Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/libowfat-0.30/critbit.h Examining data/libowfat-0.30/array.h Examining data/libowfat-0.30/buffer.h Examining data/libowfat-0.30/byte.h Examining data/libowfat-0.30/case.h Examining data/libowfat-0.30/cdb.h Examining data/libowfat-0.30/cdb_make.h Examining data/libowfat-0.30/compiletimeassert.h Examining data/libowfat-0.30/dns.h Examining data/libowfat-0.30/ent.c Examining data/libowfat-0.30/errmsg.h Examining data/libowfat-0.30/errmsg_int.h Examining data/libowfat-0.30/fmt.h Examining data/libowfat-0.30/iarray.h Examining data/libowfat-0.30/io.h Examining data/libowfat-0.30/io_internal.h Examining data/libowfat-0.30/iob.h Examining data/libowfat-0.30/iob_internal.h Examining data/libowfat-0.30/ip4.h Examining data/libowfat-0.30/ip6.h Examining data/libowfat-0.30/isset.h Examining data/libowfat-0.30/likely.h Examining data/libowfat-0.30/mmap.h Examining data/libowfat-0.30/ndelay.h Examining data/libowfat-0.30/open.h Examining data/libowfat-0.30/openreadclose.h Examining data/libowfat-0.30/rangecheck.h Examining data/libowfat-0.30/readclose.h Examining data/libowfat-0.30/safemult.h Examining data/libowfat-0.30/scan.h Examining data/libowfat-0.30/socket.h Examining data/libowfat-0.30/str.h Examining data/libowfat-0.30/stralloc.h Examining data/libowfat-0.30/tai.h Examining data/libowfat-0.30/taia.h Examining data/libowfat-0.30/textcode.h Examining data/libowfat-0.30/tryalloca.c Examining data/libowfat-0.30/trybsdsf.c Examining data/libowfat-0.30/trydevpoll.c Examining data/libowfat-0.30/tryepoll.c Examining data/libowfat-0.30/tryinline.c Examining data/libowfat-0.30/tryip6.c Examining data/libowfat-0.30/trykqueue.c Examining data/libowfat-0.30/tryn2i.c Examining data/libowfat-0.30/trypoll.c Examining data/libowfat-0.30/tryscope.c Examining data/libowfat-0.30/trysendfile.c Examining data/libowfat-0.30/trysigio.c Examining data/libowfat-0.30/trysl.c Examining data/libowfat-0.30/trysocket.c Examining data/libowfat-0.30/trysysel.c Examining data/libowfat-0.30/tryuint128.c Examining data/libowfat-0.30/uint16.h Examining data/libowfat-0.30/uint32.h Examining data/libowfat-0.30/uint64.h Examining data/libowfat-0.30/va_narg.h Examining data/libowfat-0.30/windoze.h Examining data/libowfat-0.30/array/array_allocate.c Examining data/libowfat-0.30/array/array_bytes.c Examining data/libowfat-0.30/array/array_cat.c Examining data/libowfat-0.30/array/array_cat0.c Examining data/libowfat-0.30/array/array_catb.c Examining data/libowfat-0.30/array/array_cate.c Examining data/libowfat-0.30/array/array_cats.c Examining data/libowfat-0.30/array/array_cats0.c Examining data/libowfat-0.30/array/array_equal.c Examining data/libowfat-0.30/array/array_fail.c Examining data/libowfat-0.30/array/array_get.c Examining data/libowfat-0.30/array/array_length.c Examining data/libowfat-0.30/array/array_reset.c Examining data/libowfat-0.30/array/array_start.c Examining data/libowfat-0.30/array/array_trunc.c Examining data/libowfat-0.30/array/array_truncate.c Examining data/libowfat-0.30/array/iarray_allocate.c Examining data/libowfat-0.30/array/iarray_free.c Examining data/libowfat-0.30/array/iarray_get.c Examining data/libowfat-0.30/array/iarray_init.c Examining data/libowfat-0.30/array/iarray_length.c Examining data/libowfat-0.30/buffer/buffer_0.c Examining data/libowfat-0.30/buffer/buffer_1.c Examining data/libowfat-0.30/buffer/buffer_2.c Examining data/libowfat-0.30/buffer/buffer_close.c Examining data/libowfat-0.30/buffer/buffer_feed.c Examining data/libowfat-0.30/buffer/buffer_flush.c Examining data/libowfat-0.30/buffer/buffer_free.c Examining data/libowfat-0.30/buffer/buffer_fromarray.c Examining data/libowfat-0.30/buffer/buffer_frombuf.c Examining data/libowfat-0.30/buffer/buffer_fromsa.c Examining data/libowfat-0.30/buffer/buffer_get.c Examining data/libowfat-0.30/buffer/buffer_get_new_token_sa.c Examining data/libowfat-0.30/buffer/buffer_get_new_token_sa_pred.c Examining data/libowfat-0.30/buffer/buffer_get_token.c Examining data/libowfat-0.30/buffer/buffer_get_token_pred.c Examining data/libowfat-0.30/buffer/buffer_get_token_sa.c Examining data/libowfat-0.30/buffer/buffer_get_token_sa_pred.c Examining data/libowfat-0.30/buffer/buffer_getc.c Examining data/libowfat-0.30/buffer/buffer_getline.c Examining data/libowfat-0.30/buffer/buffer_getline_sa.c Examining data/libowfat-0.30/buffer/buffer_getn.c Examining data/libowfat-0.30/buffer/buffer_getnewline_sa.c Examining data/libowfat-0.30/buffer/buffer_init.c Examining data/libowfat-0.30/buffer/buffer_init_free.c Examining data/libowfat-0.30/buffer/buffer_mmapread.c Examining data/libowfat-0.30/buffer/buffer_munmap.c Examining data/libowfat-0.30/buffer/buffer_peek.c Examining data/libowfat-0.30/buffer/buffer_put.c Examining data/libowfat-0.30/buffer/buffer_put8long.c Examining data/libowfat-0.30/buffer/buffer_putalign.c Examining data/libowfat-0.30/buffer/buffer_puterror.c Examining data/libowfat-0.30/buffer/buffer_puterror2.c Examining data/libowfat-0.30/buffer/buffer_putflush.c Examining data/libowfat-0.30/buffer/buffer_putlong.c Examining data/libowfat-0.30/buffer/buffer_putlonglong.c Examining data/libowfat-0.30/buffer/buffer_putm_internal.c Examining data/libowfat-0.30/buffer/buffer_putm_internal_flush.c Examining data/libowfat-0.30/buffer/buffer_putnlflush.c Examining data/libowfat-0.30/buffer/buffer_puts.c Examining data/libowfat-0.30/buffer/buffer_putsa.c Examining data/libowfat-0.30/buffer/buffer_putsaflush.c Examining data/libowfat-0.30/buffer/buffer_putsalign.c Examining data/libowfat-0.30/buffer/buffer_putsflush.c Examining data/libowfat-0.30/buffer/buffer_putspace.c Examining data/libowfat-0.30/buffer/buffer_putulong.c Examining data/libowfat-0.30/buffer/buffer_putulonglong.c Examining data/libowfat-0.30/buffer/buffer_putxlong.c Examining data/libowfat-0.30/buffer/buffer_seek.c Examining data/libowfat-0.30/buffer/buffer_stubborn.c Examining data/libowfat-0.30/buffer/buffer_stubborn2.c Examining data/libowfat-0.30/buffer/buffer_tosa.c Examining data/libowfat-0.30/buffer/errmsg_iam.c Examining data/libowfat-0.30/buffer/errmsg_info.c Examining data/libowfat-0.30/buffer/errmsg_infosys.c Examining data/libowfat-0.30/buffer/errmsg_puts.c Examining data/libowfat-0.30/buffer/errmsg_warn.c Examining data/libowfat-0.30/buffer/errmsg_warnsys.c Examining data/libowfat-0.30/buffer/errmsg_write.c Examining data/libowfat-0.30/buffer/buffer_0small.c Examining data/libowfat-0.30/buffer/buffer_1small.c Examining data/libowfat-0.30/byte/byte_chr.c Examining data/libowfat-0.30/byte/byte_copy.c Examining data/libowfat-0.30/byte/byte_copyr.c Examining data/libowfat-0.30/byte/byte_diff.c Examining data/libowfat-0.30/byte/byte_equal_notimingattack.c Examining data/libowfat-0.30/byte/byte_rchr.c Examining data/libowfat-0.30/byte/byte_zero.c Examining data/libowfat-0.30/case/case_diffb.c Examining data/libowfat-0.30/case/case_diffs.c Examining data/libowfat-0.30/case/case_lowerb.c Examining data/libowfat-0.30/case/case_lowers.c Examining data/libowfat-0.30/case/case_starts.c Examining data/libowfat-0.30/cdb/cdb.c Examining data/libowfat-0.30/cdb/cdb_hash.c Examining data/libowfat-0.30/cdb/cdb_make.c Examining data/libowfat-0.30/cdb/cdb_traverse.c Examining data/libowfat-0.30/dns/dns_dfd.c Examining data/libowfat-0.30/dns/dns_domain.c Examining data/libowfat-0.30/dns/dns_dtda.c Examining data/libowfat-0.30/dns/dns_ip.c Examining data/libowfat-0.30/dns/dns_ip6.c Examining data/libowfat-0.30/dns/dns_ipq.c Examining data/libowfat-0.30/dns/dns_ipq6.c Examining data/libowfat-0.30/dns/dns_mx.c Examining data/libowfat-0.30/dns/dns_name.c Examining data/libowfat-0.30/dns/dns_nd.c Examining data/libowfat-0.30/dns/dns_nd6.c Examining data/libowfat-0.30/dns/dns_packet.c Examining data/libowfat-0.30/dns/dns_random.c Examining data/libowfat-0.30/dns/dns_rcip.c Examining data/libowfat-0.30/dns/dns_rcrw.c Examining data/libowfat-0.30/dns/dns_resolve.c Examining data/libowfat-0.30/dns/dns_sortip.c Examining data/libowfat-0.30/dns/dns_sortip6.c Examining data/libowfat-0.30/dns/dns_transmit.c Examining data/libowfat-0.30/dns/dns_txt.c Examining data/libowfat-0.30/examples/buffer_getline.c Examining data/libowfat-0.30/examples/byte.c Examining data/libowfat-0.30/examples/str.c Examining data/libowfat-0.30/fmt/fmt_8long.c Examining data/libowfat-0.30/fmt/fmt_8longlong.c Examining data/libowfat-0.30/fmt/fmt_asn1derlength.c Examining data/libowfat-0.30/fmt/fmt_asn1dertag.c Examining data/libowfat-0.30/fmt/fmt_double.c Examining data/libowfat-0.30/fmt/fmt_escapecharc.c Examining data/libowfat-0.30/fmt/fmt_escapecharhtml.c Examining data/libowfat-0.30/fmt/fmt_escapecharjson.c Examining data/libowfat-0.30/fmt/fmt_escapecharquotedprintable.c Examining data/libowfat-0.30/fmt/fmt_escapecharquotedprintableutf8.c Examining data/libowfat-0.30/fmt/fmt_escapecharxml.c Examining data/libowfat-0.30/fmt/fmt_fill.c Examining data/libowfat-0.30/fmt/fmt_httpdate.c Examining data/libowfat-0.30/fmt/fmt_human.c Examining data/libowfat-0.30/fmt/fmt_humank.c Examining data/libowfat-0.30/fmt/fmt_long.c Examining data/libowfat-0.30/fmt/fmt_longlong.c Examining data/libowfat-0.30/fmt/fmt_minus.c Examining data/libowfat-0.30/fmt/fmt_pad.c Examining data/libowfat-0.30/fmt/fmt_plusminus.c Examining data/libowfat-0.30/fmt/fmt_str.c Examining data/libowfat-0.30/fmt/fmt_strm_internal.c Examining data/libowfat-0.30/fmt/fmt_strn.c Examining data/libowfat-0.30/fmt/fmt_tohex.c Examining data/libowfat-0.30/fmt/fmt_ulong.c Examining data/libowfat-0.30/fmt/fmt_ulong0.c Examining data/libowfat-0.30/fmt/fmt_ulonglong.c Examining data/libowfat-0.30/fmt/fmt_utf8.c Examining data/libowfat-0.30/fmt/fmt_xlong.c Examining data/libowfat-0.30/fmt/fmt_xlonglong.c Examining data/libowfat-0.30/fmt/fmt_xmlescape.c Examining data/libowfat-0.30/io/io_appendfile.c Examining data/libowfat-0.30/io/io_block.c Examining data/libowfat-0.30/io/io_canread.c Examining data/libowfat-0.30/io/io_canwrite.c Examining data/libowfat-0.30/io/io_check.c Examining data/libowfat-0.30/io/io_close.c Examining data/libowfat-0.30/io/io_createfile.c Examining data/libowfat-0.30/io/io_debugstring.c Examining data/libowfat-0.30/io/io_dontwantread.c Examining data/libowfat-0.30/io/io_dontwantwrite.c Examining data/libowfat-0.30/io/io_eagain.c Examining data/libowfat-0.30/io/io_eagain_read.c Examining data/libowfat-0.30/io/io_eagain_write.c Examining data/libowfat-0.30/io/io_fd.c Examining data/libowfat-0.30/io/io_finishandshutdown.c Examining data/libowfat-0.30/io/io_getcookie.c Examining data/libowfat-0.30/io/io_mmapwritefile.c Examining data/libowfat-0.30/io/io_nonblock.c Examining data/libowfat-0.30/io/io_passfd.c Examining data/libowfat-0.30/io/io_pipe.c Examining data/libowfat-0.30/io/io_readfile.c Examining data/libowfat-0.30/io/io_readwritefile.c Examining data/libowfat-0.30/io/io_receivefd.c Examining data/libowfat-0.30/io/io_sendfile.c Examining data/libowfat-0.30/io/io_setcookie.c Examining data/libowfat-0.30/io/io_sigpipe.c Examining data/libowfat-0.30/io/io_socketpair.c Examining data/libowfat-0.30/io/io_timedout.c Examining data/libowfat-0.30/io/io_timeout.c Examining data/libowfat-0.30/io/io_timeouted.c Examining data/libowfat-0.30/io/io_tryread.c Examining data/libowfat-0.30/io/io_tryreadtimeout.c Examining data/libowfat-0.30/io/io_trywrite.c Examining data/libowfat-0.30/io/io_trywritetimeout.c Examining data/libowfat-0.30/io/io_wait.c Examining data/libowfat-0.30/io/io_waitread.c Examining data/libowfat-0.30/io/io_waituntil.c Examining data/libowfat-0.30/io/io_waituntil2.c Examining data/libowfat-0.30/io/io_waitwrite.c Examining data/libowfat-0.30/io/io_wantread.c Examining data/libowfat-0.30/io/io_wantwrite.c Examining data/libowfat-0.30/io/iob_addbuf.c Examining data/libowfat-0.30/io/iob_addbuf_free.c Examining data/libowfat-0.30/io/iob_addbuf_internal.c Examining data/libowfat-0.30/io/iob_addbuf_munmap.c Examining data/libowfat-0.30/io/iob_addfile.c Examining data/libowfat-0.30/io/iob_addfile_close.c Examining data/libowfat-0.30/io/iob_adds.c Examining data/libowfat-0.30/io/iob_adds_free.c Examining data/libowfat-0.30/io/iob_bytesleft.c Examining data/libowfat-0.30/io/iob_free.c Examining data/libowfat-0.30/io/iob_new.c Examining data/libowfat-0.30/io/iob_prefetch.c Examining data/libowfat-0.30/io/iob_reset.c Examining data/libowfat-0.30/io/iob_send.c Examining data/libowfat-0.30/io/iob_write.c Examining data/libowfat-0.30/io/io_closeonexec.c Examining data/libowfat-0.30/mmap/mmap_private.c Examining data/libowfat-0.30/mmap/mmap_read.c Examining data/libowfat-0.30/mmap/mmap_shared.c Examining data/libowfat-0.30/mmap/mmap_unmap.c Examining data/libowfat-0.30/mult/imult16.c Examining data/libowfat-0.30/mult/imult32.c Examining data/libowfat-0.30/mult/imult64.c Examining data/libowfat-0.30/mult/range_arrayinbuf.c Examining data/libowfat-0.30/mult/range_str2inbuf.c Examining data/libowfat-0.30/mult/range_str4inbuf.c Examining data/libowfat-0.30/mult/range_strinbuf.c Examining data/libowfat-0.30/mult/umult16.c Examining data/libowfat-0.30/mult/umult32.c Examining data/libowfat-0.30/mult/umult64.c Examining data/libowfat-0.30/open/open_append.c Examining data/libowfat-0.30/open/open_excl.c Examining data/libowfat-0.30/open/open_read.c Examining data/libowfat-0.30/open/open_rw.c Examining data/libowfat-0.30/open/open_trunc.c Examining data/libowfat-0.30/open/open_write.c Examining data/libowfat-0.30/open/openreadclose.c Examining data/libowfat-0.30/open/readclose.c Examining data/libowfat-0.30/scan/scan_8int.c Examining data/libowfat-0.30/scan/scan_8long.c Examining data/libowfat-0.30/scan/scan_8longlong.c Examining data/libowfat-0.30/scan/scan_8longn.c Examining data/libowfat-0.30/scan/scan_8short.c Examining data/libowfat-0.30/scan/scan_asn1derlength.c Examining data/libowfat-0.30/scan/scan_asn1dertag.c Examining data/libowfat-0.30/scan/scan_charsetnskip.c Examining data/libowfat-0.30/scan/scan_double.c Examining data/libowfat-0.30/scan/scan_fromhex.c Examining data/libowfat-0.30/scan/scan_httpdate.c Examining data/libowfat-0.30/scan/scan_int.c Examining data/libowfat-0.30/scan/scan_long.c Examining data/libowfat-0.30/scan/scan_longlong.c Examining data/libowfat-0.30/scan/scan_longn.c Examining data/libowfat-0.30/scan/scan_netstring.c Examining data/libowfat-0.30/scan/scan_noncharsetnskip.c Examining data/libowfat-0.30/scan/scan_nonwhitenskip.c Examining data/libowfat-0.30/scan/scan_plusminus.c Examining data/libowfat-0.30/scan/scan_short.c Examining data/libowfat-0.30/scan/scan_uint.c Examining data/libowfat-0.30/scan/scan_ulong.c Examining data/libowfat-0.30/scan/scan_ulonglong.c Examining data/libowfat-0.30/scan/scan_ulongn.c Examining data/libowfat-0.30/scan/scan_ushort.c Examining data/libowfat-0.30/scan/scan_utf8.c Examining data/libowfat-0.30/scan/scan_whitenskip.c Examining data/libowfat-0.30/scan/scan_xint.c Examining data/libowfat-0.30/scan/scan_xlong.c Examining data/libowfat-0.30/scan/scan_xlonglong.c Examining data/libowfat-0.30/scan/scan_xlongn.c Examining data/libowfat-0.30/scan/scan_xshort.c Examining data/libowfat-0.30/socket/fmt_ip4.c Examining data/libowfat-0.30/socket/fmt_ip6.c Examining data/libowfat-0.30/socket/fmt_ip6_flat.c Examining data/libowfat-0.30/socket/fmt_ip6c.c Examining data/libowfat-0.30/socket/fmt_ip6if.c Examining data/libowfat-0.30/socket/fmt_ip6ifc.c Examining data/libowfat-0.30/socket/init.c Examining data/libowfat-0.30/socket/scan_ip4.c Examining data/libowfat-0.30/socket/scan_ip6.c Examining data/libowfat-0.30/socket/scan_ip6_flat.c Examining data/libowfat-0.30/socket/scan_ip6if.c Examining data/libowfat-0.30/socket/socket_accept4.c Examining data/libowfat-0.30/socket/socket_accept6.c Examining data/libowfat-0.30/socket/socket_bind4.c Examining data/libowfat-0.30/socket/socket_bind4_reuse.c Examining data/libowfat-0.30/socket/socket_bind6.c Examining data/libowfat-0.30/socket/socket_bind6_reuse.c Examining data/libowfat-0.30/socket/socket_broadcast.c Examining data/libowfat-0.30/socket/socket_connect4.c Examining data/libowfat-0.30/socket/socket_connect6.c Examining data/libowfat-0.30/socket/socket_connected.c Examining data/libowfat-0.30/socket/socket_deferaccept.c Examining data/libowfat-0.30/socket/socket_fastopen.c Examining data/libowfat-0.30/socket/socket_fastopen_connect4.c Examining data/libowfat-0.30/socket/socket_fastopen_connect6.c Examining data/libowfat-0.30/socket/socket_getifidx.c Examining data/libowfat-0.30/socket/socket_getifname.c Examining data/libowfat-0.30/socket/socket_ip4loopback.c Examining data/libowfat-0.30/socket/socket_listen.c Examining data/libowfat-0.30/socket/socket_local4.c Examining data/libowfat-0.30/socket/socket_local6.c Examining data/libowfat-0.30/socket/socket_mchopcount6.c Examining data/libowfat-0.30/socket/socket_mcjoin4.c Examining data/libowfat-0.30/socket/socket_mcjoin6.c Examining data/libowfat-0.30/socket/socket_mcleave4.c Examining data/libowfat-0.30/socket/socket_mcleave6.c Examining data/libowfat-0.30/socket/socket_mcloop4.c Examining data/libowfat-0.30/socket/socket_mcloop6.c Examining data/libowfat-0.30/socket/socket_mcttl4.c Examining data/libowfat-0.30/socket/socket_noipv6.c Examining data/libowfat-0.30/socket/socket_quickack.c Examining data/libowfat-0.30/socket/socket_recv4.c Examining data/libowfat-0.30/socket/socket_recv6.c Examining data/libowfat-0.30/socket/socket_remote4.c Examining data/libowfat-0.30/socket/socket_remote6.c Examining data/libowfat-0.30/socket/socket_sctp4.c Examining data/libowfat-0.30/socket/socket_sctp4b.c Examining data/libowfat-0.30/socket/socket_sctp6.c Examining data/libowfat-0.30/socket/socket_sctp6b.c Examining data/libowfat-0.30/socket/socket_send4.c Examining data/libowfat-0.30/socket/socket_send6.c Examining data/libowfat-0.30/socket/socket_tcp4.c Examining data/libowfat-0.30/socket/socket_tcp4b.c Examining data/libowfat-0.30/socket/socket_tcp6.c Examining data/libowfat-0.30/socket/socket_tcp6b.c Examining data/libowfat-0.30/socket/socket_tryreservein.c Examining data/libowfat-0.30/socket/socket_udp4.c Examining data/libowfat-0.30/socket/socket_udp6.c Examining data/libowfat-0.30/socket/socket_v4mappedprefix.c Examining data/libowfat-0.30/socket/socket_v6any.c Examining data/libowfat-0.30/socket/socket_v6loopback.c Examining data/libowfat-0.30/str/str_chr.c Examining data/libowfat-0.30/str/str_copy.c Examining data/libowfat-0.30/str/str_diff.c Examining data/libowfat-0.30/str/str_diffn.c Examining data/libowfat-0.30/str/str_len.c Examining data/libowfat-0.30/str/str_rchr.c Examining data/libowfat-0.30/str/str_start.c Examining data/libowfat-0.30/stralloc/stralloc_append.c Examining data/libowfat-0.30/stralloc/stralloc_cat.c Examining data/libowfat-0.30/stralloc/stralloc_catb.c Examining data/libowfat-0.30/stralloc/stralloc_catlong0.c Examining data/libowfat-0.30/stralloc/stralloc_catm_internal.c Examining data/libowfat-0.30/stralloc/stralloc_cats.c Examining data/libowfat-0.30/stralloc/stralloc_catulong0.c Examining data/libowfat-0.30/stralloc/stralloc_chomp.c Examining data/libowfat-0.30/stralloc/stralloc_chop.c Examining data/libowfat-0.30/stralloc/stralloc_copy.c Examining data/libowfat-0.30/stralloc/stralloc_copyb.c Examining data/libowfat-0.30/stralloc/stralloc_copys.c Examining data/libowfat-0.30/stralloc/stralloc_diff.c Examining data/libowfat-0.30/stralloc/stralloc_diffs.c Examining data/libowfat-0.30/stralloc/stralloc_free.c Examining data/libowfat-0.30/stralloc/stralloc_init.c Examining data/libowfat-0.30/stralloc/stralloc_ready.c Examining data/libowfat-0.30/stralloc/stralloc_readyplus.c Examining data/libowfat-0.30/stralloc/stralloc_starts.c Examining data/libowfat-0.30/stralloc/stralloc_zero.c Examining data/libowfat-0.30/tai/tai_add.c Examining data/libowfat-0.30/tai/tai_now.c Examining data/libowfat-0.30/tai/tai_pack.c Examining data/libowfat-0.30/tai/tai_sub.c Examining data/libowfat-0.30/tai/tai_uint.c Examining data/libowfat-0.30/tai/tai_unpack.c Examining data/libowfat-0.30/taia/taia_add.c Examining data/libowfat-0.30/taia/taia_addsec.c Examining data/libowfat-0.30/taia/taia_approx.c Examining data/libowfat-0.30/taia/taia_frac.c Examining data/libowfat-0.30/taia/taia_half.c Examining data/libowfat-0.30/taia/taia_less.c Examining data/libowfat-0.30/taia/taia_now.c Examining data/libowfat-0.30/taia/taia_pack.c Examining data/libowfat-0.30/taia/taia_sub.c Examining data/libowfat-0.30/taia/taia_tai.c Examining data/libowfat-0.30/taia/taia_uint.c Examining data/libowfat-0.30/taia/taia_unpack.c Examining data/libowfat-0.30/test/array.c Examining data/libowfat-0.30/test/b64decode.c Examining data/libowfat-0.30/test/b64encode.c Examining data/libowfat-0.30/test/buffer_1.c Examining data/libowfat-0.30/test/buffer_fromsa.c Examining data/libowfat-0.30/test/buffer_mmap.c Examining data/libowfat-0.30/test/buffer_tosa.c Examining data/libowfat-0.30/test/byte_copy.c Examining data/libowfat-0.30/test/cas.c Examining data/libowfat-0.30/test/cdbget2.c Examining data/libowfat-0.30/test/cescape.c Examining data/libowfat-0.30/test/client.c Examining data/libowfat-0.30/test/dllink.c Examining data/libowfat-0.30/test/dnsip.c Examining data/libowfat-0.30/test/fdpassing.c Examining data/libowfat-0.30/test/fmt.c Examining data/libowfat-0.30/test/fmt_httpdate.c Examining data/libowfat-0.30/test/fmt_human.c Examining data/libowfat-0.30/test/fmt_ip6.c Examining data/libowfat-0.30/test/fmt_long.c Examining data/libowfat-0.30/test/fmt_longlong.c Examining data/libowfat-0.30/test/fmt_strm_alloca.c Examining data/libowfat-0.30/test/httpd.c Examining data/libowfat-0.30/test/io.c Examining data/libowfat-0.30/test/io2.c Examining data/libowfat-0.30/test/io3.c Examining data/libowfat-0.30/test/io4.c Examining data/libowfat-0.30/test/io5.c Examining data/libowfat-0.30/test/iob.c Examining data/libowfat-0.30/test/marshal.c Examining data/libowfat-0.30/test/mult.c Examining data/libowfat-0.30/test/proxy.c Examining data/libowfat-0.30/test/range.c Examining data/libowfat-0.30/test/readhttp.c Examining data/libowfat-0.30/test/scan.c Examining data/libowfat-0.30/test/scan_long.c Examining data/libowfat-0.30/test/scan_netstring.c Examining data/libowfat-0.30/test/server.c Examining data/libowfat-0.30/test/stralloc_buffer.c Examining data/libowfat-0.30/test/stralloc_chomp.c Examining data/libowfat-0.30/test/textcode.c Examining data/libowfat-0.30/test/uint.c Examining data/libowfat-0.30/test/unurl.c Examining data/libowfat-0.30/test/urlencode.c Examining data/libowfat-0.30/test/uudecode.c Examining data/libowfat-0.30/test/vd.c Examining data/libowfat-0.30/textcode/base64.c Examining data/libowfat-0.30/textcode/fmt_base64.c Examining data/libowfat-0.30/textcode/fmt_cescape.c Examining data/libowfat-0.30/textcode/fmt_foldwhitespace.c Examining data/libowfat-0.30/textcode/fmt_hexdump.c Examining data/libowfat-0.30/textcode/fmt_html.c Examining data/libowfat-0.30/textcode/fmt_html_tagarg.c Examining data/libowfat-0.30/textcode/fmt_jsonescape.c Examining data/libowfat-0.30/textcode/fmt_ldapescape.c Examining data/libowfat-0.30/textcode/fmt_ldapescape2.c Examining data/libowfat-0.30/textcode/fmt_quotedprintable.c Examining data/libowfat-0.30/textcode/fmt_to_array.c Examining data/libowfat-0.30/textcode/fmt_to_sa.c Examining data/libowfat-0.30/textcode/fmt_tofrom_array.c Examining data/libowfat-0.30/textcode/fmt_urlencoded.c Examining data/libowfat-0.30/textcode/fmt_uuencoded.c Examining data/libowfat-0.30/textcode/fmt_xml.c Examining data/libowfat-0.30/textcode/fmt_yenc.c Examining data/libowfat-0.30/textcode/scan_base64.c Examining data/libowfat-0.30/textcode/scan_cescape.c Examining data/libowfat-0.30/textcode/scan_hexdump.c Examining data/libowfat-0.30/textcode/scan_html.c Examining data/libowfat-0.30/textcode/scan_jsonescape.c Examining data/libowfat-0.30/textcode/scan_ldapescape.c Examining data/libowfat-0.30/textcode/scan_quotedprintable.c Examining data/libowfat-0.30/textcode/scan_to_array.c Examining data/libowfat-0.30/textcode/scan_to_sa.c Examining data/libowfat-0.30/textcode/scan_tofrom_array.c Examining data/libowfat-0.30/textcode/scan_urlencoded.c Examining data/libowfat-0.30/textcode/scan_uuencoded.c Examining data/libowfat-0.30/textcode/scan_yenc.c Examining data/libowfat-0.30/uint/uint16_pack.c Examining data/libowfat-0.30/uint/uint16_pack_big.c Examining data/libowfat-0.30/uint/uint16_read.c Examining data/libowfat-0.30/uint/uint16_read_big.c Examining data/libowfat-0.30/uint/uint16_unpack.c Examining data/libowfat-0.30/uint/uint16_unpack_big.c Examining data/libowfat-0.30/uint/uint32_pack.c Examining data/libowfat-0.30/uint/uint32_pack_big.c Examining data/libowfat-0.30/uint/uint32_read.c Examining data/libowfat-0.30/uint/uint32_read_big.c Examining data/libowfat-0.30/uint/uint32_unpack.c Examining data/libowfat-0.30/uint/uint32_unpack_big.c Examining data/libowfat-0.30/uint/uint64_pack.c Examining data/libowfat-0.30/uint/uint64_pack_big.c Examining data/libowfat-0.30/uint/uint64_read.c Examining data/libowfat-0.30/uint/uint64_read_big.c Examining data/libowfat-0.30/uint/uint64_unpack.c Examining data/libowfat-0.30/uint/uint64_unpack_big.c Examining data/libowfat-0.30/unix/iopause.c Examining data/libowfat-0.30/unix/ndelay_off.c Examining data/libowfat-0.30/unix/ndelay_on.c Examining data/libowfat-0.30/unix/winsock2errno.c Examining data/libowfat-0.30/t.c Examining data/libowfat-0.30/critbit/critbit.c Examining data/libowfat-0.30/CAS.h FINAL RESULTS: data/libowfat-0.30/socket/socket_deferaccept.c:21:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(afa.af_name,mode==HTTPIN?"httpreader":"dataready"); data/libowfat-0.30/test/dllink.c:31:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf,argv[1]+5); data/libowfat-0.30/test/dllink.c:33:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf,argv[1]); data/libowfat-0.30/test/uudecode.c:210:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename,c+1); data/libowfat-0.30/test/uudecode.c:214:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename,c); data/libowfat-0.30/dns/dns_rcip.c:18:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. x = getenv("DNSCACHEIP"); data/libowfat-0.30/dns/dns_rcrw.c:24:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. x = getenv("DNSREWRITEFILE"); data/libowfat-0.30/dns/dns_rcrw.c:49:7: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. x = getenv("LOCALDOMAIN"); data/libowfat-0.30/examples/buffer_getline.c:17:14: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. if (!(home=getenv("HOME"))) die(1,"no $HOME"); data/libowfat-0.30/scan/scan_httpdate.c:82:15: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. char* old=getenv("TZ"); data/libowfat-0.30/buffer/buffer_0.c:9:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer_0_space[BUFFER_INSIZE]; data/libowfat-0.30/buffer/buffer_0small.c:9:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer_0small_space[128]; data/libowfat-0.30/buffer/buffer_1.c:7:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer_1_space[BUFFER_INSIZE]; data/libowfat-0.30/buffer/buffer_1small.c:4:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer_1small_space[128]; data/libowfat-0.30/buffer/buffer_2.c:4:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer_2_space[BUFFER_INSIZE]; data/libowfat-0.30/buffer/buffer_put8long.c:5:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[FMT_8LONG]; data/libowfat-0.30/buffer/buffer_putlong.c:5:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[FMT_LONG]; data/libowfat-0.30/buffer/buffer_putlonglong.c:5:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[FMT_LONG]; data/libowfat-0.30/buffer/buffer_putulong.c:5:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[FMT_ULONG]; data/libowfat-0.30/buffer/buffer_putulonglong.c:5:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[FMT_ULONG]; data/libowfat-0.30/buffer/buffer_putxlong.c:5:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[FMT_XLONG]; data/libowfat-0.30/cdb/cdb.c:90:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[32]; data/libowfat-0.30/cdb/cdb.c:106:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[8]; data/libowfat-0.30/cdb/cdb_make.c:56:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8]; data/libowfat-0.30/cdb/cdb_make.c:77:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8]; data/libowfat-0.30/cdb/cdb_traverse.c:4:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[8]; data/libowfat-0.30/cdb_make.h:24:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bspace[8192]; data/libowfat-0.30/cdb_make.h:25:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char final[2048]; data/libowfat-0.30/compiletimeassert.h:4:60: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. #define compiletimeassert(cond) struct __Y(foo,__LINE__) { char __temp[1 - (!(cond))*2]; }; data/libowfat-0.30/critbit/critbit.c:51:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x,u,ulen+1); data/libowfat-0.30/critbit/critbit.c:101:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(x,ubytes,ulen+1); data/libowfat-0.30/dns.h:43:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char localip[16]; data/libowfat-0.30/dns.h:45:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char qtype[2]; data/libowfat-0.30/dns/dns_dfd.c:8:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char label[63]; data/libowfat-0.30/dns/dns_dfd.c:10:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[255]; data/libowfat-0.30/dns/dns_dtda.c:9:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4]; data/libowfat-0.30/dns/dns_ip.c:9:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[12]; data/libowfat-0.30/dns/dns_ip6.c:11:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[16]; data/libowfat-0.30/dns/dns_ip6.c:56:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip[16]; data/libowfat-0.30/dns/dns_mx.c:11:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[12]; data/libowfat-0.30/dns/dns_mx.c:12:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pref[2]; data/libowfat-0.30/dns/dns_name.c:12:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[12]; data/libowfat-0.30/dns/dns_name.c:39:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int dns_name4(stralloc *out,const char ip[4]) data/libowfat-0.30/dns/dns_name.c:41:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[DNS_NAME4_DOMAIN]; data/libowfat-0.30/dns/dns_name.c:51:48: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static int dns_name6_inner(stralloc *out,const char ip[16]) data/libowfat-0.30/dns/dns_name.c:53:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[DNS_NAME6_DOMAIN]; data/libowfat-0.30/dns/dns_name.c:63:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int dns_name6(stralloc *out,const char ip[16]) data/libowfat-0.30/dns/dns_nd.c:5:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void dns_name4_domain(char name[DNS_NAME4_DOMAIN],const char ip[4]) data/libowfat-0.30/dns/dns_nd.c:5:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void dns_name4_domain(char name[DNS_NAME4_DOMAIN],const char ip[4]) data/libowfat-0.30/dns/dns_nd6.c:17:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void dns_name6_domain(char name[DNS_NAME6_DOMAIN],const char ip[16]) data/libowfat-0.30/dns/dns_nd6.c:17:57: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void dns_name6_domain(char name[DNS_NAME6_DOMAIN],const char ip[16]) data/libowfat-0.30/dns/dns_packet.c:42:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[255]; data/libowfat-0.30/dns/dns_random.c:33:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. void dns_random_init(const char data[128]) data/libowfat-0.30/dns/dns_random.c:37:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tpack[16]; data/libowfat-0.30/dns/dns_rcip.c:11:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static int init(char ip[256]) data/libowfat-0.30/dns/dns_rcip.c:64:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ip[256]; /* defined if ok */ data/libowfat-0.30/dns/dns_rcip.c:66:22: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int dns_resolvconfip(char s[256]) data/libowfat-0.30/dns/dns_rcrw.c:16:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char host[256]; data/libowfat-0.30/dns/dns_resolve.c:9:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int dns_resolve(const char *q,const char qtype[2]) data/libowfat-0.30/dns/dns_resolve.c:9:37: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int dns_resolve(const char *q,const char qtype[2]) data/libowfat-0.30/dns/dns_resolve.c:13:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char servers[256]; data/libowfat-0.30/dns/dns_sortip.c:10:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4]; data/libowfat-0.30/dns/dns_sortip6.c:10:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[16]; data/libowfat-0.30/dns/dns_transmit.c:18:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out[12]; data/libowfat-0.30/dns/dns_transmit.c:27:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out[12]; data/libowfat-0.30/dns/dns_transmit.c:39:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out[12]; data/libowfat-0.30/dns/dns_transmit.c:201:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int dns_transmit_start(struct dns_transmit *d,const char servers[256],int flagrecursive,const char *q,const char qtype[2],const char localip[16]) data/libowfat-0.30/dns/dns_transmit.c:201:95: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int dns_transmit_start(struct dns_transmit *d,const char servers[256],int flagrecursive,const char *q,const char qtype[2],const char localip[16]) data/libowfat-0.30/dns/dns_transmit.c:201:109: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int dns_transmit_start(struct dns_transmit *d,const char servers[256],int flagrecursive,const char *q,const char qtype[2],const char localip[16]) data/libowfat-0.30/dns/dns_transmit.c:201:129: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int dns_transmit_start(struct dns_transmit *d,const char servers[256],int flagrecursive,const char *q,const char qtype[2],const char localip[16]) data/libowfat-0.30/dns/dns_transmit.c:248:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char udpbuf[513]; data/libowfat-0.30/dns/dns_txt.c:10:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char header[12]; data/libowfat-0.30/ent.c:13:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[20]; data/libowfat-0.30/ent.c:14:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp2[20]; data/libowfat-0.30/ent.c:20:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char utf8[10]; data/libowfat-0.30/ent.c:108:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(data+useddata,s->liste[i].weiter,l); data/libowfat-0.30/ent.c:150:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* f=fopen("entities.json","r"); data/libowfat-0.30/ent.c:151:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/libowfat-0.30/ent.c:187:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy((*cur)->utf8+ul,tmp,n); data/libowfat-0.30/ent.c:208:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* f=fopen("entities.h","w"); data/libowfat-0.30/examples/buffer_getline.c:10:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libowfat-0.30/examples/byte.c:12:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char memory1[42] = "foo bar"; data/libowfat-0.30/examples/byte.c:13:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char memory2[23] = "fnord"; data/libowfat-0.30/examples/str.c:13:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string2[42] = "fnord"; data/libowfat-0.30/fmt/fmt_escapecharquotedprintableutf8.c:4:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[FMT_UTF8]; data/libowfat-0.30/fmt/fmt_escapecharxml.c:4:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char a[FMT_LONG], b[FMT_XLONG]; data/libowfat-0.30/fmt/fmt_xmlescape.c:16:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[6]; data/libowfat-0.30/io/io_appendfile.c:7:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). long fd=open(s,O_WRONLY|O_APPEND|O_CREAT,0600); data/libowfat-0.30/io/io_createfile.c:7:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). long fd=open(s,O_WRONLY|O_CREAT|O_TRUNC,0600); data/libowfat-0.30/io/io_fd.c:103:17: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). io_master=open("/dev/poll",O_RDWR); data/libowfat-0.30/io/io_mmapwritefile.c:15:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[BUFSIZE]; data/libowfat-0.30/io/io_passfd.c:36:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/libowfat-0.30/io/io_passfd.c:47:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[CMSG_SPACE(sizeof(int))]; data/libowfat-0.30/io/io_readfile.c:7:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). long fd=open(s,O_RDONLY); data/libowfat-0.30/io/io_readwritefile.c:7:11: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). long fd=open(s,O_RDWR); data/libowfat-0.30/io/io_receivefd.c:32:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/libowfat-0.30/io/io_receivefd.c:45:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; data/libowfat-0.30/io/io_waituntil2.c:221:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[FMT_ULONG]; data/libowfat-0.30/io_internal.h:66:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inbuf[8192]; data/libowfat-0.30/ip4.h:19:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char ip4loopback[4]; /* = {127,0,0,1};*/ data/libowfat-0.30/ip6.h:34:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char V4mappedprefix[12]; /*={0,0,0,0,0,0,0,0,0,0,0xff,0xff}; */ data/libowfat-0.30/ip6.h:35:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char V6loopback[16]; /*={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1}; */ data/libowfat-0.30/ip6.h:36:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char V6any[16]; /*={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; */ data/libowfat-0.30/open/open_append.c:11:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open(filename,O_WRONLY|O_NDELAY|O_APPEND|O_CREAT,0600); data/libowfat-0.30/open/open_excl.c:11:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open(filename,O_WRONLY|O_NDELAY|O_TRUNC|O_CREAT|O_EXCL,0600); data/libowfat-0.30/open/open_read.c:11:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open(filename,O_RDONLY|O_NDELAY); data/libowfat-0.30/open/open_rw.c:11:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open(filename,O_RDWR|O_CREAT|O_NDELAY,0644); data/libowfat-0.30/open/open_trunc.c:11:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open(filename,O_WRONLY|O_NDELAY|O_TRUNC|O_CREAT,0644); data/libowfat-0.30/open/open_write.c:11:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). return open(filename,O_WRONLY|O_CREAT|O_NDELAY,0644); data/libowfat-0.30/scan/scan_uint.c:27:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char compileerror[sizeof(unsigned long)-sizeof(unsigned int)]; data/libowfat-0.30/scan/scan_ushort.c:28:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char compileerror[sizeof(unsigned long)-sizeof(unsigned short)]; data/libowfat-0.30/socket/fmt_ip4.c:4:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t fmt_ip4(char *s,const char ip[4]) data/libowfat-0.30/socket/fmt_ip4.c:4:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t fmt_ip4(char *s,const char ip[4]) data/libowfat-0.30/socket/fmt_ip6.c:6:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t fmt_ip6(char *s,const char ip[16]) data/libowfat-0.30/socket/fmt_ip6.c:6:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t fmt_ip6(char *s,const char ip[16]) data/libowfat-0.30/socket/fmt_ip6_flat.c:5:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t fmt_ip6_flat(char *s,const char ip[16]) data/libowfat-0.30/socket/fmt_ip6_flat.c:5:35: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t fmt_ip6_flat(char *s,const char ip[16]) data/libowfat-0.30/socket/fmt_ip6c.c:6:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t fmt_ip6c(char *s,const char ip[16]) data/libowfat-0.30/socket/fmt_ip6c.c:6:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t fmt_ip6c(char *s,const char ip[16]) data/libowfat-0.30/socket/fmt_ip6ifc.c:6:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t fmt_ip6ifc(char *s,const char ip[16],uint32 scope_id) data/libowfat-0.30/socket/fmt_ip6ifc.c:6:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t fmt_ip6ifc(char *s,const char ip[16],uint32 scope_id) data/libowfat-0.30/socket/scan_ip4.c:4:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t scan_ip4(const char *s,char ip[4]) data/libowfat-0.30/socket/scan_ip4.c:4:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t scan_ip4(const char *s,char ip[4]) data/libowfat-0.30/socket/scan_ip6.c:13:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t scan_ip6(const char *s,char ip[16]) data/libowfat-0.30/socket/scan_ip6.c:13:31: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t scan_ip6(const char *s,char ip[16]) data/libowfat-0.30/socket/scan_ip6.c:19:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char suffix[16]; data/libowfat-0.30/socket/scan_ip6_flat.c:3:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t scan_ip6_flat(const char *s,char ip[16]) data/libowfat-0.30/socket/scan_ip6_flat.c:3:36: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. size_t scan_ip6_flat(const char *s,char ip[16]) data/libowfat-0.30/socket/socket_accept4.c:39:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&si,y,len); data/libowfat-0.30/socket/socket_accept6.c:49:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sa,y,dummy); data/libowfat-0.30/socket/socket_bind6.c:13:30: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int socket_bind6(int s,const char ip[16],uint16 port,uint32 scope_id) data/libowfat-0.30/socket/socket_connect6.c:17:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int socket_connect6(int s,const char ip[16],uint16 port,uint32 scope_id) data/libowfat-0.30/socket/socket_getifname.c:15:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ifname[IF_NAMESIZE]; data/libowfat-0.30/socket/socket_ip4loopback.c:2:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char ip4loopback[4] = {127,0,0,1}; data/libowfat-0.30/socket/socket_local4.c:12:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int socket_local4(int s,char ip[4],uint16 *port) data/libowfat-0.30/socket/socket_local6.c:16:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int socket_local6(int s,char ip[16],uint16 *port,uint32 *scope_id) data/libowfat-0.30/socket/socket_mcjoin4.c:11:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int socket_mcjoin4(int s,const char ip[4],const char _interface[4]) data/libowfat-0.30/socket/socket_mcjoin4.c:11:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int socket_mcjoin4(int s,const char ip[4],const char _interface[4]) data/libowfat-0.30/socket/socket_mcjoin6.c:22:32: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int socket_mcjoin6(int s,const char ip[16],int _interface) data/libowfat-0.30/socket/socket_mcleave4.c:11:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int socket_mcleave4(int s,const char ip[4]) data/libowfat-0.30/socket/socket_mcleave6.c:22:33: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int socket_mcleave6(int s,const char ip[16]) data/libowfat-0.30/socket/socket_recv4.c:11:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ssize_t socket_recv4(int s,char *buf,size_t len,char ip[4],uint16 *port) { data/libowfat-0.30/socket/socket_recv4.c:11:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ssize_t socket_recv4(int s,char *buf,size_t len,char ip[4],uint16 *port) { data/libowfat-0.30/socket/socket_recv6.c:15:28: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ssize_t socket_recv6(int s,char *buf,size_t len,char ip[16],uint16 *port,uint32 *scope_id) data/libowfat-0.30/socket/socket_recv6.c:15:49: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ssize_t socket_recv6(int s,char *buf,size_t len,char ip[16],uint16 *port,uint32 *scope_id) data/libowfat-0.30/socket/socket_remote4.c:12:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int socket_remote4(int s,char ip[4],uint16 *port) data/libowfat-0.30/socket/socket_remote6.c:16:26: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. int socket_remote6(int s,char ip[16],uint16 *port,uint32 *scope_id) data/libowfat-0.30/socket/socket_send4.c:11:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ssize_t socket_send4_flag(int s,const char *buf,size_t len,const char ip[4],uint16 port,int flag) { data/libowfat-0.30/socket/socket_send4.c:11:66: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ssize_t socket_send4_flag(int s,const char *buf,size_t len,const char ip[4],uint16 port,int flag) { data/libowfat-0.30/socket/socket_send4.c:21:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ssize_t socket_send4(int s,const char *buf,size_t len,const char ip[4],uint16 port) { data/libowfat-0.30/socket/socket_send4.c:21:61: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ssize_t socket_send4(int s,const char *buf,size_t len,const char ip[4],uint16 port) { data/libowfat-0.30/socket/socket_send6.c:16:39: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ssize_t socket_send6_flag(int s,const char *buf,size_t len,const char ip[16],uint16 port,uint32 scope_id,int flag) data/libowfat-0.30/socket/socket_send6.c:16:66: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ssize_t socket_send6_flag(int s,const char *buf,size_t len,const char ip[16],uint16 port,uint32 scope_id,int flag) data/libowfat-0.30/socket/socket_send6.c:51:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ssize_t socket_send6(int s,const char *buf,size_t len,const char ip[16],uint16 port,uint32 scope_id) { data/libowfat-0.30/socket/socket_send6.c:51:61: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. ssize_t socket_send6(int s,const char *buf,size_t len,const char ip[16],uint16 port,uint32 scope_id) { data/libowfat-0.30/socket/socket_v4mappedprefix.c:2:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char V4mappedprefix[12]={0,0,0,0,0,0,0,0,0,0,0xff,0xff}; data/libowfat-0.30/socket/socket_v6any.c:2:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char V6any[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0}; data/libowfat-0.30/socket/socket_v6loopback.c:2:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const unsigned char V6loopback[16]={0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,1}; data/libowfat-0.30/t.c:93:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libowfat-0.30/t.c:145:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int64 fd=open("t.c",0); data/libowfat-0.30/t.c:151:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dest[1024]; data/libowfat-0.30/t.c:176:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]="/usr/bin/sh"; data/libowfat-0.30/t.c:184:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[IP6_FMT+100]; data/libowfat-0.30/t.c:186:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip[16]; data/libowfat-0.30/t.c:189:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char blubip[16]="\0\0\0\0\0\0\0\0\0\0\xff\xff\x7f\0\0\001"; data/libowfat-0.30/t.c:201:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/libowfat-0.30/t.c:208:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip[16]; data/libowfat-0.30/t.c:209:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[32]; data/libowfat-0.30/t.c:243:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]="foo bar baz"; data/libowfat-0.30/t.c:258:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/libowfat-0.30/t.c:259:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[100]; data/libowfat-0.30/t.c:273:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/libowfat-0.30/t.c:274:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[100]; data/libowfat-0.30/t.c:300:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip[16]; data/libowfat-0.30/t.c:307:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libowfat-0.30/t.c:308:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[20]; data/libowfat-0.30/t.c:326:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libowfat-0.30/t.c:327:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[4096]; data/libowfat-0.30/t.c:328:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf,buf2,4096); data/libowfat-0.30/t.c:331:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf,buf2,4096); data/libowfat-0.30/t.c:338:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip[16]; data/libowfat-0.30/t.c:341:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[128]; data/libowfat-0.30/t.c:347:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/libowfat-0.30/t.c:348:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf,"foobarbaz"); data/libowfat-0.30/t.c:363:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]="01234567890123456789012345678901234567890123456789"; data/libowfat-0.30/t.c:388:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip[4]={127,0,0,1}; data/libowfat-0.30/t.c:392:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]="foo bar baz fnord "; data/libowfat-0.30/t.c:393:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf2[100]="foo braz fnord"; data/libowfat-0.30/test/b64decode.c:21:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src[1024]; data/libowfat-0.30/test/b64encode.c:22:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src[1024]; data/libowfat-0.30/test/byte_copy.c:6:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libowfat-0.30/test/byte_copy.c:7:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[128]; data/libowfat-0.30/test/byte_copy.c:11:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(text,"this is a test!\n"); data/libowfat-0.30/test/cdbget2.c:18:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd=open(argv[1],O_RDONLY|O_BINARY); data/libowfat-0.30/test/cescape.c:19:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src[1024]; data/libowfat-0.30/test/client.c:31:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8192]; data/libowfat-0.30/test/client.c:50:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip[16]; data/libowfat-0.30/test/client.c:51:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8192]; data/libowfat-0.30/test/dllink.c:12:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/libowfat-0.30/test/dllink.c:13:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libowfat-0.30/test/dllink.c:28:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf,"dllink "); data/libowfat-0.30/test/dllink.c:30:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf,"ed2k://"); data/libowfat-0.30/test/dllink.c:34:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf,"\nq\n"); data/libowfat-0.30/test/dnsip.c:9:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char seed[128]; data/libowfat-0.30/test/dnsip.c:12:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[IP4_FMT]; data/libowfat-0.30/test/fdpassing.c:8:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8192]; data/libowfat-0.30/test/fmt.c:6:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/libowfat-0.30/test/fmt_httpdate.c:7:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/libowfat-0.30/test/fmt_human.c:5:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libowfat-0.30/test/fmt_ip6.c:5:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/libowfat-0.30/test/fmt_long.c:6:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libowfat-0.30/test/fmt_longlong.c:8:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libowfat-0.30/test/httpd.c:199:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip[16]; data/libowfat-0.30/test/httpd.c:215:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[IP6_FMT]; data/libowfat-0.30/test/httpd.c:242:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8192]; data/libowfat-0.30/test/io.c:3:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[65536]; data/libowfat-0.30/test/io2.c:3:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[65536]; data/libowfat-0.30/test/io3.c:7:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20480]; data/libowfat-0.30/test/io4.c:6:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[2048]; data/libowfat-0.30/test/io5.c:10:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip[16]; data/libowfat-0.30/test/io5.c:41:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[IP6_FMT]; data/libowfat-0.30/test/io5.c:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libowfat-0.30/test/marshal.c:19:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[100]; data/libowfat-0.30/test/marshal.c:351:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). assert(f=fopen("test/marshal.c","rb")); data/libowfat-0.30/test/proxy.c:14:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libowfat-0.30/test/proxy.c:23:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip[16]; data/libowfat-0.30/test/proxy.c:25:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char hisip[16]; data/libowfat-0.30/test/proxy.c:28:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char seed[128]; data/libowfat-0.30/test/range.c:52:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1000]; data/libowfat-0.30/test/scan_long.c:7:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/libowfat-0.30/test/server.c:31:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8192]; data/libowfat-0.30/test/server.c:50:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ip[16]; data/libowfat-0.30/test/server.c:51:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8192]; data/libowfat-0.30/test/textcode.c:9:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/libowfat-0.30/test/textcode.c:23:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf,"Ächt fnördig."); data/libowfat-0.30/test/uint.c:8:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8]; data/libowfat-0.30/test/urlencode.c:19:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src[1024]; data/libowfat-0.30/test/uudecode.c:86:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libowfat-0.30/test/uudecode.c:87:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char obuf[4096]; data/libowfat-0.30/test/uudecode.c:93:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1000]; /* uuencoded lines can never be longer than 64 characters */ data/libowfat-0.30/test/uudecode.c:98:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[1024]; data/libowfat-0.30/test/uudecode.c:386:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1000]; data/libowfat-0.30/test/vd.c:10:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line[1024]; data/libowfat-0.30/test/vd.c:11:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[4096]; data/libowfat-0.30/textcode.h:141:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char base64[64]; data/libowfat-0.30/textcode/scan_html.c:55:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest+written,utf8,l); data/libowfat-0.30/trydevpoll.c:15:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd=open("/dev/poll",O_RDWR); data/libowfat-0.30/tryn2i.c:6:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ifname[IFNAMSIZ]; data/libowfat-0.30/trypoll.c:9:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). x.fd = open("trypoll.c",O_RDONLY); data/libowfat-0.30/trysendfile.c:13:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd=open("havesendfile.c",0); data/libowfat-0.30/trysendfile.c:46:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd=open("havesendfile.c",0); data/libowfat-0.30/trysendfile.c:76:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd=open("havesendfile.c",0); data/libowfat-0.30/buffer/buffer_0.c:6:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read(fd,buf,len); data/libowfat-0.30/buffer/buffer_0small.c:6:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return read(fd,buf,len); data/libowfat-0.30/cdb/cdb.c:70:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(c->fd,buf,len); data/libowfat-0.30/critbit/critbit.c:23:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t ulen= strlen(u); data/libowfat-0.30/critbit/critbit.c:45:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t ulen = strlen(u); data/libowfat-0.30/critbit/critbit.c:130:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t ulen = strlen(u); data/libowfat-0.30/critbit/critbit.c:202:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const size_t ulen = strlen(prefix); data/libowfat-0.30/dns/dns_transmit.c:325:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(fd,&ch,1); data/libowfat-0.30/dns/dns_transmit.c:338:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(fd,&ch,1); data/libowfat-0.30/dns/dns_transmit.c:356:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(fd,d->packet + d->pos,d->packetlen - d->pos); data/libowfat-0.30/ent.c:48:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). datasize+=strlen((char*)pointer)+1; data/libowfat-0.30/ent.c:59:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). datasize+=strlen((char*)pointer)+1; data/libowfat-0.30/ent.c:104:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t l=strlen((char*)s->liste[i].weiter)+1; data/libowfat-0.30/examples/buffer_getline.c:22:19: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). buffer_init(&in,read,fd,buf,sizeof buf); data/libowfat-0.30/io/io_mmapwritefile.c:99:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((n=read(in,tmp,(bytes<BUFSIZE)?bytes:BUFSIZE))<=0) data/libowfat-0.30/io/io_tryread.c:104:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r=read(d,buf,len); data/libowfat-0.30/io/io_waitread.c:20:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r=read(d,buf,len); data/libowfat-0.30/io/io_waitread.c:46:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r=read(d,buf,len); data/libowfat-0.30/open/readclose.c:10:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). r = read(fd,sa->s + sa->len,bufsize); data/libowfat-0.30/str.h:36:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define str_len(foo) strlen(foo) data/libowfat-0.30/stralloc/stralloc_catm_internal.c:11:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). n += strlen(s); data/libowfat-0.30/t.c:310:18: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). buffer_init(&b,read,fd,buf,1024); data/libowfat-0.30/test/b64decode.c:8:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* buf=alloca(strlen(c)*2+4); data/libowfat-0.30/test/b64decode.c:23:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((len=read(0,src,sizeof(src)-1))>0) { data/libowfat-0.30/test/b64encode.c:19:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). b64encode(argv[i],strlen(argv[i])); data/libowfat-0.30/test/b64encode.c:24:17: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((len=read(0,src,sizeof(src)-1))>0) { data/libowfat-0.30/test/cdbget2.c:22:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (cdb_find(&c,argv[2],strlen(argv[2]))>0) { data/libowfat-0.30/test/cdbget2.c:32:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } while (cdb_findnext(&c,argv[2],strlen(argv[2]))>0); data/libowfat-0.30/test/cescape.c:8:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* buf=alloca(strlen(c)*5+1); data/libowfat-0.30/test/cescape.c:9:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_put(buffer_1,buf,fmt_cescape(buf,c,strlen(c))); data/libowfat-0.30/test/cescape.c:20:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int len=read(0,src,sizeof(src)-1); data/libowfat-0.30/test/client.c:34:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). i=read(src,buf,sizeof buf); data/libowfat-0.30/test/client.c:85:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). i=read(0,buf,sizeof(buf)); data/libowfat-0.30/test/client.c:98:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). i=read(s,buf,sizeof(buf)); data/libowfat-0.30/test/dllink.c:19:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (argc<2 || strlen(argv[1])>900) { data/libowfat-0.30/test/dllink.c:23:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). buffer_init(&filein,read,s,buf,sizeof buf); data/libowfat-0.30/test/dllink.c:35:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). write(s,buf,strlen(buf)); data/libowfat-0.30/test/fdpassing.c:14:5: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). i=read(x,buf,sizeof(buf)); data/libowfat-0.30/test/httpd.c:54:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c=r->hdrbuf=(char*)malloc(strlen(message)+strlen(title)+200); data/libowfat-0.30/test/httpd.c:54:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c=r->hdrbuf=(char*)malloc(strlen(message)+strlen(title)+200); data/libowfat-0.30/test/httpd.c:57:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). r->hlen=strlen(r->hdrbuf); data/libowfat-0.30/test/httpd.c:64:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c+=fmt_ulong(c,strlen(message)+strlen(title)+16-4); data/libowfat-0.30/test/httpd.c:64:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). c+=fmt_ulong(c,strlen(message)+strlen(title)+16-4); data/libowfat-0.30/test/httpd.c:119:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). long sl=strlen(h); data/libowfat-0.30/test/server.c:34:7: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). i=read(src,buf,sizeof buf); data/libowfat-0.30/test/server.c:94:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). i=read(0,buf,sizeof(buf)); data/libowfat-0.30/test/server.c:107:9: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). i=read(t,buf,sizeof(buf)); data/libowfat-0.30/test/unurl.c:11:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf=alloca(strlen(s)+1); data/libowfat-0.30/test/urlencode.c:8:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). char* buf=alloca(strlen(c)*3+1); data/libowfat-0.30/test/urlencode.c:9:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buffer_put(buffer_1,buf,fmt_urlencoded(buf,c,strlen(c))); data/libowfat-0.30/test/urlencode.c:20:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). int len=read(0,src,sizeof(src)-1); data/libowfat-0.30/test/uudecode.c:113:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). buffer_init(&filein,read,fd,buf,sizeof buf); data/libowfat-0.30/test/vd.c:18:23: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). buffer_init(&filein,read,s,buf,sizeof buf); data/libowfat-0.30/test/vd.c:30:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). x[0].iov_len=strlen(x[0].iov_base); data/libowfat-0.30/textcode/scan_html.c:54:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t l=strlen(utf8); ANALYSIS SUMMARY: Hits = 307 Lines analyzed = 18585 in approximately 0.86 seconds (21643 lines/second) Physical Source Lines of Code (SLOC) = 15323 Hits@level = [0] 125 [1] 55 [2] 242 [3] 5 [4] 5 [5] 0 Hits@level+ = [0+] 432 [1+] 307 [2+] 252 [3+] 10 [4+] 5 [5+] 0 Hits/KSLOC@level+ = [0+] 28.1929 [1+] 20.0352 [2+] 16.4459 [3+] 0.652614 [4+] 0.326307 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.