_file_get_md5(IsoImage *image, IsoFile *file, char md5[16], int flag) data/libisofs-1.5.2/libisofs/node.c:3028:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(md5, (char *) xipt, 16); data/libisofs-1.5.2/libisofs/node.c:3043:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. idx = (idx << 8) | ((unsigned char *) value)[i]; data/libisofs-1.5.2/libisofs/node.c:3050:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(md5, image->checksum_array + ((size_t) 16) * ((size_t) idx), data/libisofs-1.5.2/libisofs/node.h:511:59: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. uint32_t *count, uint32_t *size, char typetext[81], data/libisofs-1.5.2/libisofs/rockridge.c:439:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&NM[5], name, size); data/libisofs-1.5.2/libisofs/rockridge.c:483:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&comp[2], s, size); data/libisofs-1.5.2/libisofs/rockridge.c:571:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&SL[pos], comp[j], comp[j][1] + 2); data/libisofs-1.5.2/libisofs/rockridge.c:607:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&SL[pos], comp[j], comp[j][1] + 2); data/libisofs-1.5.2/libisofs/rockridge.c:701:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(cpt, aapt, len); data/libisofs-1.5.2/libisofs/rockridge.c:753:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ER[8], "IEEE_1282", 9); data/libisofs-1.5.2/libisofs/rockridge.c:754:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ER[17], "THE IEEE 1282 PROTOCOL PROVIDES SUPPORT FOR POSIX " data/libisofs-1.5.2/libisofs/rockridge.c:756:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ER[89], "PLEASE CONTACT THE IEEE STANDARDS DEPARTMENT, " data/libisofs-1.5.2/libisofs/rockridge.c:788:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ER[8], "RRIP_1991A", 10); data/libisofs-1.5.2/libisofs/rockridge.c:789:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ER[18], "THE ROCK RIDGE INTERCHANGE PROTOCOL PROVIDES SUPPORT FOR POSIX FILE SYSTEM SEMANTICS", 84); data/libisofs-1.5.2/libisofs/rockridge.c:790:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&ER[102], "PLEASE CONTACT DISC PUBLISHER FOR SPECIFICATION SOURCE. SEE PUBLISHER IDENTIFIER IN PRIMARY VOLUME DESCRIPTOR FOR CONTACT INFORMATION.", 135); data/libisofs-1.5.2/libisofs/rockridge.c:816:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ER + 8, "AAIP_0200", 9); data/libisofs-1.5.2/libisofs/rockridge.c:817:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ER + 17, data/libisofs-1.5.2/libisofs/rockridge.c:820:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ER + 98, data/libisofs-1.5.2/libisofs/rockridge.c:1119:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*new_data, old_data, aa_size); data/libisofs-1.5.2/libisofs/rockridge.c:1425:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aapt, xipt, num_aapt); data/libisofs-1.5.2/libisofs/rockridge.c:2222:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + pos, info->susp_fields[i], info->susp_fields[i][2]); data/libisofs-1.5.2/libisofs/rockridge_read.c:557:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aapt + 5, sue->data.AL.comps, sue->len_sue[0] - 5); data/libisofs-1.5.2/libisofs/rockridge_read.c:612:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(aapt + 5, sue->data.AL.comps, sue->len_sue[0] - 5); data/libisofs-1.5.2/libisofs/stream.c:639:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, data->buf + data->offset, len); data/libisofs-1.5.2/libisofs/stream.c:713:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_buf, data->buf, data->size); data/libisofs-1.5.2/libisofs/stream.c:800:27: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return stream->class->open(stream); data/libisofs-1.5.2/libisofs/stream.c:856:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(name, "BOOT CATALOG"); data/libisofs-1.5.2/libisofs/stream.c:858:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(name, "MEM SOURCE"); data/libisofs-1.5.2/libisofs/stream.c:860:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(name, "EXTERNAL FILTER"); data/libisofs-1.5.2/libisofs/stream.c:862:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(name, "UNKNOWN SOURCE"); data/libisofs-1.5.2/libisofs/stream.c:904:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ivd, " %.f %.f", data/libisofs-1.5.2/libisofs/stream.c:1227:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int iso_stream_make_md5(IsoStream *stream, char md5[16], int flag) data/libisofs-1.5.2/libisofs/stream.h:96:44: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int iso_stream_make_md5(IsoStream *stream, char md5[16], int flag); data/libisofs-1.5.2/libisofs/system_area.c:159:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[128]; data/libisofs-1.5.2/libisofs/system_area.c:188:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, data/libisofs-1.5.2/libisofs/system_area.c:799:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char *) buf, data/libisofs-1.5.2/libisofs/system_area.c:930:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + 2, "PALO", 5); data/libisofs-1.5.2/libisofs/system_area.c:957:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + 24, img->hppa_cmdline, strlen(img->hppa_cmdline) + 1); data/libisofs-1.5.2/libisofs/system_area.c:982:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + 1024, img->hppa_cmdline, strlen(img->hppa_cmdline) + 1); data/libisofs-1.5.2/libisofs/system_area.c:1012:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char *) buf, "Linux/Alpha aboot for ISO filesystem."); data/libisofs-1.5.2/libisofs/system_area.c:1087:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(entry->type_guid, type_guid, 16); data/libisofs-1.5.2/libisofs/system_area.c:1088:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(entry->partition_guid, partition_guid, 16); data/libisofs-1.5.2/libisofs/system_area.c:1090:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(entry->name, name, 72); data/libisofs-1.5.2/libisofs/system_area.c:1205:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wpt, req->name, 32); data/libisofs-1.5.2/libisofs/system_area.c:1208:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wpt, req->type, 32); data/libisofs-1.5.2/libisofs/system_area.c:1242:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char gap_name[33]; data/libisofs-1.5.2/libisofs/system_area.c:1296:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(gap_name, "Gap%d", gap_counter); data/libisofs-1.5.2/libisofs/system_area.c:1417:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, block0_template, 8); data/libisofs-1.5.2/libisofs/system_area.c:1533:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wpt, type_guid, 16); data/libisofs-1.5.2/libisofs/system_area.c:1544:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wpt, part_uuid, 16); data/libisofs-1.5.2/libisofs/system_area.c:1552:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wpt, name, 72); data/libisofs-1.5.2/libisofs/system_area.c:1561:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char revision[4] = {0x00, 0x00, 0x01, 0x00}; data/libisofs-1.5.2/libisofs/system_area.c:1570:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wpt, sig, 8); /* no trailing 0 */ data/libisofs-1.5.2/libisofs/system_area.c:1573:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wpt, revision, 4); data/libisofs-1.5.2/libisofs/system_area.c:1607:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(wpt, t->gpt_disk_guid, 16); data/libisofs-1.5.2/libisofs/system_area.c:1699:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *) gpt_name, "HFSPLUS_%d", counter); data/libisofs-1.5.2/libisofs/system_area.c:1701:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *) gpt_name, "HFSPLUS"); data/libisofs-1.5.2/libisofs/system_area.c:1781:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *) gpt_name, "ISO9660"); data/libisofs-1.5.2/libisofs/system_area.c:1785:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *) gpt_name, "Gap%d", gap_counter); data/libisofs-1.5.2/libisofs/system_area.c:1847:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf + 446 + 16 * i, dummy_entry, 16); data/libisofs-1.5.2/libisofs/system_area.c:1897:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, t->system_area_data, 16 * BLOCK_SIZE); data/libisofs-1.5.2/libisofs/system_area.c:2341:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "Automatically adjusted MBR geometry to %d/%d/%d", data/libisofs-1.5.2/libisofs/system_area.c:2395:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, data/libisofs-1.5.2/libisofs/system_area.c:2430:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(entry, req, sizeof(struct iso_apm_partition_request)); data/libisofs-1.5.2/libisofs/system_area.c:2449:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(entry, req, sizeof(struct iso_mbr_partition_request)); data/libisofs-1.5.2/libisofs/system_area.c:2467:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(entry, req, sizeof(struct iso_gpt_partition_request)); data/libisofs-1.5.2/libisofs/system_area.c:2542:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(guid, u, 16); data/libisofs-1.5.2/libisofs/system_area.c:2561:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = open("/dev/urandom", O_RDONLY | O_BINARY); data/libisofs-1.5.2/libisofs/system_area.c:2584:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(u, uuid_template, 16); data/libisofs-1.5.2/libisofs/system_area.c:2610:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(uuid, t->gpt_uuid_base, 16); data/libisofs-1.5.2/libisofs/system_area.c:2658:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *) gpt_name, "Appended%d", i + 1); data/libisofs-1.5.2/libisofs/system_area.c:2673:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char *) gpt_name, "Appended%d", i + 1); data/libisofs-1.5.2/libisofs/system_area.c:2780:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char *) gpt_name, "GPT Test 1"); data/libisofs-1.5.2/libisofs/system_area.c:2798:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char *) gpt_name, "GPT Test 2"); data/libisofs-1.5.2/libisofs/system_area.c:2906:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_head, head, 512); data/libisofs-1.5.2/libisofs/system_area.c:2908:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_head + 24, head + 32, 8); data/libisofs-1.5.2/libisofs/system_area.c:2909:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_head + 32, head + 24, 8); data/libisofs-1.5.2/libisofs/system_area.c:2923:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(new_head - t->gpt_max_entries * 128, data/libisofs-1.5.2/libisofs/system_area.c:3037:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char *) gpt_name, "EFI boot partition"); data/libisofs-1.5.2/libisofs/system_area.h:286:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[9]; data/libisofs-1.5.2/libisofs/tree.c:857:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*new_name, name, *at_pos); data/libisofs-1.5.2/libisofs/tree.c:861:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*new_name + *at_pos + count, name + *at_pos, *len - *at_pos); data/libisofs-1.5.2/libisofs/tree.c:938:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*unique_name, *name, len); data/libisofs-1.5.2/libisofs/util.c:173:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char libisofs_local_charset[4096]= {""}; data/libisofs-1.5.2/libisofs/util.c:236:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*output, out, ret - out + 1); data/libisofs-1.5.2/libisofs/util.c:287:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*output, out, ret - out + 1); data/libisofs-1.5.2/libisofs/util.c:857:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/libisofs-1.5.2/libisofs/util.c:897:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dest[13]; /* 13 = 8 (name) + 1 (.) + 3 (ext) + 1 (\0) */ data/libisofs-1.5.2/libisofs/util.c:964:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dest[32]; /* 32 = 30 (name + ext) + 1 (.) + 1 (\0) */ data/libisofs-1.5.2/libisofs/util.c:1361:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ret, str, 2 * (len + 1)); data/libisofs-1.5.2/libisofs/util.c:1397:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, n*2); data/libisofs-1.5.2/libisofs/util.c:1404:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, src, n*2); data/libisofs-1.5.2/libisofs/util.c:1653:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*)&buf[0], "%04d", tm.tm_year + 1900); data/libisofs-1.5.2/libisofs/util.c:1654:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*)&buf[4], "%02d", tm.tm_mon + 1); data/libisofs-1.5.2/libisofs/util.c:1655:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*)&buf[6], "%02d", tm.tm_mday); data/libisofs-1.5.2/libisofs/util.c:1656:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*)&buf[8], "%02d", tm.tm_hour); data/libisofs-1.5.2/libisofs/util.c:1657:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*)&buf[10], "%02d", tm.tm_min); data/libisofs-1.5.2/libisofs/util.c:1658:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf((char*)&buf[12], "%02d", MIN(59, tm.tm_sec)); data/libisofs-1.5.2/libisofs/util.c:1659:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&buf[14], "00", 2); data/libisofs-1.5.2/libisofs/util.c:1769:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&input_tm_copy, tm, sizeof(struct tm)); data/libisofs-1.5.2/libisofs/util.c:1844:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd = open(path, O_RDONLY); data/libisofs-1.5.2/libisofs/util.c:2045:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. *data_len = ((unsigned char *) buffer)[0]; data/libisofs-1.5.2/libisofs/util.c:2049:43: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. *data = (*data << 8) | ((unsigned char *) buffer)[i]; data/libisofs-1.5.2/libisofs/util.c:2071:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(target + 2 * i, "%-2.2x", bytes[i]); data/libisofs-1.5.2/libisofs/util.c:2081:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char b[3]; data/libisofs-1.5.2/libisofs/util.c:2093:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ((unsigned char *) bin)[i] = u; data/libisofs-1.5.2/libisofs/util.c:2120:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int iso_util_decode_md5_tag(char data[2048], int *tag_type, uint32_t *pos, data/libisofs-1.5.2/libisofs/util.c:2122:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. uint32_t *next_tag, char md5[16], int flag) data/libisofs-1.5.2/libisofs/util.c:2126:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *cpt, self_md5[16], tag_md5[16], *tag_magic; data/libisofs-1.5.2/libisofs/util.c:2210:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char md5[16], cloned_md5[16]; data/libisofs-1.5.2/libisofs/util.c:2317:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(*out, in, size); data/libisofs-1.5.2/libisofs/util.c:2401:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hashval[16]; data/libisofs-1.5.2/libisofs/util.c:2434:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name + goal, "%2.2x", *((unsigned char *) (hashval + i))); data/libisofs-1.5.2/libisofs/aaip-os-freebsd.c:279:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). space_len= strlen(attrnamespace); data/libisofs-1.5.2/libisofs/aaip-os-freebsd.c:498:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i+= strlen(list + i) + 1) { data/libisofs-1.5.2/libisofs/aaip-os-freebsd.c:789:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, list + i + 1, len); data/libisofs-1.5.2/libisofs/aaip-os-linux.c:294:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i= 0; i < list_size; i+= strlen(list + i) + 1) data/libisofs-1.5.2/libisofs/aaip-os-linux.c:325:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i+= strlen(list + i) + 1) { data/libisofs-1.5.2/libisofs/aaip-os-linux.c:538:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i= 0; i < (size_t) list_size; i+= strlen(list + i) + 1) { data/libisofs-1.5.2/libisofs/aaip_0_2.c:238:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strncmp(name, Aaip_namespace_textS[i], strlen(Aaip_namespace_textS[i])) data/libisofs-1.5.2/libisofs/aaip_0_2.c:240:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). name+= strlen(Aaip_namespace_textS[i]); data/libisofs-1.5.2/libisofs/aaip_0_2.c:249:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l= strlen(name) + (prefix > 0); data/libisofs-1.5.2/libisofs/aaip_0_2.c:403:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). npt= rpt + strlen(rpt); data/libisofs-1.5.2/libisofs/aaip_0_2.c:434:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, rpt + 5, cpt - (rpt + 5)); data/libisofs-1.5.2/libisofs/aaip_0_2.c:461:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). qualifier_len= strlen(name); data/libisofs-1.5.2/libisofs/aaip_0_2.c:486:8: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, rpt + 6, cpt - (rpt + 6)); data/libisofs-1.5.2/libisofs/aaip_0_2.c:513:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). qualifier_len= strlen(name); data/libisofs-1.5.2/libisofs/aaip_0_2.c:737:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). npt= rpt + strlen(rpt); data/libisofs-1.5.2/libisofs/aaip_0_2.c:872:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wpt= acl_text + strlen(acl_text); data/libisofs-1.5.2/libisofs/aaip_0_2.c:879:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wpt= acl_text + strlen(acl_text); data/libisofs-1.5.2/libisofs/aaip_0_2.c:886:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wpt= acl_text + strlen(acl_text); data/libisofs-1.5.2/libisofs/aaip_0_2.c:893:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wpt= acl_text + strlen(acl_text); data/libisofs-1.5.2/libisofs/aaip_0_2.c:1701:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pl= strlen(prefix); data/libisofs-1.5.2/libisofs/aaip_0_2.c:2034:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tag_len= strlen(tag_type); data/libisofs-1.5.2/libisofs/aaip_0_2.c:2035:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). qualifier_len= strlen(qualifier); data/libisofs-1.5.2/libisofs/aaip_0_2.c:2036:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). perm_len= strlen(permissions); data/libisofs-1.5.2/libisofs/aaip_0_2.c:2182:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(strlen(pwd->pw_name) >= (size_t) name_size) data/libisofs-1.5.2/libisofs/aaip_0_2.c:2196:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(strlen(grp->gr_name) >= (size_t) name_size) data/libisofs-1.5.2/libisofs/builder.c:76:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int) strlen(name) > image->truncate_length) { data/libisofs-1.5.2/libisofs/builder.c:142:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int) strlen(name) > image->truncate_length) { data/libisofs-1.5.2/libisofs/data_source.c:124:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (read(data->fd, buffer, 2048) != 2048) { data/libisofs-1.5.2/libisofs/ecma119.c:185:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ret = n->iso_name ? strlen(n->iso_name) + 33 : 34; data/libisofs-1.5.2/libisofs/ecma119.c:289:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += dir->iso_name ? strlen(dir->iso_name) : 1; data/libisofs-1.5.2/libisofs/ecma119.c:681:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fi_len = strlen(child->iso_name); data/libisofs-1.5.2/libisofs/ecma119.c:784:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rec->len_di[0] = dir->parent ? (uint8_t) strlen(dir->iso_name) : 1; data/libisofs-1.5.2/libisofs/ecma119.c:1617:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(txt, start_pt, end_pt - start_pt); data/libisofs-1.5.2/libisofs/ecma119.c:1784:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). LIBISO_ALLOC_MEM(o->path, char, strlen(path) + 1); data/libisofs-1.5.2/libisofs/ecma119.c:1992:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(ivr->fd, read_buf, to_read - read_done); data/libisofs-1.5.2/libisofs/ecma119.c:4220:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(opts->vol_uuid, vol_uuid, 16); data/libisofs-1.5.2/libisofs/ecma119.c:4368:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(opts->ascii_disc_label, label, ISO_DISC_LABEL_SIZE - 1); data/libisofs-1.5.2/libisofs/ecma119.c:4487:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). conved_len = strlen(conved); data/libisofs-1.5.2/libisofs/ecma119.c:4514:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). conved_len = strlen(conved); data/libisofs-1.5.2/libisofs/ecma119_tree.c:70:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ascii_name) > opts->untranslated_name_len) { data/libisofs-1.5.2/libisofs/ecma119_tree.c:75:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(ascii_name), opts->untranslated_name_len, data/libisofs-1.5.2/libisofs/ecma119_tree.c:110:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(ascii_name) > opts->untranslated_name_len) data/libisofs-1.5.2/libisofs/ecma119_tree.c:438:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). max_path = pathlen + 1 + (iso_name ? strlen(iso_name) : 0); data/libisofs-1.5.2/libisofs/ecma119_tree.c:696:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(full_name, children[i]->iso_name, full_max_len); data/libisofs-1.5.2/libisofs/ecma119_tree.c:720:53: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extlen = (max_file_len == 12) ? 3 : strlen(ext); data/libisofs-1.5.2/libisofs/ecma119_tree.c:754:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((size_t) max < strlen(name)) { data/libisofs-1.5.2/libisofs/ecma119_tree.c:758:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ext = name + strlen(name); data/libisofs-1.5.2/libisofs/ecma119_tree.c:939:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = strlen(dir->info.dir->children[i]->iso_name); data/libisofs-1.5.2/libisofs/ecma119_tree.c:1042:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pathlen += strlen(img->rr_reloc_node->iso_name) + 1; data/libisofs-1.5.2/libisofs/ecma119_tree.c:1054:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). newpathlen = pathlen + 1 + strlen(child->iso_name); data/libisofs-1.5.2/libisofs/filters/external.c:418:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(running->recv_fd, ((char *) buf) + fill, data/libisofs-1.5.2/libisofs/filters/external.c:436:13: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(1000); /* just in case it is still non-blocking */ data/libisofs-1.5.2/libisofs/filters/external.c:479:25: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(1000); /* To make sure sufficient laziness */ data/libisofs-1.5.2/libisofs/filters/external.c:484:21: [1] (obsolete) usleep: This C routine is considered obsolete (as opposed to the shell command by the same name). The interaction of this function with SIGALRM and other timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead. usleep(1000); /* go lazy because the filter is slow */ data/libisofs-1.5.2/libisofs/filters/gzip.c:452:30: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = stream->class->read(stream, buf, bufsize); data/libisofs-1.5.2/libisofs/filters/zisofs.c:701:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = stream->class->read(stream, buf, bufsize); data/libisofs-1.5.2/libisofs/fs_image.c:488:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pathlen = strlen(path); data/libisofs-1.5.2/libisofs/fs_image.c:489:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_path = realloc(path, pathlen + strlen(data->name) + 2); data/libisofs-1.5.2/libisofs/fs_image.c:900:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (read < count && data->data.offset < data->info.st_size) { data/libisofs-1.5.2/libisofs/fs_image.c:925:29: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). count - read); data/libisofs-1.5.2/libisofs/fs_image.c:931:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). memcpy((uint8_t*)buf + read, orig, bytes); data/libisofs-1.5.2/libisofs/fs_image.c:935:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read; data/libisofs-1.5.2/libisofs/fs_image.c:1079:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(dest); data/libisofs-1.5.2/libisofs/fs_image.c:1086:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, dest, len); data/libisofs-1.5.2/libisofs/fs_image.c:1642:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (name != NULL) if (strlen(name) > 4095) { data/libisofs-1.5.2/libisofs/fs_image.c:1945:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(name); data/libisofs-1.5.2/libisofs/fs_image.c:1978:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int) strlen(name) > fsdata->truncate_length) { data/libisofs-1.5.2/libisofs/fs_image.c:2916:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(ifs->type, "iso ", 4); data/libisofs-1.5.2/libisofs/fs_image.c:4122:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(comments + strlen(comments), "Implausible header LBA %.f, ", data/libisofs-1.5.2/libisofs/fs_image.c:4127:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(comments + strlen(comments), data/libisofs-1.5.2/libisofs/fs_image.c:4146:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(comments + strlen(comments), data/libisofs-1.5.2/libisofs/fs_image.c:4161:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(comments + strlen(comments), "Disk GUID differs ("); data/libisofs-1.5.2/libisofs/fs_image.c:4162:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iso_util_bin_to_hex(comments + strlen(comments), head + 56, 16, 0); data/libisofs-1.5.2/libisofs/fs_image.c:4163:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(comments + strlen(comments), "), "); data/libisofs-1.5.2/libisofs/fs_image.c:4174:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(comments + strlen(comments), data/libisofs-1.5.2/libisofs/fs_image.c:4180:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(comments + strlen(comments), "Implausible array LBA %.f, ", data/libisofs-1.5.2/libisofs/fs_image.c:4187:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(comments + strlen(comments), data/libisofs-1.5.2/libisofs/fs_image.c:4197:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(comments + strlen(comments), data/libisofs-1.5.2/libisofs/fs_image.c:4214:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(comments + strlen(comments), " %d", i + 1); data/libisofs-1.5.2/libisofs/fs_image.c:4225:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(comments); data/libisofs-1.5.2/libisofs/fs_image.c:4836:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). target->byte_count += strlen(msg) + 1; data/libisofs-1.5.2/libisofs/fs_image.c:4844:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(msg) + strlen(path) >= ISO_MAX_SYSAREA_LINE_LENGTH) data/libisofs-1.5.2/libisofs/fs_image.c:4844:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(msg) + strlen(path) >= ISO_MAX_SYSAREA_LINE_LENGTH) data/libisofs-1.5.2/libisofs/fs_image.c:4845:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(msg + strlen(msg), "(too long to show here)"); data/libisofs-1.5.2/libisofs/fs_image.c:4953:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path = iso_alloc_mem(strlen(msg) + 20, 1, 0); data/libisofs-1.5.2/libisofs/fs_image.c:4958:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(path + strlen(path), "%u", (unsigned int) size); data/libisofs-1.5.2/libisofs/fs_image.c:5013:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(msg + strlen(msg), " cyl-align-%s", data/libisofs-1.5.2/libisofs/fs_image.c:5029:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(msg + strlen(msg), " HP-PA-PALO"); data/libisofs-1.5.2/libisofs/fs_image.c:5031:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(msg + strlen(msg), " DEC-Alpha"); data/libisofs-1.5.2/libisofs/fs_image.c:5033:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(msg + strlen(msg), " unkown-system-area-type-%d", sa_type); data/libisofs-1.5.2/libisofs/fs_image.c:5333:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). count += strlen(doc[i]) + 1; data/libisofs-1.5.2/libisofs/fs_image.c:5350:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). count += strlen(doc[i]) + 1; data/libisofs-1.5.2/libisofs/fs_image.c:5473:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(msg) > 27) { data/libisofs-1.5.2/libisofs/fs_image.c:5474:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). msg[strlen(msg) - 1] = 0; data/libisofs-1.5.2/libisofs/fs_image.c:5482:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iso_util_bin_to_hex(msg + strlen(msg), data/libisofs-1.5.2/libisofs/fs_image.c:5490:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iso_util_bin_to_hex(msg + strlen(msg), data/libisofs-1.5.2/libisofs/fs_local.c:76:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pathlen = strlen(path); data/libisofs-1.5.2/libisofs/fs_local.c:77:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_path = realloc(path, pathlen + strlen(data->name) + 2); data/libisofs-1.5.2/libisofs/fs_local.c:308:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(data->info.fd, buf8 + done, to_read); data/libisofs-1.5.2/libisofs/fs_local.c:818:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(lfs->type, "file", 4); data/libisofs-1.5.2/libisofs/fsource.c:97:24: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return src->class->read(src, buf, count); data/libisofs-1.5.2/libisofs/hfsplus.c:240:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). &(node->name), &(node->strlen), &(node->cmp_name)); data/libisofs-1.5.2/libisofs/hfsplus.c:350:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t->hfsp_leafs[t->hfsp_curleaf].used_size = t->hfsp_leafs[t->hfsp_curleaf].strlen * 2 + 8 + 2 + sizeof (struct hfsplus_catfile_common) + 2 * sizeof (struct hfsplus_forkdata); data/libisofs-1.5.2/libisofs/hfsplus.c:356:76: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t->hfsp_leafs[t->hfsp_curleaf].used_size = t->hfsp_leafs[t->hfsp_curleaf].strlen * 2 + 8 + 2 + sizeof (struct hfsplus_catfile_common) + 2 * sizeof (struct hfsplus_forkdata); data/libisofs-1.5.2/libisofs/hfsplus.c:367:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t->hfsp_leafs[t->hfsp_curleaf].used_size = t->hfsp_leafs[t->hfsp_curleaf].strlen * 2 + 8 + 2 + sizeof (struct hfsplus_catfile_common) + 2 * sizeof (struct hfsplus_forkdata); data/libisofs-1.5.2/libisofs/hfsplus.c:373:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t->hfsp_leafs[t->hfsp_curleaf].used_size = t->hfsp_leafs[t->hfsp_curleaf].strlen * 2 + 8 + 2 + sizeof (struct hfsplus_catfile_common); data/libisofs-1.5.2/libisofs/hfsplus.c:385:80: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t->hfsp_leafs[t->hfsp_curleaf].strlen = t->hfsp_leafs[t->hfsp_curleaf - 1].strlen; data/libisofs-1.5.2/libisofs/hfsplus.c:386:79: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). t->hfsp_leafs[t->hfsp_curleaf].used_size = t->hfsp_leafs[t->hfsp_curleaf].strlen * 2 + 8 + 2 + sizeof (struct hfsplus_catfile_thread); data/libisofs-1.5.2/libisofs/hfsplus.c:532:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hfsp_curblock += (strlen(t->hfsp_leafs[i].symlink_dest) + data/libisofs-1.5.2/libisofs/hfsplus.c:758:86: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iso_msb ((uint8_t *) buffer + curoff + 6, t->hfsp_levels[level - 1].nodes[curnode].strlen, 2); data/libisofs-1.5.2/libisofs/hfsplus.c:760:131: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy ((uint8_t *) buffer + curoff, t->hfsp_levels[level - 1].nodes[curnode].str, 2 * t->hfsp_levels[level - 1].nodes[curnode].strlen); data/libisofs-1.5.2/libisofs/hfsplus.c:761:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). curoff += 2 * t->hfsp_levels[level - 1].nodes[curnode].strlen; data/libisofs-1.5.2/libisofs/hfsplus.c:831:69: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iso_msb ((uint8_t *) &thread->namelen, t->hfsp_leafs[curnode].strlen, 2); data/libisofs-1.5.2/libisofs/hfsplus.c:833:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy (buffer + curoff, t->hfsp_leafs[curnode].name, t->hfsp_leafs[curnode].strlen * 2); data/libisofs-1.5.2/libisofs/hfsplus.c:834:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). curoff += t->hfsp_leafs[curnode].strlen * 2; data/libisofs-1.5.2/libisofs/hfsplus.c:842:76: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iso_msb ((uint8_t *) buffer + curoff, 6 + 2 * t->hfsp_leafs[curnode].strlen, 2); data/libisofs-1.5.2/libisofs/hfsplus.c:844:72: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). iso_msb ((uint8_t *) buffer + curoff + 6, t->hfsp_leafs[curnode].strlen, 2); data/libisofs-1.5.2/libisofs/hfsplus.c:846:84: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy (buffer + curoff, t->hfsp_leafs[curnode].name, t->hfsp_leafs[curnode].strlen * 2); data/libisofs-1.5.2/libisofs/hfsplus.c:847:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). curoff += t->hfsp_leafs[curnode].strlen * 2; data/libisofs-1.5.2/libisofs/hfsplus.c:940:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sz = strlen(t->hfsp_leafs[curnode].symlink_dest); data/libisofs-1.5.2/libisofs/hfsplus.c:1019:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(t->hfsp_leafs[i].symlink_dest)); data/libisofs-1.5.2/libisofs/hfsplus.c:1022:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). overhead = strlen(t->hfsp_leafs[i].symlink_dest) % block_size; data/libisofs-1.5.2/libisofs/hfsplus.c:1199:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_len = strlen(new_name); data/libisofs-1.5.2/libisofs/hfsplus.c:1251:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). orig_len = strlen(orig_dest); data/libisofs-1.5.2/libisofs/hfsplus.c:1253:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hfsp_len = strlen(hfsp_dest); data/libisofs-1.5.2/libisofs/hfsplus.c:1284:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). orig_end = orig_start + strlen(orig_start); data/libisofs-1.5.2/libisofs/hfsplus.c:1288:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). hfsp_end = hfsp_start + strlen(hfsp_start); data/libisofs-1.5.2/libisofs/hfsplus.c:1302:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(n->name) == comp_len) data/libisofs-1.5.2/libisofs/hfsplus.c:1366:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). target->hfsp_leafs[i].strlen = target->hfsp_leafs[idx].strlen; data/libisofs-1.5.2/libisofs/hfsplus.c:1369:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (target->hfsp_leafs[i].strlen > old_strlen) data/libisofs-1.5.2/libisofs/hfsplus.c:1374:72: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). target->hfsp_leafs[i].strlen); data/libisofs-1.5.2/libisofs/hfsplus.c:1394:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). old_strlen = target->hfsp_leafs[idx].strlen; data/libisofs-1.5.2/libisofs/hfsplus.c:1401:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(prefix) + 1 + strlen(number) > LIBISO_HFSPLUS_NAME_MAX) { data/libisofs-1.5.2/libisofs/hfsplus.c:1401:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(prefix) + 1 + strlen(number) > LIBISO_HFSPLUS_NAME_MAX) { data/libisofs-1.5.2/libisofs/hfsplus.c:1637:99: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). target->hfsp_leafs[target->hfsp_curleaf].used_size = target->hfsp_leafs[target->hfsp_curleaf].strlen * 2 + 8 + 2 + sizeof (struct hfsplus_catfile_common); data/libisofs-1.5.2/libisofs/hfsplus.c:1649:100: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). target->hfsp_leafs[target->hfsp_curleaf].strlen = target->hfsp_leafs[target->hfsp_curleaf - 1].strlen; data/libisofs-1.5.2/libisofs/hfsplus.c:1650:99: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). target->hfsp_leafs[target->hfsp_curleaf].used_size = target->hfsp_leafs[target->hfsp_curleaf].strlen * 2 + 8 + 2 + sizeof (struct hfsplus_catfile_thread); data/libisofs-1.5.2/libisofs/hfsplus.c:1710:117: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). target->hfsp_levels[level].nodes[target->hfsp_levels[level].level_size].strlen = target->hfsp_leafs[last_start].strlen; data/libisofs-1.5.2/libisofs/hfsplus.c:1730:116: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). target->hfsp_levels[level].nodes[target->hfsp_levels[level].level_size].strlen = target->hfsp_leafs[last_start].strlen; data/libisofs-1.5.2/libisofs/hfsplus.c:1765:58: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). used_size = target->hfsp_levels[level - 1].nodes[i].strlen * 2 + 14; data/libisofs-1.5.2/libisofs/hfsplus.c:1770:138: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). target->hfsp_levels[level].nodes[target->hfsp_levels[level].level_size].strlen = target->hfsp_levels[level - 1].nodes[last_start].strlen; data/libisofs-1.5.2/libisofs/hfsplus.c:1782:132: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). target->hfsp_levels[level].nodes[target->hfsp_levels[level].level_size].strlen = target->hfsp_levels[level - 1].nodes[last_start].strlen; data/libisofs-1.5.2/libisofs/hfsplus.h:34:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32_t strlen; data/libisofs-1.5.2/libisofs/hfsplus.h:65:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). uint32_t strlen; data/libisofs-1.5.2/libisofs/image.c:474:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image->creation_time, creation_time, 17); data/libisofs-1.5.2/libisofs/image.c:475:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image->modification_time, modification_time, 17); data/libisofs-1.5.2/libisofs/image.c:476:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image->expiration_time, expiration_time, 17); data/libisofs-1.5.2/libisofs/image.c:477:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image->effective_time, effective_time, 17); data/libisofs-1.5.2/libisofs/image.c:1128:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int) strlen(name) <= image->truncate_length) { data/libisofs-1.5.2/libisofs/image.c:1134:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(image->truncate_buffer, name, 4095); data/libisofs-1.5.2/libisofs/iso1999.c:63:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) > 207) { data/libisofs-1.5.2/libisofs/iso1999.c:200:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). max_path = pathlen + 1 + (iso_name ? strlen(iso_name): 0); data/libisofs-1.5.2/libisofs/iso1999.c:384:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). extlen = strlen(ext); data/libisofs-1.5.2/libisofs/iso1999.c:416:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((size_t) max < strlen(name)) { data/libisofs-1.5.2/libisofs/iso1999.c:420:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ext = name + strlen(name); data/libisofs-1.5.2/libisofs/iso1999.c:561:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int ret = n->name ? strlen(n->name) + 33 : 34; data/libisofs-1.5.2/libisofs/iso1999.c:637:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size += dir->name ? strlen(dir->name) : 2; data/libisofs-1.5.2/libisofs/iso1999.c:857:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fi_len = strlen(child->name); data/libisofs-1.5.2/libisofs/iso1999.c:939:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). rec->len_di[0] = dir->parent ? (uint8_t) strlen(dir->name) : 1; data/libisofs-1.5.2/libisofs/libiso_msgs.c:247:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(m->print_id,print_id,80); data/libisofs-1.5.2/libisofs/libiso_msgs.c:376:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). item->msg_text= malloc(strlen(msg_text)+1); data/libisofs-1.5.2/libisofs/libiso_msgs.h:458:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). 0x0002010e (FATAL,HIGH) = Attempt to read ATIP from ungrabbed drive data/libisofs-1.5.2/libisofs/libiso_msgs.h:471:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). 0x0002011b (FATAL,HIGH) = Attempt to read track info from ungrabbed drive data/libisofs-1.5.2/libisofs/libiso_msgs.h:472:41: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). 0x0002011c (FATAL,HIGH) = Attempt to read track info from busy drive data/libisofs-1.5.2/libisofs/libiso_msgs.h:512:44: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). 0x00020144 (SORRY,HIGH) = SCSI error on read data/libisofs-1.5.2/libisofs/libiso_msgs.h:513:58: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). 0x00020145 (FATAL,HIGH) = Drive is busy on attempt to read data data/libisofs-1.5.2/libisofs/libiso_msgs.h:518:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). 0x0002014a (SORRY,HIGH) = Cannot read desired amount of data data/libisofs-1.5.2/libisofs/libiso_msgs.h:554:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). 0x0003fff5 (FAILURE,HIGH) = Buffer read error data/libisofs-1.5.2/libisofs/libiso_msgs.h:566:40: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). 0x0003ff7b (FAILURE,HIGH) = Trying to read or close a file not openned data/libisofs-1.5.2/libisofs/libiso_msgs.h:568:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). 0x0003ff79 (FAILURE,HIGH) = File read error data/libisofs-1.5.2/libisofs/libiso_msgs.h:574:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). 0x0003ff73 (MISHAP,HIGH) = File read error during image creation data/libisofs-1.5.2/libisofs/libiso_msgs.h:600:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). X 0x00031001 (SORRY,HIGH) = Cannot read file (ignored) data/libisofs-1.5.2/libisofs/libiso_msgs.h:601:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). X 0x00031002 (FATAL,HIGH) = Cannot read file (operation canceled) data/libisofs-1.5.2/libisofs/libiso_msgs.h:605:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). X 0x00031003 (SORRY,HIGH) = Cannot read previous image file data/libisofs-1.5.2/libisofs/libisofs.h:759:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int (*read)(IsoFileSource *src, void *buf, size_t count); data/libisofs-1.5.2/libisofs/libisofs.h:1055:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int (*read)(IsoStream *stream, void *buf, size_t count); data/libisofs-1.5.2/libisofs/libisofs.h:9130:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int (*read)(struct burn_source *, unsigned char *buffer, int size); data/libisofs-1.5.2/libisofs/md5.c:732:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). line_start = strlen(tag_block); data/libisofs-1.5.2/libisofs/md5.c:746:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). record_len = strlen(record); data/libisofs-1.5.2/libisofs/md5.c:760:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). block_len = strlen(tag_block); data/libisofs-1.5.2/libisofs/md5.c:768:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(t->opts->scdbackup_tag_written, tag_block + line_start, data/libisofs-1.5.2/libisofs/md5.c:824:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(tag_block); data/libisofs-1.5.2/libisofs/md5.c:833:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(tag_block); data/libisofs-1.5.2/libisofs/messages.c:586:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(msg, iso_error_to_msg(errcode), MAX_MSG_LEN - 1); data/libisofs-1.5.2/libisofs/messages.c:675:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(msg_text, textpt, ISO_MSGS_MESSAGE_LEN-1); data/libisofs-1.5.2/libisofs/messages.c:676:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(textpt) >= ISO_MSGS_MESSAGE_LEN) data/libisofs-1.5.2/libisofs/node.c:405:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int) strlen(name) > image->truncate_length) data/libisofs-1.5.2/libisofs/node.c:660:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((int) strlen(name) <= truncate_length) { data/libisofs-1.5.2/libisofs/node.c:1255:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(name) > LIBISOFS_NODE_NAME_MAX) data/libisofs-1.5.2/libisofs/node.c:1300:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(dest) > LIBISOFS_NODE_PATH_MAX) data/libisofs-1.5.2/libisofs/node.c:2138:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). text_fill = strlen(*access_text); data/libisofs-1.5.2/libisofs/node.c:2919:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(wpt, typetext, 80); data/libisofs-1.5.2/libisofs/node.c:2920:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(typetext) > 80) data/libisofs-1.5.2/libisofs/node.c:2923:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wpt += strlen(typetext); data/libisofs-1.5.2/libisofs/rockridge.c:1186:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen(name); data/libisofs-1.5.2/libisofs/rockridge.c:1234:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = strlen(prev); data/libisofs-1.5.2/libisofs/rockridge.c:1756:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). namelen = strlen(name); data/libisofs-1.5.2/libisofs/rockridge.c:1816:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). clen = strlen(prev); data/libisofs-1.5.2/libisofs/rockridge.c:1903:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). + 248, strlen(prev + 248), 0x00); data/libisofs-1.5.2/libisofs/rockridge.c:1953:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = rrip_add_NM(t, info, name, strlen(name), 0, 0); data/libisofs-1.5.2/libisofs/rockridge.c:2008:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). ret = rrip_add_NM(t, info, name + namelen, strlen(name + namelen), data/libisofs-1.5.2/libisofs/rockridge_read.c:346:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *name = realloc(*name, strlen(*name) + nm->len_sue[0] - 5 + 1); data/libisofs-1.5.2/libisofs/rockridge_read.c:347:9: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(*name, (char*)nm->data.NM.name, nm->len_sue[0] - 5); data/libisofs-1.5.2/libisofs/rockridge_read.c:407:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t size = strlen(*dest); data/libisofs-1.5.2/libisofs/rockridge_read.c:410:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *dest = realloc(*dest, strlen(*dest) + len + 2); data/libisofs-1.5.2/libisofs/rockridge_read.c:423:13: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(*dest, comp, len); data/libisofs-1.5.2/libisofs/rockridge_read.c:426:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). *dest = realloc(*dest, strlen(*dest) + len + 1); data/libisofs-1.5.2/libisofs/rockridge_read.c:431:13: [1] (buffer) strncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf, or automatically resizing strings. strncat(*dest, comp, len); data/libisofs-1.5.2/libisofs/stream.c:818:27: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return stream->class->read(stream, buf, count); data/libisofs-1.5.2/libisofs/stream.c:852:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name, path, PATH_MAX - 1); data/libisofs-1.5.2/libisofs/stream.c:906:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path= calloc(strlen(raw_path) + strlen(ivd) + 1, 1); data/libisofs-1.5.2/libisofs/stream.c:906:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path= calloc(strlen(raw_path) + strlen(ivd) + 1, 1); data/libisofs-1.5.2/libisofs/system_area.c:549:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name_field, namept, 8); data/libisofs-1.5.2/libisofs/system_area.c:797:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *) buf, t->opts->ascii_disc_label, 128); data/libisofs-1.5.2/libisofs/system_area.c:952:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(img->hppa_cmdline) > 127) { data/libisofs-1.5.2/libisofs/system_area.c:957:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(buf + 24, img->hppa_cmdline, strlen(img->hppa_cmdline) + 1); data/libisofs-1.5.2/libisofs/system_area.c:977:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(img->hppa_cmdline) > 1023) { data/libisofs-1.5.2/libisofs/system_area.c:982:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). memcpy(buf + 1024, img->hppa_cmdline, strlen(img->hppa_cmdline) + 1); data/libisofs-1.5.2/libisofs/system_area.c:1043:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *) entry->name, name, 32); data/libisofs-1.5.2/libisofs/system_area.c:1044:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy((char *) entry->type, type, 32); data/libisofs-1.5.2/libisofs/system_area.c:1646:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = strlen((char *) gap_name) - 1; i >= 0; i--) { data/libisofs-1.5.2/libisofs/system_area.c:2564:11: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ret = read(fd, u, 16); data/libisofs-1.5.2/libisofs/tree.c:898:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(*name); data/libisofs-1.5.2/libisofs/tree.c:959:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(*unique_name); data/libisofs-1.5.2/libisofs/tree.c:1260:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(parent_path) == 1) { data/libisofs-1.5.2/libisofs/tree.c:1261:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path = calloc(1, strlen(node->name) + 2); data/libisofs-1.5.2/libisofs/tree.c:1266:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path = calloc(1, strlen(parent_path) + strlen(node->name) + 2); data/libisofs-1.5.2/libisofs/tree.c:1266:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). path = calloc(1, strlen(parent_path) + strlen(node->name) + 2); data/libisofs-1.5.2/libisofs/tree.c:1501:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (truncate_length >= 64 && (int) strlen(new_name) > truncate_length) { data/libisofs-1.5.2/libisofs/tree.c:1588:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dest_len = strlen(dest); data/libisofs-1.5.2/libisofs/tree.c:1612:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dest_end = dest_start + strlen(dest_start); data/libisofs-1.5.2/libisofs/tree.c:1626:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(n->name) == comp_len) data/libisofs-1.5.2/libisofs/util.c:69:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tocode) + strlen(fromcode) <= 160 && iso_iconv_debug) data/libisofs-1.5.2/libisofs/util.c:69:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tocode) + strlen(fromcode) <= 160 && iso_iconv_debug) data/libisofs-1.5.2/libisofs/util.c:178:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(name) >= sizeof(libisofs_local_charset)) data/libisofs-1.5.2/libisofs/util.c:206:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inbytes = strlen(str); data/libisofs-1.5.2/libisofs/util.c:336:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inbytes = strlen(input); data/libisofs-1.5.2/libisofs/util.c:431:20: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). numchars = wcslen(wsrc_); data/libisofs-1.5.2/libisofs/util.c:463:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inbytes = strlen(input); data/libisofs-1.5.2/libisofs/util.c:593:20: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). numchars = wcslen(wsrc_); data/libisofs-1.5.2/libisofs/util.c:626:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inbytes = strlen(input); data/libisofs-1.5.2/libisofs/util.c:714:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inbytes = strlen(input); data/libisofs-1.5.2/libisofs/util.c:727:24: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). numchars = wcslen(wsrc_); data/libisofs-1.5.2/libisofs/util.c:859:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(src); data/libisofs-1.5.2/libisofs/util.c:903:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (dot == src && strlen(src) > 4) data/libisofs-1.5.2/libisofs/util.c:905:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lext = dot ? strlen(dot + 1) : 0; data/libisofs-1.5.2/libisofs/util.c:906:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lname = strlen(src) - lext - (dot ? 1 : 0); data/libisofs-1.5.2/libisofs/util.c:979:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lname = strlen(src); data/libisofs-1.5.2/libisofs/util.c:983:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lext = strlen(dot + 1); data/libisofs-1.5.2/libisofs/util.c:984:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lname = strlen(src) - lext - 1; data/libisofs-1.5.2/libisofs/util.c:985:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lnext = (strlen(src) > 31 && lext > 3) ? (lname < 27 ? 30 - lname : 3) data/libisofs-1.5.2/libisofs/util.c:987:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lnname = (strlen(src) > 31) ? 30 - lnext : lname; data/libisofs-1.5.2/libisofs/util.c:1031:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(src); data/libisofs-1.5.2/libisofs/util.c:1113:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lname = strlen(src); data/libisofs-1.5.2/libisofs/util.c:1117:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lext = strlen(dot + 1); data/libisofs-1.5.2/libisofs/util.c:1118:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lname = strlen(src) - lext - 1; data/libisofs-1.5.2/libisofs/util.c:1119:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lnext = (strlen(src) > len + 1 && lext > 3) ? data/libisofs-1.5.2/libisofs/util.c:1122:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lnname = (strlen(src) > len + 1) ? (int) len - lnext : lname; data/libisofs-1.5.2/libisofs/util.c:1433:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(ascii); data/libisofs-1.5.2/libisofs/util.c:1467:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(ascii); data/libisofs-1.5.2/libisofs/util.c:1890:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, buf, len); data/libisofs-1.5.2/libisofs/util.c:1922:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = MIN(strlen(src), max); data/libisofs-1.5.2/libisofs/util.c:1967:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (len = strlen(out) - 1; out[len] == ' ' && len > 0; --len) data/libisofs-1.5.2/libisofs/util.c:2313:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size = strlen(in) + 1; data/libisofs-1.5.2/libisofs/util.c:2403:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). l = strlen(name); data/libisofs-1.5.2/libisofs/util_htable.c:276:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(p); ANALYSIS SUMMARY: Hits = 853 Lines analyzed = 66967 in approximately 1.78 seconds (37529 lines/second) Physical Source Lines of Code (SLOC) = 41087 Hits@level = [0] 128 [1] 266 [2] 529 [3] 5 [4] 50 [5] 3 Hits@level+ = [0+] 981 [1+] 853 [2+] 587 [3+] 58 [4+] 53 [5+] 3 Hits/KSLOC@level+ = [0+] 23.8762 [1+] 20.7608 [2+] 14.2868 [3+] 1.41164 [4+] 1.28995 [5+] 0.0730158 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.